Jan 05, 2024 11:23:00

'LastPass' announces that it will force passwords of 12 characters or more, be careful as you may be locked out and stuck

by

Focal Foto

LastPass , released as a smartphone app and browser extension, is a popular password manager that allows you to manage IDs and passwords for various sites by remembering one master password . There have been incidents where information has been leaked. As part of our security efforts, LastPass has notified users that they will be required to change their passwords to strong passwords.

LastPass Is Making Account Updates. Here's Why - The LastPass Blog
https://blog.lastpass.com/2024/01/lastpass-is-making-account-updates-heres-why/

Change your LastPass password before you get locked out | PCWorld
https://www.pcworld.com/article/2191833/change-your-lastpass-password-before-you-get-locked-out.html

According to LastPass, LastPass has always defaulted to a master password of 12 characters or more, but up until now users could use passwords with fewer than 12 characters if they wanted to.

Since April 2023, a password of 12 characters or more has been required when creating a new account or updating a password, but from January 2024, all accounts, including old accounts, must have a password of 12 characters or more. LastPass announced on X (formerly Twitter) that passwords will be required.

Announcement: In January 2024, LastPass will require all existing customers to use a master password with at least 12 characters. This policy will be implemented via a phased rollout. More: https://t.co/KjzpBC6l7Z pic.twitter.com/ W64Hrb58bB

— LastPass (@LastPass) January 3, 2024

This policy change was notified in September 2023, and is now being notified again as implementation approaches. Users who already have a password of 12 characters or more do not need to do anything, but those with a short password will receive a password change notification sequentially within the service.

The notification will go to users on Free, Premium, and Families plans starting January 8, 2024, and then extend to Teams and Business for businesses in late January. Anyone who receives a password change message must set a new master password within 72 hours or be logged out of the LastPass service on all devices and have to reset their password to log back in. It becomes indispensable.

Even if you log out, if you remember your current password, you can update your password by entering your old and new passwords. Additionally, if you forget your password, you can set up a new password if you set up account recovery options .

However, according to IT news site PCWorld, if 72 hours pass without being able to update your password, your account will be completely locked out and there will be no hope of recovery. Therefore, even if you forget your current master password, PCWorld urged you to reset your password and reset your password within 72 hours of receiving the message.

LastPass also offers the following best practices to help you set a new password:
- 12 characters is just a minimum, so a higher number of characters is recommended.
-Use at least one uppercase letter, one lowercase letter, one number, and one special character.
・Use something that is easy to remember and difficult to guess, such as a passphrase .
・Make it something only you know.
・Do not use your email address as your master password.
- Do not include personal information in your master password.
・Do not use consecutive characters such as '1234' or repetitions such as 'aaaa'.
・Do not reuse your master password for other accounts.