wonderfully unique software solutions

LastPass enforces 12-character passwords, shores up defences

Password management software vendor LastPass has begun mandating re-enrolments of multi-factor authentication (MFA) and master passwords of at least 12 characters, among new capabilities like monitoring for password exposure on the dark web.

Mike Kosak, senior principal intelligence analyst at LastPass, said customers were previously able to select a master password with fewer characters than the 12-character default.

“Current [US] National Institute of Standards and Technology (NIST) guidelines require that human generated passwords of at least eight characters but, given advances in password cracking and brute-forcing technology and techniques, coupled with the natural human tendency to create passwords that are predictable and easy to remember, an even longer password is recommended,” Kosak wrote in a post on the LastPass website.

Email notifications to update master passwords should be received by the end of January – although new customers have been mandated to choose 12 characters since April 2023. Customers are also being prompted to re-enrol their multi-factor authentication (MFA), among other things, he said.

Alongside its Password Based Key Derivation Function 2 (PBKDF2) cryptographic iteration increases earlier in 2023, the result should be stronger and more resilient encryption keys to users’ LastPass vault data, he added.

Account recovery options should be set up before changing the password, he emphasised.

Other new features include dark web monitoring for exposed passwords, starting February 2024.

“LastPass will begin immediate checks on new or reset master passwords against a database of known breached credentials,” Kosak said.

“If the password is detected in a prior breach, a pop-up will alert the customer that the password has already been exposed, in which case they will be prompted to choose another password in order to proceed.”

Kosak said modern password crackers can ingest lists of known passwords as part of their dataset, making it quicker to figure out an account’s credentials.

“Requiring our customers to choose a password that has not already been exposed makes cracking it substantially more difficult,” Kosak said.

LastPass began streamlining MFA re-enrolment for business customers using the likes of Microsoft Authenticator, Google Authenticator, or LastPass Authenticator during 2023, with re-enrolment for Grid authentication coming soon, he added.

“This action effectively mitigates the remaining risk stemming from the prior exposure of the LastPass MFA/Federation database backup,” Kosak said. “If you haven’t done so already, initiate a manual re-enrollment of MFA for non-federated customers.”

In other LastPass news, the Boston, USA based vendor named Esther Flammer its new chief marketing officer (CMO), overseeing global marketing and strategy, including corporate marketing and communications, product marketing, demand generation and related operations. Flammer has more than 20 years of experience in “high-growth” marketing, the company said.

Karim Toubba, chief executive officer at LastPass, said Flammer was skilled at working with high-growth technology companies, scaling marketing programmes and optimising go-to-market strategies.

“[She] will be instrumental in supporting our efforts in 2024 and beyond,” Toubba said in the announcement.

Customer trust was central to LastPass success, noted Flammer.

“I’ve benefited first hand from the value of LastPass as a customer. I am excited to spearhead a robust go-to-market strategy that centres around our customers’ trust and their experience with our market-leading solutions,” she said.

( Image by Gerd Altmann from Pixabay )

Recent Articles

JetBrains TeamCity eases CI/CD admin for devops teams

Dev tools company JetBrains has released Terraform Provider for TeamCity with a view to improving systems administration capabilities for CI/CD projects.

Nitro says delete these three non-tech obstacles to paperless digitisation

Organisations can address sustainability through cultural, habit and perception gaps on increased digitisation, according to Nitro, a software vendor of PDF editing,...

ML coding aims for larger leap with JFrog-Amazon integration

Developer software company JFrog is offering an integration with Amazon SageMaker that it says will help customers build, train and deploy machine...

OpenText beefs up secure information management in security audits

Business software vendor OpenText has launched the second generation of its advanced cybersecurity auditing tool, Fortify Audit Assistant. Prentiss...

JetBrains promotes principal dev Kirill Skrygan to CEO

Coding software company JetBrains has announced that Kirill Skrygan has taken the reins of the Czech company as chief executive officer (CEO).

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox