LastPass is enforcing some security changes to user accounts

[harlan4096]

LastPass is making some changes to enhance the security of its to user accounts. The news comes as a follow-up to the company's plans to enforce stronger passwords a few months ago.

A brief recap of the LastPass security breaches

LastPass has had a disastrous couple of years following two major data breaches that happened in 2022. The first of these security mishaps occured in August 2022, while the second attack took place a few months later. The company drew criticism from users after it was discovered that the threat actors had managed to steal user data from its servers. Can you imagine how it would be if the password manager that you trusted to save all your email addresses and their passwords, social media accounts, and credit cards was breached? That is literally a privacy nightmare.

Security experts including Wladimir Palant, the creator of AdBlock Plus, who had analyzed the cloud-based password manager's practices, had criticized the service for not enforcing modern security standards in order to protect its servers and users data (password vault, email and other personal information). They also accused the company for openly lying to its users about the safety of their data, the weak encryption it had used, and also failing to notify users about potential threats that could occur as a result of the hack.

Almost a year after revealing details about the security incidents and the theft of user data, LastPass is finally enforcing a rule to make all users set up a master password that is at least 12 characters in length. Technically, this rule has been in place for a few years, from 2018. But, LastPass didn't actually enforce the rule. It sounds bizarre, but the password manager service had allowed users to skip the minimum requirement, and use shorter passwords instead. Such passwords could be brute forced by hackers, which would allow them access to your password vault, and we all know what happened.
...

Continue Reading

[dinosaur07]

It will be very difficult to trust this software as it was before. They have a lot of work to do.

[harlan4096]

Agree, I never used it, currently using KeePass XC (offline).