A crucial update is in store for LastPass users, especially if your password is still under 12 characters. LastPass, in its continuous pursuit of heightened security post the significant breaches in 2022, is now enforcing a minimum password length for all accounts. Until recently, legacy users were exempt from this requirement, but starting January 2024, all master passwords must be 12 characters or more. Failure to comply with this new rule will lead to account logouts and a mandatory password reset.
LastPass is rolling out password change prompts in stages, accessible within the service. Once prompted, users have a 72-hour window to craft a new master password. If this deadline is missed, a logout on all devices occurs, necessitating a password reset for re-entry. Notifications for this change begin with Free, Premium, and Family consumer accounts on January 8, followed by Business and Teams users at the end of January 2024. To avoid being locked out, users are advised to perform a password reset within the given timeframe, especially if they cannot recall their current password. Setting up account recovery methods and creating a longer, secure password is also strongly recommended by LastPass for enhanced security.
In an additional layer of security, LastPass will cross-check new or reset master passwords against those leaked in data breaches, preventing the use of compromised credentials. While LastPass is making commendable strides in fortifying security, users seeking more immediate updates might consider exploring alternative password managers, given LastPass’s comparatively slower rollout of updates.