LastPass will soon force you to make stronger passwords, now requiring 12 characters or more

A massive security breach happened a while ago.

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • LastPass wants to change how you manage your passwords.
  • Now, it will start requiring users to have passwords with 12 characters or more.
  • The password manager app suffered a massive security breach back in 2022,

LastPass wants to change how you manage your passwords. Now, the popular extension will start requiring users like you to have passwords with 12 characters or more. 

12 12-character password has always been the default, but in a press release this week, LastPass acknowledges that a lot of users have been able to bypass it. The extension will soon roll out a prompt to create a new password with 12 or more characters if you aren’t in compliance with the policy.

The password manager app, which now works in Edge, suffered a massive security breach back in 2022 but only managed to unearth it last year. What happened was that hackers stole customer vault data through cloud storage keys stolen from an employee.

Names, phone numbers, IP and email addresses, as well as company names are some of the things that bad actors were able to retrieve.

While new LastPass accounts have adhered to a 12-character password minimum since April 2023, this stronger security measure is now rolling out to all users, existing and new.

While the official NIST minimum password length is 8 characters (per SP 800-63B), this standard falls short in light of evolving tech and our human preference for weak passwords. A longer option is strongly advised.

User forum

0 messages