How LastPass wants to boost its users’ IT security

Estimated read time 2 min read

How LastPass wants to boost its users' IT security

There are the companies that blame their users for their negligence. And there are others – of course whose core business is computer security – who help them strengthen their protection. The famous password management service LastPass has just shown that it wants to be part of the second batch.

At the beginning of January, the company announced a series of changes for its users. The use of a password manager makes it possible to keep its different passwords used away from prying eyes, but provided that the master password is not cracked.

Twelve characters

At LastPass, the latter could be eight characters in size. Given the progress in brute force attacks, this way of testing combinations of characters on the fly, the company will now force all its customers to define a master password of at least twelve characters. This was already the default setting of the service since 2018, but it was still possible to create a shorter password.

To help its users define their password correctly, LastPass will also start checking the strength of the new passwords chosen from February. These will be compared to a database of leaked passwords. Thus, users will be able to find out if the password they are about to choose has already been revealed on a black market.

Dictionary attack

An interesting piece of information for uses: dictionary attacks rely precisely on these large password databases that have already been leaked. In case of detection of an identical password already exposed, the user will be prompted to choose another password, which will then be “much more difficult” to decrypt.

So many measures that must also allow LastPass to restore its image. Two years earlier, for example, some users’ master passwords had been revealed following a login stuffing attack. But the company had especially been very severely shaken in 2022 by a computer hacking.

The malicious hacker had managed to penetrate his network by posing as a developer, thus bypassing multifactor authentication. The latter had then got hold of encrypted password safes, an invaluable treasure for the cybercriminal if he manages to find the right sesame seeds to open them.

You May Also Like

More From Author