Tag Archive for: Prompting

LastPass prompting users to set a stronger master password


LastPass faced a major attack in 2022 after hackers gained access to sensitive user data through an exploit found on the computer of one of the engineers working for the company. More than two years after this incident, LastPass has now announced new measures to better protect users’ data, who will now be required to set a stronger master password.

LastPass now requires stronger master password

In a blog post on Wednesday, LastPass says that users will now be asked to set a new master password to protect their account on the platform. This new password needs to be at least 12 characters long, whereas previously the master password only needed to be 8 characters long.

According to the company, while the National Institute of Standards and Technology (NIST) says that passwords must be at least 8 characters long, more advanced password cracking and brute force techniques have motivated the company to set a new, stronger standard. The password must also contain at least one special character, a number and an upper case letter.

The company reinforces that since last year, all new users or existing users who needed to reset their master password were already asked to set a 12-character password. With today’s change, everyone will be required to update their LastPass master password. LastPass also says it will check a database to make sure the new password hasn’t been leaked before.

By now enforcing a minimum 12-character master password requirement, along with the PBKDF2 iteration increases we delivered earlier this year, we are proactively helping our customers create stronger and more resilient encryption keys for accessing and encrypting their LastPass vault data.

A major security incident

LastPass doesn’t explicitly mention the security incident that affected the company in 2022, saying only that the changes “are being implemented in response to the constantly changing cyber threat environment.”

At the time, hackers gained access to data such as passwords, names, emails, addresses, phone numbers and more from LastPass customers. Last year, LastPass revealed that the credentials for the Amazon AWS servers used by the…

Source…

Computer Hackers Trying to Take Over Power Plants, Prompting Action From Homeland … – CNS News

Washington (AP) – Computer hackers have begun targeting power plants and other critical operations around the world in bold new efforts to seize control of them, setting off a scramble to shore up aging, vulnerable …
Read more