LastPass Requires 12-Character Master Passwords

  OIT News  |     |  By Nicole Johnson
Person holding a smartphone in one hand and typing on a laptop computer with the other hand

LastPass is requiring users to change their master passwords to at least 12 characters by Jan. 31 in an effort to strengthen security measures and help users better protect themselves from cyber threats.

At UNLV, the new password length requirement impacts LastPass Premium accounts. Students, alumni, and employees who do not meet the guidelines will be prompted to create a new master password with 12 or more characters when they log into LastPass.

In a Jan. 2 blog post, LastPass said longer passwords are recommended due to recent advances in password cracking technology and the natural tendency to create predictable passwords that are easy to remember.

Premium account users who already have a 12-character password do not have to do anything. Employees and student workers who use their ACE login to access their LastPass Business account are not impacted by this change either.

LastPass users can prepare for the new password policy before it is enforced. Before resetting passwords, they should set up account recovery options to regain access to their vault that has saved account logins, secure notes, and other information in case they forget their master password.

Students, alumni, and employees can reset their master passwords in advance too. The UNLV Information Security Office recommends following these guidelines set by the National Institute of Standards and Technology when creating passwords.

  • Use a minimum of 12 characters
  • Avoid repetitive characters or common patterns (e.g., aaaa, 1234, etc.)
  • Make it memorable, but not easily guessed, such as a passphrase
  • Never reuse passwords for any other account or application