The LastPass password service encourages users to change their master password to a stronger one. This was reported by 9to5Mac.

Such actions by the company are the result of the fact that at the end of 2022, attackers were able to get access to the cloud backup of the customer’s data storage.

The company announced its new intentions in a blog post, where it said that users will now be required to have passwords of at least 12 characters in length, with at least 1 special character, 1 number, and 1 capital letter.

Other requirements include not using email addresses, personal information, consecutive characters such as “1234” or repeated characters such as “aaaa”, and that the password is unique to LastPass and not used anywhere else.

Regarding the transition from a password with a minimum of 8 characters to a minimum of 12, the company said the following:

“Current National Institute of Standards and Technology (NIST) guidelines require that human-generated passwords be at least 8 characters long (NIST 800-3B), but given recent advances in password cracking/password guessing technology and techniques, combined with the natural human tendency to create predictable and easily remembered passwords, an even longer password is recommended.”

If you use LastPass as your password service, but your master password is shorter than 12 characters, we recommend that you change it now.