LastPass Boosts Security After 2022 Breach, But Early Adopters Still at Risk
LastPass, a renowned password manager, has revealed enhanced security measures following a 2022 breach that compromised over 25 million users' data. Critics contend this is a public relations stunt, while security specialists warn of persistent risks to early adopters.
LastPass has faced backlash for not upgrading all users to stronger encryption safeguards. In the 2022 breach, hackers accessed a backup containing customer account details, including master password hints. Although LastPass asserts it has hashed and salted passwords, experts caution that offline attacks could still compromise weak passwords.
LastPass is now mandating users to choose longer master passwords, targeting a 12-character minimum to align with the 2018 standard. CEO Karim Toubba maintains these changes are to safeguard all customers. However, critics note that many early adopters, whose vaults were never upgraded to higher iterations, remain susceptible to distributed password-cracking attacks.
LastPass's recent security improvements aim to protect all users, but concerns linger for early adopters whose data may still be at risk. The company advises users to change their master passwords and enable multi-factor authentication. Meanwhile, security experts urge users to remain vigilant and consider alternative password managers.
