LastPass security updates

Last updated: September 13, 2023

On September 6, 2023 Lastpass announced that they will be conducting the following account updates.  These updates are intended to increase users’ online security, as well as helping to maintain the security of organizational assets.  In accordance with these LastPass required updates, the UW LastPass service will be taking the following actions on Wednesday, September 20.

Change 1: Increased password complexity for LastPass master passwords

Make sure your LastPass master password meets the updated complexity policies and be sure to set up your LastPass account recovery options too. The password complexity policy will be updated as follows:

  • Length of master password (at least 12)
  • Minimum digits in master password (1)
  • Minimum lowercase in master password (1)
  • Minimum uppercase in master password (1)
  • Minimum special characters in master password (1)

When you log in, you will be asked to reset your password if it does not currently meet these updated complexity requirements. At this time we would also strongly recommend you setup LastPass account recovery options.

Change 2: Multifactor authentication will be reset for everyone using LastPass

  • If you use Duo for multifactor authentication in LastPass, you don’t have to do anything. LastPass administrators will regenerate and apply the shared secret for Duo between 9 and 11 a.m. on September 20. During this time, access to LastPass may be unavailable.
  • If you are a LastPass Authenticator, Google Authenticator or Microsoft Authenticator user in LastPass, you will be logged out of LastPass, and you will need to set up multifactor authentication again. So, after you’ve been logged out of LastPass, follow these steps:
    1. In your browser, log in to LastPass again. You’ll see an error message asking you to verify your login via email.
    2. Find the email from LastPass, and click the red button to verify your device/location.
    3. Log in to LastPass again. Since you verified yourself in the previous step, you shouldn’t be asked for additional verification.
    4. When LastPass asks you to “meet company requirements and set up multifactor authentication,” follow the on-screen instructions. You should then see a page asking you to “Pair your authentication application app.”