LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password requirement since 2018, users could use a weaker one. "Historically, while a 12-character master password has been LastPass’ default setting since 2018, customers still could forego the recommended default settings and choose to create a master password with fewer characters, if they wished to do so," LastPass said in a new announcement today. LastPass has begun enforcing a 12-character master password requirement since April 2023 for new accounts or password resets, but older accounts could still use passwords with fewer than 12 characters. Starting this month, LastPass is now enforcing the 12-character master password requirement for all accounts. Furthermore, LastPass added that it will also start checking new or updated master passwords against a database of credentials previously leaked on the dark web to ensure that they don't match already compromised accounts. If a match is found, the customers will be alerted via a security warning pop-up and prompted to select another password to block future cracking attempts. As part of the same effort to increase account security, LastPass also started a forced multi-factor authentication (MFA) re-enrollment process in May 2023, which led to many users experiencing significant login issues and getting locked out of their accounts. "These changes include requiring customers to update their master password length and complexity to meet recommended best practices and prompting customers to re-enroll their multi-factor authentication (MFA), among others," said Mike Kosak, a Senior Principal Intelligence Analyst at LastPass. "Starting in January 2024, LastPass will enforce a requirement that all customers use a master password with at least 12 characters. "Next month, LastPass will also begin immediate checks on new or reset master passwords against a database of known breached credentials in order to ensure the password hasn't been previously exposed on the Dark Web." LastPass told BleepingComputer that B2C customers will begin receiving emails about these changes today, with B2B customers receiving them on January 10th. These measures are the direct result of two security breaches LastPass disclosed in August 2022 and November 2022. In August, the company confirmed its developer environment was breached via a compromised developer account after the attackers hacked into a software engineer's corporate laptop. During the breach, they stole source code, technical info, and some LastPass internal system secrets. The information stolen in this incident was later used by threat actors in the December breach when they also stole customer vault data from its encrypted Amazon S3 buckets after compromising a senior DevOps engineer's computer using a remote code execution vulnerability to install a keylogger. In October 2023, hackers stole $4.4 million worth of cryptocurrency from over 25+ victims using private keys and passphrases they could extract from LastPass databases stolen in LastPass' 2022 breaches. For more please visit OUR FORUM.

Microsoft is betting the farm on AI apathy not hitting before it makes a return on its investments. This is positive and negative news for PC makers and points to what might be Microsoft's next major Windows release. Windows 11 continues to be a less-than-stellar success for Microsoft. The most recent set of figures it reported were uninspiring. Despite a looming end of support for Windows 10 - although customers can pay for an extension - the OS remains dominant, and Windows 11 trails behind its predecessor in terms of installations at the same point in its lifecycle. One reason for this could be Windows 11's hardware requirements, which mean that decent spec PCs are incapable of running it. Microsoft and OEMs' clearly hoped affected customers would buy new computers to make the upgrade – but instead many have chosen to stick with Windows 10. At this point, it is difficult to see Windows 11 as much more than a self-inflicted wound. Microsoft alienated customers and, in an attempt to force a hardware refresh, ended up further fracturing the Wintel alliance. The tragedy here is that there's nothing particularly wrong with Windows 11. Yet the threat of artificially high hardware requirements won't go away. So, how do Microsoft and its hardware partners move on from here? Redmond HQ hopes that where the stick of Windows 11 hardware requirements failed, the carrot of AI-enabled PCs might win the day. Companies including HP and Lenovo are working on machines dubbed "AI PCs" but remain tightlipped on the specifics. Then there is the specter of Arm, which continues to nibble at the PC marketplace formerly dominated by Intel. In October, Nvidia was said to be developing an Arm-based CPU for the PC market – one specifically designed to run on Windows. This is despite Microsoft's past attempts that left customers yearning for more conventional hardware. Ask us about the Project Volterra box – complete with Neural Processing Unit and "purpose-built with everything you need to develop, debug, and test native Windows apps for Arm" – that we'll have at Vulture Central one day. All of this gives us some clues about what Microsoft might – or might not – do with Windows 12. The consensus seems to be that Windows 12 will arrive sometime next year. Microsoft's hardware partners are expecting it. And some might see it as a savior, given the relatively low uptake of Windows 11. As for when it will happen, history teaches us that the update will likely reach users around October 2024. Reports have emerged of Windows 11 24H2 being sighted in logs, which would seem to confirm this – Windows 11 itself initially showed up as a "Windows 10" build. Other factors to consider regarding the timing is that Microsoft has said it will ship a version of Windows 11 in March 2024, shorn of Edge and Bing for European users. The next major release of Windows in 2024 would, therefore, turn up towards the end of the year. What would be in this release? For one, Microsoft needs to crack Windows on Arm as manufacturers want to build hardware using Qualcomm's new Snapdragon X Elite – Apple has ably demonstrated that it is possible to move on from Intel-based chips, however, some serious work is needed in Windows to fully take advantage of the new hardware. For more please visit OUR FORUM.