LastPass Hack: New Info

Last week, I received a notice from LastPass (a company that promises to secure all your passwords in one place) that said hackers were able to “copy a backup of customer vault data,” meaning they theoretically now have access to all of those passwords if they could crack the stolen vaults. I offered this advice: if you have a super long and strong master password, you’re probably fine. But if you don’t (and even if you do), it’s time to change all of the passwords you’ve used LastPass to protect.

My advice was correct. Every LastPass user should (at minimum) change their master passwords.

Yesterday, I read a compelling piece of content marketing by Jeffrey Goldberg: “Not in a million years: It can take far less to crack a LastPass password.” It explains the subtle differences between the methodologies used by LastPass and 1Password (the competitor who wrote the article). It’s worth a read.

This morning, it seems that several researchers are questioning LastPass’s claims about the threat levels created by the stolen vaults.

As interesting as all of this is, the simplest fix is to make sure that all of your master passwords are long and strong. The longer the password, the better. The more random the distribution of alphanumeric characters and symbols, the better. If your password is 18 characters long and contains numbers, upper and lower case letters, and symbols, it will take current technology an estimated 438 trillion years to crack it.

For comparison, according to Hive Systems, using that technique (numbers, upper and lower case letters, and symbols), a nine character password would take three weeks to crack. 10 characters, about five months. 11 characters, 34 years. 12 characters, 3,000 years.

Always create long strong passwords.

Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.

About Shelly Palmer

Shelly Palmer is the Professor of Advanced Media in Residence at Syracuse University’s S.I. Newhouse School of Public Communications and CEO of The Palmer Group, a consulting practice that helps Fortune 500 companies with technology, media and marketing. Named LinkedIn’s “Top Voice in Technology,” he covers tech and business for Good Day New York, is a regular commentator on CNN and writes a popular daily business blog. He's a bestselling author, and the creator of the popular, free online course, Generative AI for Execs. Follow @shellypalmer or visit



PreviousTikTok Banned on House Smartphones NextAppeals court revives lawsuit against YouTube for alleged tracking of children's activity

Get Briefed Every Day!

Subscribe to my daily newsletter featuring current events and the top stories in technology, media, and marketing.