Every single time I login LastPass using my master password an annoying message appears with the below dialog:
A QUICK REMINDER
We detected that your LastPass master password hasn't been changed in a long time.
To keep your account safe, we recommend changing it.
[LATER] [CHANGE NOW]
My LassPass Master Password is very long and safe and I do not wish to change my password.
At least you should give users the option to disable this reminder always than user is aware of risk that implies.
Please, take a look on this cause it is quite annoying being closing this pop-up every time you log in.
NIST eventually acknowledged that the original recommendation to frequently change passwords was based on absolutely nothing; the guy who wrote the original paper said he once thought that it sounded like a good idea.
Later research has shown -- quantitatively -- that changing passwords creates more security problems than it solves (and verifies that updating passwords does not improve security at all).
I agree with Twizzard. Please add Disable master password age check option to next update.
Agreed. Please allow this to be disabled.
+1. There is no reason for this in the first place and it's incredibly annoying.
I'm seriously considering switching password managers because of it.
I agree, this is infuriating and stupid. Unless LastPass knows of some kind of breach which might have exposed our passwords -- which should be impossible -- then the existence of this reminder is evidence that the team no longer knows much about security at all. A master password is something you remember; it should be very long and complex, and you should not be changing it every five minutes because that encourages people to choose easily-memorized, short, simple passwords, not proper secure ones. You are annoying one segment of your user base and undermining the security of another.
++1 I agree, this is VERY annoying. I have a good password that I DON'T want to change and I use 2FA a well. This needs to be something we can DISABLE. I pay for the family stuff. If this cannot be stopped, I'll look for a new solution as well....
I agree that this level of incompetence encouraging unsecure password practices has made me seriously consider switching password managers.
For those here who want to temporarily disable the alert, someone on Reddit realized you can trick it into thinking you have a new master password by incrementing the number of password iterations.
agreed - very annoying. LastPass how about doing upgrade that make your produce better not worse.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.