How to Make a Strong Master Password

Updated 3/15/2018 According to the 2017 Verizon Data Breach Report, 81% of breaches are caused by weak or reused passwords. So creating strong passwords is essential. The great thing about LastPass is that you only have one password to remember. You create and remember your master password, and LastPass does the rest. Generate strong, random, utterly-impossible-to-remember passwords, for every single one of your online accounts, and let LastPass manage them for you. “Set it and forget it,” as they say. But when it comes to properly securing that precious vault, it’s very important that you use a strong master password. Although you’re protected by the many layers of encryption and security we put in place to keep your data safe, using a strong, unique master password will not only protect you from a brute-force attack but will also ensure that a breach at another random website won’t affect your LastPass account. So what does it take to create a strong master password?

What you’re typically told:

Have you ever seen those overwhelmingly-long lists of password guidelines? They go something like this:

• Use uppercase and lowercase letters
• Use numbers
• Use symbols
• Use at least 8 characters
• Don’t use words from a dictionary
• Don’t use the same password twice
• Don’t use personal information

While the advice itself is good, a password might still be weak even when it meets these requirements. For example, “Passw0rd123!” meets all of the above criteria. However, it’s a variation of the good old favorite “Password123”, and it’s been leaked in data breaches before. That means it will take no time at all for the bad guys to crack it. A strong master password needs to be truly unique. You should never use your master password, or even a variation of it, for any other account or app. A simple strategy for creating a memorable but difficult-to-crack master passwords is to use a passphrase.

What you should actually do:

A passphrase is a sequence of random words and characters strung together to create a password. The difference is that a passphrase is typically longer, with at least 20 to 30 characters. But by using a combination of words and/or characters that only make sense to you, it’s no trouble to remember it. Creating a strong passphrase is easy. Check out these examples:

mydogfido’sbirthdayisnovember19

yellowcatbaseball...newyork

myvacation2paris-wasincredible

soexcitedtoStartCollege!thisfall

Notice how each of these is a fairly simple phrase. By stringing together a couple words we’ve created passwords that are pretty long, but also pretty random. Including a few symbols, numbers, or uppercase letters somewhere in the passphrase also increases its strength. When you take into account the AES 256-bit encryption, a well-chosen phrase would take many, many lifetimes to crack.

Update your master password today

Ready with a new master password? You can update your master password from your LastPass Vault in the Account Settings. Be sure to carefully type your new master password. And don’t forget to practice logging in a few times to build up the muscle memory for your new master password!