The other day LastPass started bugging me to change my god awful 32 character master passphrase that has mixed case and non-alpha characters based only on how long I’ve used it. It is very discouraging that LastPass is not following the best science on passphrases.
I was loath to try to come up with and memorize another passphrase as robust as the one I’ve been using but it refused to stop bugging me. So figuring that since they are not following password best practices I tried the ancient workaround that best practices say should be prevented and it works. I simply changed my master passphrase to something else and the immediately changed it back to what it was before.
The only concern I have is that maybe LastPass had a recent undisclosed data leak in which case forcing a change is the correct procedure. Anybody hear about a major security breach or is it just LastPass being anti-science idiots?