HELP FILE

Use the Security Challenge

It can be overwhelming when you're trying to start improving your online security. LastPass can help by evaluating everything you've stored in your Vault, checking for weak, duplicate, old, or compromised passwords.

Note: If you are concerned that your LastPass account has been compromised, follow these steps.

Topics in this article:

Run the Security Challenge

About Security Challenge scores

Run the Security Challenge

To find out how secure your passwords are, and to update any problematic passwords, do the following:

  1. If you have not done so, log in to LastPass.
  2. In your web browser toolbar, click the LastPass icon then click Open My Vault.

  1. From the left pane, click Security Challenge.

  1. Click Show My Score.

  1. If prompted, enter your Master Password and then click Continue.

  1. Another web browser window opens, along with information the strength of your stored passwords. Learn more about what each score means. There are 4 steps displayed under the "Improve Your Score" section, each of which has either an Action Complete icon (to indicate no further action is needed), or a Take Action icon (to indicate that there are 1 or more passwords that need to be changed). Locate a step that is displaying Take Action icon , then click the Expand icon in the right navigation.

  1. For each Site in need of action (i.e., with a weak password), you will need to update the Site password. It is always recommended that you first change your password directly on your desired Site within the website's settings, then update the stored password for the Site within your Vault. To do so, click Launch Site in the right navigation, then log in to the Site with your current username and password. If LastPass does not automatically populate the corresponding username in need of a password change, use the Field icon to select it and log in to the Site.

  1. Within the settings of the Site you launched, update the password you have stored for it (instructions will vary for every website). Optionally, you can use LastPass to generate a secure password.
  2. Once you have updated your stored password, log out of the Site.
  3. Log back in to the Site with your new password. When LastPass offers to save the new password, click Update.
  4. Repeat these instructions for each password that you wish to change that displays the Take Action icon in the left navigation (see Step #7– Step #10 ).
  5. At the bottom of the page is a Detailed Stats section, which lists each of your Sites that has a stored password within LastPass, along with a rating of the password strength. From here, you can do either of the following to change your password(s):
    • Update manually – Update each weak password individually, follow Step #7– Step #10.
    • Update all – To allow LastPass to automatically change all of the passwords without user help, do the following:
      1. Check the box to enable the "Website and Username" option at the top of the column
      2. Click Update Now at the bottom of the section
      3. Click Change Password Now, and the system will indicate whether or not each password update was successful. For any unsuccessful password updates, you can change each manually.

  1. Optionally, at the bottom of the "Detailed Stats" section, you can click Check now to check your email addresses against known security breaches.
  2. Once all of your weak passwords have been updated, close the window and run the Security Challenge again to view your new scores.

About Security Challenge scores

Once you have run the Security Challenge, your results will display 3 scores, as follows:

Your Security Score

  • This is a combined rating of how strong your passwords generally are, meaning their overall length and complexity, with the highest possible score being 100 points. The following settings affect your security score:
    • Whether or not you have enabled Multifactor Authentication accounts for 10 points.
    • Permitting offline access deducts 1 point.
    • Allowing unrestricted mobile devices to access your Vault deducts 1 point.
    • Allowing bypass of Multifactor Authentication for any trusted devices deducts 1 point.

Your LastPass Standing

  • This compares your scores against all other LastPass users who have run the Security Challenge. You are placed in a percentile according to your current security score. The lower the percentage, the better your ranking.

Master Password Score

  • This rates how strong your Master Password is based on length and complexity.