Use the Security Challenge
It can be overwhelming when you're trying to start improving your online security. LastPass can help by evaluating everything you've stored in your Vault, checking for weak, duplicate, old, or compromised passwords. To do so, run the Security Challenge, and learn about what each of these scores mean.
Note: If you are concerned that your LastPass account has been compromised, follow these steps.
Run the Security Challenge
To find out how secure your passwords are, and to update any problematic passwords, do the following:
- Log in to LastPass and access your Vault by doing either of the following:
- Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
- In your web browser toolbar, click the LastPass icon then click Open My Vault.
- Select Security Challenge in the left navigation.
- Click Show My Score.
- When prompted, enter your Master Password and click Continue.
- The strength of your stored passwords is displayed (learn more about what each score means) in 4 steps under the Improve Your Score section, which will display either of the following statuses:
- Action Complete icon indicates no further action is needed.
- Take Action icon indicates that there are one or more passwords that need to be changed.
- Locate a step that is displaying Take Action icon , then click the Expand icon in the right navigation.
- For each Site in need of action, you will need to update the password directly on your desired Site within the website's settings, then update the stored password for the Site within your Vault. To do so, click Launch Site in the right navigation, then log in to the Site with your current username and password. If LastPass does not automatically populate the corresponding username in need of a password change, use the Field icon to select it and log in to the Site.
- Within the settings of the Site you launched, update the password you have stored for it (instructions will vary for every website). If desired, you can use LastPass to generate a secure password.
- Once you have updated your stored password, log out of the Site.
- Log back in to the Site with your new password. When LastPass offers to save the new password, click Update.
- Repeat these instructions for each password that you wish to change that displays the Take Action icon in the left navigation (see Step #6 – Step #9 ).
- Under the Detailed Stats section, the list displays each of your Sites that has a stored password within LastPass, along with a rating of the password strength. From here, you can update your passwords manually for each Site by following Step #6– Step #9 above.
- If desired, you can click Check now to check your email addresses against known security breaches.
- Once all of your desired passwords have been updated, close the window and run the Security Challenge again to view your new scores.
About Security Challenge scores
Once you have run the Security Challenge, your results will display 3 scores, as follows:
Your Security Score
- This is a combined rating of how strong your passwords generally are, meaning their overall length and complexity, with the highest possible score being 100 points. However, in order to get a perfect score, you must have at least 50 passwords stored in your LastPass Vault.
- The following settings affect your security score:
- The total amount of stored passwords you have – must be at least 50 passwords in order to pass with a perfect score of 100 points.
- Whether or not you have enabled Multifactor Authentication accounts for 10 points.
- Permitting offline access deducts 1 point.
- Allowing unrestricted mobile devices to access your Vault deducts 1 point.
- Allowing bypass of Multifactor Authentication for any trusted devices deducts 1 point.
Note: Sites that manage their own password requirements (e.g., passwords are not permitted to be complex and/or lengthy, using a Pin code instead of a password, etc.) may be counted against users as "weak passwords" in their Security Scores.
Your LastPass Standing
- This compares your scores against all other LastPass users who have run the Security Challenge. You are placed in a percentile according to your current security score. The lower the percentage, the better your ranking.
Master Password Score
- This rates how strong your Master Password is based on length and complexity.