HELP FILE

Use the Security Challenge

It can be overwhelming when you're trying to start improving your online security. LastPass can help by evaluating everything you've stored in your Vault, checking for weak, duplicate, old, or compromised passwords.  To do so, run the Security Challenge, and learn about what each of these scores mean.

Note: If you are concerned that your LastPass account has been compromised, follow these steps.

Run the Security Challenge

To find out how secure your passwords are, and to update any problematic passwords, do the following:

  1. Log in to your LastPass account, then you can launch the Security Challenge in either of the following ways:
    • Click the active LastPass icon in your web browser toolbar, then go to Account OptionsSecurity Challenge.
    • Click the active LastPass icon in your web browser toolbar, then go to Open my Vault and select Security Challenge in the left navigation.
  2. Click Show My Score.
  3. When prompted, enter your Master Password and click Continue.
  4. The strength of your stored passwords is displayed (learn more about what each score means) in 4 steps under the Improve Your Score section, which will display either of the following statuses:
    • Action Complete icon indicates no further action is needed.
    • Take Action icon indicates that there are one or more passwords that need to be changed.
  5. Locate a step that is displaying Take Action icon , then click the Expand icon in the right navigation.
  6. For each Site in need of action, you will need to update the password directly on your desired Site within the website's settings, then update the stored password for the Site within your Vault. To do so, click Launch Site in the right navigation, then log in to the Site with your current username and password. If LastPass does not automatically populate the corresponding username in need of a password change, use the Field icon to select it and log in to the Site.

Security Challenge Score Improvements

  1. Within the settings of the Site you launched, update the password you have stored for it (instructions will vary for every website). If desired, you can use LastPass to generate a secure password.
  2. Once you have updated your stored password, log out of the Site.
  3. Log back in to the Site with your new password. When LastPass offers to save the new password, click Update.
  4. Repeat these instructions for each password that you wish to change that displays the Take Action icon in the left navigation (see Step #6 – Step #9 ).
  5. Under the Detailed Stats section, the list displays each of your Sites that has a stored password within LastPass, along with a rating of the password strength. From here, you can update your passwords manually for each Site by following Step #6– Step #9 above.
  6. If desired, you can click Check now to check your email addresses against known security breaches.
  7. Once all of your desired passwords have been updated, close the window and run the Security Challenge again to view your new scores.

About Security Challenge scores

Once you have run the Security Challenge, your results will display 3 scores, as follows:

Your Security Score

  • This is a combined rating of how strong your passwords generally are, meaning their overall length and complexity, with the highest possible score being 100 points. The following settings affect your security score:
    • Whether or not you have enabled Multifactor Authentication accounts for 10 points.
    • Permitting offline access deducts 1 point.
    • Allowing unrestricted mobile devices to access your Vault deducts 1 point.
    • Allowing bypass of Multifactor Authentication for any trusted devices deducts 1 point.

Your LastPass Standing

  • This compares your scores against all other LastPass users who have run the Security Challenge. You are placed in a percentile according to your current security score. The lower the percentage, the better your ranking.

Master Password Score

  • This rates how strong your Master Password is based on length and complexity.