What is the security score in my Security Dashboard?

The security score is a feature within the Security Dashboard of your LastPass Vault that automatically calculates the strength of your stored site passwords.

Watch Video


This feature is not available for LastPass Free users. Learn how to upgrade to LastPass Premium, or view LastPass plans and pricing for feature information.

How do I get a security score?

Your security score is continually calculated as you add site passwords to your LastPass Vault. You can then access your Vault and view your security score.

How is the security score calculated?

Your security score is a combined rating of how strong your passwords generally are – meaning their overall length and complexity – with the highest possible score being 100 points. However, in order to get a perfect score, you must have at least 50 site passwords stored in your LastPass Vault.

Note: LastPass uses the industry-standard zxcvbn library to assist in calculating each password's strength. As a result, your individual passwords' strength and your security score for all of your passwords in your Vault may vary. Individual password strengths can be 0-25-50-75-100 percent (or a different value if the individual password is reused on multiple site password entries) while the security score can be anywhere between 0-100. Learn more about password strength and security score calculation.

Your security score is calculated using a scale that is outlined in the table below.

Rating Security Score (Combining Various Factors)
Low 0 ≤ X < 50
Average 50 ≤ X < 75
High 75 ≤ X < 100
Highest X = 100

The following settings affect your overall security score:

  • The total amount of stored passwords you have – must be at least 50 passwords in order to pass with a perfect score of 100 points.
  • Whether or not you have enabled Multifactor Authentication accounts for 10 points. Learn how to enable.
  • Permitting offline access deducts 1 point.
  • Allowing unrestricted mobile devices to access your Vault deducts 1 point.
Note: Sites that manage their own password requirements (e.g., passwords are not permitted to be complex and/or lengthy, using a Pin code instead of a password, etc.) may be counted against users as "weak passwords" in their security score.

I have at-risk passwords, what should I do?

For guidance on viewing and changing unsafe passwords, please see How do I view at-risk passwords in my LastPass Vault?

Security Score pane