Why does my password strength and security score change?

LastPass uses the industry-standard zxcvbn library to assist in calculating each password's strength. As a result, your individual passwords' strength and your security score for all of your passwords in your Vault may vary. Individual password strengths can be 0-25-50-75-100 while the security score can be anywhere between 0-100.

How is password strength calculated?

The password strength for each of the passwords in your Vault are calculated using the zxcvbn library, and provides results outlined in the table below.

Note: The password strength percentage displayed (when you view at-risk passwords in the Security Dashboard) may show a different value than those listed below if the password has been reused on multiple site password entries in your Vault (e.g., if a very strong password has been reused on 3 separate password entries, the score will be 33% because a password strength score of 100% ÷ 3 = 33%).
Password Strength Score in zxcvbn Password Strength in Vault
Very weak 0 0%
Weak 1 25%
Average 2 50%
Strong 3 75%
Very strong 4 100%

Password strength is displayed when you do any of the following:

  • Create a new account
  • Reset your Master Password
  • Generate a secure password
  • Add a new site password
  • View your Security Dashboard, which includes your security score
  • View your Password Security page to see at-risk passwords in your Vault
  • Access the Admin Console and view user details, security reports, and within policies (for LastPass business accounts only)

How is the security score calculated?

Your security score is a combined rating of how strong your passwords generally are – meaning their overall length and complexity – with the highest possible score being 100 points. However, in order to get a perfect score, you must have at least 50 site passwords stored in your LastPass Vault.

Your security score is calculated using a scale that is outlined in the table below.

Rating Security Score (Combining Various Factors)
Low 0 ≤ X < 50
Average 50 ≤ X < 75
High 75 ≤ X < 100
Highest X = 100

The following settings affect your overall security score:

  • The total amount of stored passwords you have – must be at least 50 passwords in order to pass with a perfect score of 100 points.
  • Whether or not you have enabled multifactor authentication accounts for 10 points. Learn how to enable.
  • Permitting offline access deducts 1 point.
  • Allowing unrestricted mobile devices to access your Vault deducts 1 point.
Note: Sites that manage their own password requirements (e.g., passwords are not permitted to be complex and/or lengthy, using a Pin code instead of a password, etc.) may be counted against users as "weak passwords" in their security score.