Why does my password strength and security score change?
How is password strength calculated?
The password strength for each of the passwords in your Vault are calculated using the zxcvbn library, and provides results outlined in the table below.
|Password Strength||Score in zxcvbn||Password Strength in Vault|
Password strength is displayed when you do any of the following:
- Create a new account
- Reset your Master Password
- Generate a secure password
- Add a new site password
- View your Security Dashboard, which includes your security score
- View your Password Security page to see at-risk passwords in your Vault
- Access the Admin Console and view user details, security reports, and within policies (for LastPass business accounts only)
How is the security score calculated?
Your security score is a combined rating of how strong your passwords generally are – meaning their overall length and complexity – with the highest possible score being 100 points. However, in order to get a perfect score, you must have at least 50 site passwords stored in your LastPass Vault.
Your security score is calculated using a scale that is outlined in the table below.
|Rating||Security Score (Combining Various Factors)|
|Low||0 ≤ X < 50|
|Average||50 ≤ X < 75|
|High||75 ≤ X < 100|
|Highest||X = 100|
The following settings affect your overall security score:
- The total amount of stored passwords you have – must be at least 50 passwords in order to pass with a perfect score of 100 points.
- Whether or not you have enabled multifactor authentication accounts for 10 points. Learn how to enable.
- Permitting offline access deducts 1 point.
- Allowing unrestricted mobile devices to access your Vault deducts 1 point.