LastPass Sentry Now Checks Your Entire Vault!

By October 15, 2012 Product Updates 40 Comments

We recently introduced LastPass Sentry, a new feature to help LastPass users be more proactive about their online security by alerting them when their email address is included in the latest breaches of online sites and services (think LinkedIn).

We’re excited to announce that LastPass Sentry is now also supported as part of the LastPass Security Challenge! The update means that a full check can be performed locally against your entire LastPass vault to look for accounts that may have been affected by a breach, in addition to the ongoing monitoring of your LastPass account email address.

How LastPass Sentry now works:

  1. Sentry still performs daily checks, with the latest updates to the PwnedList database, to see if LastPass account email addresses are on the list.
  2. If a match is found, an email notification is sent to the LastPass user, notifying them of the domain that was breached and the potential risk.
  3. Users can also run the LastPass Security Challenge (from the LastPass Icon’s Tools menu) and select the option to look for breaches of their stored accounts.
  4. If any matches are found between the PwnedList database and the data in your vault, notifications are sent to the affected email addresses with information on the breach and a reminder to update your passwords.
  5. We then recommend updating the password for any affected accounts, and any other accounts using that password (which the Security Challenge will help you identify), using LastPass to generate a new, strong password.

As we mentioned previously, the feature is available for all free and Premium users, as well as corporate Enterprise users. In the case of Enterprise users, both the Enterprise administrator and the affected employee will receive notifications that a match has been found.

We plan to continue increasing the frequency of our database checks to work towards real-time notifications and further enhance the service to provide ongoing value to our users.

What do you think of the update to LastPass Sentry? Leave your thoughts in the comments below!


  • Anonymous says:

    I have been using LastPass for almost four to five years now with NO problem at all. While it is normal to worry sometimes but most of the time I feel safe with them. Btw, I keep a 24-character/key master password!

  • Anonymous says:

    I am so impressed with LastPass. I have a lot of p/words and being in the over 60’s age group, sometimes the memory has big lapses – but all is fixed with Last Pass.
    Thank you to everyone involved.

  • Anonymous says:

    Download them from last pass on a CSV or to your smart phone.

  • Unknown says:

    It’s not about not “trusting” LastPass, just that any software or website is subject to issues and to put all your eggs in just one basket in general is not a good idea — for anything. The idea of having no clue what any of my passwords are except my master password and my only access to all my account is via LastPass since only it knows them all is scary should there be any incident or failure. You’d be crippled in that case.

    So if you shouldn’t use your master password on a public or guest computer, then how do you know how many “one-time” password create. If you’re going away on a trip you’ll need more than one time obviously. Something about having no clue about what any of my passwords are is just scary to me.

  • Unknown says:

    Two main concerns I have with changing all passwords that are duplicates or weak:

    1) I have dozens (even hundreds) of sites using the same password. Do you expect us to go through each site individually and through all the log-in processes and subsequent menus to get to the “change password” screen for each site?? That would take all day (or all week if you did not work around the clock nonstop) and who has the time or patience for that?!

    2) Secondly, since there are hundreds of sites you say should all have different passwords, I’m assuming you mean to have them computer-generated automatically by Last Pass right? No one is going to personally sit and try to think of hundreds of different secure yet memorable passwords. However, if auto-generated they won’t be memorable and then one is relying on Last Pass to never fail and to always have it available even when on a public or guest computer. How can you put all your trust in Last Pass in those cases and risk being shut out of all your accounts??

    If there is a simple solution to all this that I may be overlooking please let me know, thanks.

    • Daniel15 says:

      1) You’ll have to go through each site individually to change passwords. LastPass isn’t in control of all the sites you use, and doesn’t know how to change the password on each one (as every site would probably have a different “change password” page). I guess the solution is to be secure from the beginning, and never share passwords on any site. If the sites you’re sharing your passwords on aren’t very security-critical then it’s probably okay for them to share passwords, as long as you keep the risks in mind (if one site gets compromised and hackers obtain your password from it, they could potentially log in to every other site that shares that same password).

      2) The whole point of LastPass is to generate complex passwords for every site you use, and use your LastPass master password to retrieve the passwords when you need them (so you don’t have to memorise them all). If you don’t want to put your trust in LastPass, why are you using it? On a public or guest computer, you can log in at the website ( and get your passwords that way. You could generate some One Time Passwords to use on public computers – These are passwords that only let you log in to your LastPass account once. I’d suggest doing this as using your master password on a public computer isn’t a very good idea security-wise.

    • Anonymous says:

      Reading would help. Be informed of what LastPass is all about as well as all its services. Keep reading!

    • Anonymous says:

      It would delight you perhaps to know that our passwords can be accessed anytime using any browser even if we’re offline! With this, whatever happens to the physical servers of LastPass, our passwords are all within our reach.

  • Feature request:
    Let me select a list of passwords to update. Save the list. For each pwd
    1. Take me to the site
    2. Log me in
    3. Select acnt/settings/password
    4. Change the pasword to a generated one and update the list of pwds

    • Anonymous says:

      I second this auto password update. Also, I should be able to choose sites or a group of sites to just update the password in Lastpass (no need to go to site) all with the same passwordThis would be good for me what I change my active directory password and want to change all sites associated with that account.