Please note that this Security Challenge functionality discussed in this post has been updated. For updated information please visit our blog post from 8/5/2020.
When getting started with LastPass, most people focus on saving all their passwords to their vault and logging in to their accounts. After all, one of the main benefits of a password manager is having one secure place to store usernames and passwords for every website.
But when it comes to improving your online security, storing passwords in a password manager is just the first step. What’s equally – if not more – important is creating better passwords that keep you, your data, and your money safer online. And one way LastPass helps you accomplish that is with the Security Challenge.
What is the Security Challenge?
The LastPass Security Challenge is a tool that analyzes your stored passwords and gives you a score for your overall password security. Once you’ve stored all your passwords in your LastPass vault, the Security Challenge will show you where you need to make changes to improve your security.
The Security Challenge scans all the passwords, looking at their length, uniqueness, and strength. Not only do you receive an overall score, you can also see detailed results of all your accounts. You’ll know exactly which passwords are putting you at risk, and what you need to do to fix them.
What to expect when you audit your passwords
The LastPass Security Challenge can be launched from your vault or your browser extension at any time. You may be prompted to re-enter your master password.
Once the scan completes, you’ll see three scores at the top, with more detailed results below.
- Your Security Score is an aggregate score that factors in the overall strength of all your passwords, and whether you’re using two-factor authentication to protect your LastPass account.
- Your LastPass Standing shows the percentile where you rank relative to other LastPass users.
- Your Master Password Score looks at the overall strength of your LastPass Master Password.
If you scroll down, you’ll see a breakdown of your passwords into different categories:
- Duplicate: How many times a password is reused for different sites.
- Compromised: Whether an account was known to be affected by a disclosed data breach of other websites.
- Weak: If the password is too short or doesn’t use different character types, like numbers and symbols.
- Old: If the password hasn’t been changed in a year or more.
- Blank: If a stored record in your vault doesn’t contain a password.
In summary, the Security Challenge gives you a complete picture of your password security. Now, you need to put that insight into action.
What to do when you get your results
Once you’ve reviewed your results, it’s time to act. Using the LastPass password generator, you’ll want to start replacing insecure passwords with new, random ones.
For any password that LastPass has flagged as insecure, you’ll want to:
- Launch the site
- Log in to your existing account
- Go to the account settings page where you can change the password
- Use the password generator to create a new password
- Save the changes on the website, and, when prompted, to your LastPass vault
See detailed how-to instructions here for updating passwords. Note that if any of your passwords are shared with others using a LastPass shared folder, the record in their vault will automatically be updated with the new password and they’ll still be able to access the account.
Also, don’t forget to turn on two-factor authentication for your LastPass account. Not only will it raise your Security Score, it will add extra security to your vault where you store your passwords and other sensitive information.
When you next run the LastPass Security Challenge, your score will be higher! But more importantly, you’ll have the peace of mind of knowing all your passwords are strong and random so that your accounts are better protected from cyberattacks.
