How to Do a LastPass Security Check-Up

Please note that this Security Challenge functionality discussed in this post has been updated. For updated information please visit our blog post from 8/5/2020. 

Strong security isn’t just a one-time thing. Technology changes quickly, and that means you may need to adjust your security measures from time to time. It’s important to regularly check the apps you’re using, how you’re using them, and the security options available to keep your information private and secure.  

October is NCSAM in the US, ECSM in the EU, and Stay Smart Online in Australia, so let’s use this month to check in with LastPass and the strength of your password security.  

Ready to do a security check-up?  

Here’s a list of questions to ask yourself, and what to do from there: 

1. Is your Security Score high enough? The Security Challenge can audit your passwords and gives you an overall “score” for how strong your password security is. If your score is less than 80, you should start updating passwords to stronger ones. 
2. Do any passwords need replacing? If your Security Challenge results are less than ideal, use the password generator to start updating your accounts. You may also want to randomize your usernames. 
3. Is your master password strong enough? There are a few recommendations when it comes to your master password: Make it long, unique, and something completely random. Never reuse your master password. Never share it with anyone. If you ever need to log in to your account on a public or untrusted device, update your master password when you’re back on a trusted connection. And if it’s been years since you last updated your master password, it doesn’t hurt to change it to something new. Just practice logging in a few times until the new muscle memory kicks in. 
4. Do you remember your security email address? In our last post, we recommended a security email address so that important account information is sent to a secondary, secure email address that is separate from the email account you use every day. Sometimes, though, people will set up a security email address, and then forget about it because they rarely, if ever, need to use it. Be sure to go to your LastPass account settings to see if you set up a security email address, and make sure you still have access to that account. 
5. Which devices are marked as trusted? If you’re using two-factor authentication, you may have noticed that you can “trust” a device. That way, you won’t have to re-enter your 2FA information every time you log in on that device. In your account settings, you can review which devices are currently trusted, and remove any if those devices have been lost, stolen, or are no longer in use. 
6. Are you still logged in on old devices? In the same vein as the above, you can review your active sessions for your LastPass account. In your account settings, you can click the “Destroy Sessions” button to review everywhere you’re logged in to LastPass and force a logout.  
7. Do any shared passwords need to be revoked? From your vault, you can launch your Sharing Center to review which passwords you’re sharing with others (and the ones they are sharing with you). If someone no longer needs access, now is the time to revoke it. We recommend updating the password after you’re done sharing it with someone. 

Running through the above checklist at least once a year will help you stay on top of your password security with LastPass. Why not run it every year during October!