product icon

View security reports in the new Admin Console

    The Security report provides a summary of various critical user statuses, around which additional education or training may be warranted (e.g., reused master passwords, weak security score, more than 3 duplicate passwords, etc.). The goal of this view-only report is to help optimize the use of LastPass among your end users to help improve the security of your company’s digital assets.
    1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Reporting > Security reports.
    4. Optional: To view the latest information, select Request update.
      Security report in LastPass Admin Console

      Result: The page refreshes and displays the latest data for your Security report.

    5. View the risk name, number of impacted users, and percentage (%) of impacted users (i.e., calculated against your total number of users). The following risks are displayed:
      Risk name Description
      User iteration counts The iteration count of each user account within the company
      Shared folders accessed by low iteration count users A list of all shared folders that were accessed by any user with a low iteration count within the company
      Enabled multifactor The MFA option that is provisioned to all users within the company (i.e., not only the default MFA option, but all enabled MFA options for all users)
      Linked account iteration count The iteration count of each linked personal account and Families as a Benefit account within the company
      URLs in vaults All the URLs that the company's users have added to their vaults – this does not include the site URLs for linked personal accounts and/or Families as a Benefit accounts. Select Generate report, which will send an email notification to your account email address when the report is ready.
      URLs in shared folders All the URLs that the company's users have saved in their shared folders – this does not include the site URLs in shared folders for linked personal accounts and/or Families as a Benefit accounts. Select Generate report, which will send an email notification to your account email address when the report is ready.
      Reused master password Users who used their master password on another site in the last X days but have since failed to change their master password
      Weak security score Users who have a security score of less than 33 percent (< 33%) – learn more about security score calculation
      No sharing key Users who don't have a sharing key. Users must log in once using the LastPass browser extension to generate a sharing key before they can receive shared items
      Inactive during last 7 days Users who haven't logged in for the last 7 days
      No linked account Users who haven't linked a LastPass personal account to LastPass Business
      More than 5 weak passwords Users with more than 5 weak passwords – learn more about password strength
      More than 3 duplicate passwords Users with more than 3 duplicate passwords
      More than 3 duplicate password sites Users with duplicate passwords on more than 3 sites
      More than 3 blank passwords Users with a blank password for more than 3 sites
    6. Optional: If desired, you can download a report (CSV file) for any of the following reports (by selecting your desired risk name, then selecting within the pane in the right navigation):
      • User iteration counts
      • Shared folders accessed by low iteration count users
      • Enabled multifactor
      • Linked account iteration count
      • Weak security score
    Results: You have viewed your desired Security report information.