What is the security score in my Security Dashboard?
The security score is a feature within the Security Dashboard of your LastPass vault that automatically calculates the strength of your stored site passwords.
How do I get a security score?
Your security score is continually calculated as you add site passwords to your LastPass vault. You can then access your vault and view your security score.
How is the security score calculated?
Your security score is a combined rating of how strong your passwords generally are – meaning their overall length and complexity – with the highest possible score being 100 points. However, in order to get a perfect score, you must have at least 50 site passwords stored in your LastPass vault.
Note: LastPass uses the industry-standard zxcvbn library to assist in calculating each password's strength. As a result, your individual passwords' strength and your security score for all of your passwords in your vault may vary. Individual password strengths can be 0-25-50-75-100 percent (or a different value if the individual password is reused on multiple site password entries) while the security score can be anywhere between 0-100. Learn more about password strength and security score calculation.
Note: Federated login users are granted an automatic increase of 10% on their security score since multifactor authentication must be set up at the Identity Provider level (within AD FS, Azure AD, Okta, PingOne, PingFederate, Google Workspace, or OneLogin settings) and not at the LastPass level (within the Multifactor Options tab in the Account Settings of their vault).
Your security score is calculated using a scale that is outlined in the table below.
The following settings affect your overall security score:
| Rating | Security Score (Combining Various Factors) |
|---|---|
| Low | 0 ≤ X < 50 |
| Average | 50 ≤ X < 75 |
| High | 75 ≤ X < 100 |
| Highest | X = 100 |
- The total number of secure passwords you have stored in your vault – must have at least 50 passwords stored in order to pass with a perfect score of 100 points.
- Whether or not you have enabled multifactor authentication accounts for 10 points. Learn how to enable.
- Permitting offline access deducts 1 point.
- Allowing unrestricted mobile devices to access your vault deducts 1 point.
- Allowing trusted devices to skip multifactor authentication prompts deducts 1 point.
Note: Sites that manage their own password requirements (e.g., passwords are not permitted to be complex and/or lengthy, using a Pin code instead of a password, etc.) may be counted against users as "weak passwords" in their security score.
I have at-risk passwords, what should I do?
For guidance on viewing and changing unsafe passwords, please see How do I view at-risk passwords in my LastPass vault?
Note: This feature is not available for LastPass Free users. Learn how to upgrade to LastPass Premium, or view LastPass plans and pricing for feature information.
