Why are security metrics different in the old Admin Console and the new Admin Console?

The security metrics in the new Admin Console are updated to be more meaningful and accurate. The main difference being how the denominators for each security metric are calculated between the legacy admin console and the new Admin Console.

In the legacy admin console the denominator varies per metric, but often includes all users in the account. This includes users who haven't enrolled in LastPass or users who have never logged in or even created a master password. In the new Admin Console the denominator is consistent across all metrics, and only includes users who are enrolled in LastPass.

As a result security metrics are often lower in the legacy admin console compared to the new Admin Console because the legacy console takes into account users who are not enrolled or have even logged into LastPass. The exception to this is the Average Security Score, which excludes any score that is 0 in the legacy admin console while the new Admin Console does count scores that are 0. The new Admin Console does this to calculate a more accurate version of the Average Security Score, therefore this metric is often lower than in the legacy console.

Note: In the new Admin Console, the security score calculation for federated login users excludes the "Master Password score" since these users do not create a separate master password to log in to LastPass (they use their Identity Provider credentials instead).

Individual user score

Individual security scores are calculated locally in the user’s vault and then sent to both admin consoles when the user logs in. In general, the vault is the source of truth. If the consoles show a different score than the vault, it may not have synced yet.

Tip: Have your user log out and back in, which should populate the consoles accurately. If individual scores differ between consoles, there may be a bug. Please report this through a support ticket.

Average Security Score

The most precise way to determine accuracy is to sum the security scores of all users and divide that over the number of active users. The easiest way to accomplish this is to export the list of Active users from the new console, open the data in excel, and calculate the average of the security score column. The security score column in the CSV export file is exclusively available in the new console.