You should try the Security Challenge if you are using LastPass as your password manager. It scans your password vault for old, weak, compromised, and reused passwords. After that, the Security Challenge will recommend you change the passwords it detected. You will also get a numerical security score given by LastPass as well.

Other password managers, including 1Password, has a similar feature, too. For 1Password, the feature is called Watchtower. It determines issues like compromised, weak, and reused passwords. After that, you will be prompted to change the detected passwords just like how LastPass’ Security Challenge works.


What is the LastPass Security Challenge?

Most people focus on saving each password on their vault when they are just getting started with LastPass. After that, they will just log in on their accounts when needed. Having one secure place to store passwords and usernames for every website is one of the main benefits of using a password manager after all.

But, storing passwords in a password manager is just a basic step when it comes to improving your online security. Creating better passwords to keep your data, money, and safety online is more important. One way to help you accomplish both is to use the LastPass Security Challenge.

This is a tool that analyzes the passwords you store on the LastPass app. It will tell you how secure all your passwords are by giving you a score. The Security Challenge will show you all the areas where you need some changes to make your passwords secure once you have stored all your passwords on the vault.

It will scan all the passwords stored on your vault. The Security Challenge will look at each password’s strength, length, and uniqueness. Other than that, you will also see the results of each of your accounts in detail, not just the overall score. This way, you will be able to fix the passwords that may be putting you at risk.


The Advantage of Having a Password Manager

It is very crucial to use a password manager. If you use only one password for everything, all of your accounts will be hacked easily. One website breach is all it takes for attackers to get your personal data. On the other hand, it’s a little inconvenient to use different passwords because each of them is difficult to remember, especially if you’re making a password with a combination of lowercase and uppercase letters, symbols, punctuation marks, and numbers.

The solution to this problem is using a password manager. It won’t just remember and store all your passwords, it will also help you create unique and strong passwords that are hard to crack. All you need to do is create a master password for your password vault and just leave the rest to the password manager. When you log into a website or social media platform, the password manager will fill your credentials on the boxes automatically. That way, attackers who might be snooping on what you’re typing won’t have any clue what your credentials are.


How the LastPass Security Challenge Works

The Security Challenge feature of LastPass can be opened via the browser extension or your vault. Anytime you open it, you will be required to type in your password.

The scan will start as soon as you enter the Security Challenge. Three scores will appear on top and at the bottom, more detailed results will be shown. Here are the three scores at the top of the window.

  • Security score. This will factor out the overall strength of the passwords stored in your vault. This aggregate score will also determine whether you are using two-factor authentication to keep your LastPass account protected.
  • LastPass standing. This will show the percentage where you rank compared to other users of LastPass.
  • Master Password score. This will show how strong your Master Password is.

Here are the detailed results that you will see at the bottom part of the screen:

  • This tells how many times you have used the same password for different accounts.
  • This tells if one of your passwords was affected by a data breach or an attack on other websites.
  • This will tell if your password doesn’t use any symbol or numbers. It will also tell you if a password is too short and easy to guess.
  • If you’ve been using your password for more than a year now, then it will be shown on this result.
  • If a record of an account is stored on your vault and it doesn’t have a password, it will appear in this result.


Taking the Security Challenge

To access the Security Challenge on LastPass, you have to go to LastPass’ website, mobile app, or browser extension, just like what we have mentioned above. Then, follow the steps below.

  • For the browser extension, click the LastPass browser extension icon in your web browser.

Choose the Account Options on the menu and click the Security Challenge option.

  • For the LastPass website, just go to the bottom-left side of your vault screen and click Security Challenge.
  • For the LastPass mobile app, just tap the Security option. Then, tap the Security Challenge afterward.

You will be required to enter your Master Password before the analyzation process starts. Once you’ve entered the master password, the results will be shown on the screen.


How to improve your Master Password score

The Master Password Score will tell you how complex, unique, and long your master password is. If a password stored in your vault matches the one you’re using as the master password, this score will also notify you.

In other words, if you have used your master password on different accounts and website logins, you will be warned to change it immediately. Your master password should be hard to crack and unique. Using it as a password on other accounts is not safe.

Change your master password to improve your Master Password score. Make it longer, stronger, and more unique. Other than that, make sure that you’re not using it on other websites or accounts and that it’s not stored on your LastPass vault already.


Enable Two-Factor Authentication to Boost your Score

If you haven’t tried or enabled multi-factor authentication yet, then it’s the right time to do so. It will boost your score by over 10% so you should activate your two-factor authentication. It will also protect your LastPass from hackers who will try to access your vault.

They won’t be able to open your vault even if they have or know your master password because of it. They need to have the physical key or the code that will be sent to your phone first before they can open the vault. Here’s how you can activate 2FA.

  • Open your LastPass vault.
  • Go to the Account Settings option.
  • Click Multifactor Options.

Other options to better protect your passwords include Microsoft Authenticator, LastPass Authenticator, and Google Authenticator. The LastPass Authenticator is recommended because it allows LastPass to require you to open your mobile app when you are signing in. To sign-in quickly, you can also allow the quick-tap option of the app.


Improve the Results at the Bottom

The Security Challenge will recommend which of the passwords need to change under the Improve Your Score section. These four types of score include old, compromised, weak, and reused.


  • Weak passwords. These types of passwords are very easy to guess. For instance, if you log into a platform or website and you use a password like “1234” or “password”, Security Challenge will score it as weak. You will be prompted to change the password immediately and make it strong. On the other hand, you can also allow LastPass to create a strong and unique password for you. This password manager will remember it as well so you don’t have to worry about anything.


  • Compromised passwords. These passwords are the type of passwords that you should change immediately because it might be at risk of data breaches that happen on the web. When websites experience attacks or breaches, they are tracked by LastPass to know if some passwords of their customers are compromised. So, it will recommend you to change the compromised password, especially if you haven’t changed it since the website has experienced an attack.


  • Old passwords. Just to make sure your data are safe, you will be promoted by LastPass to change old passwords as well. In the Security Challenge scores, this is the least important score. It might be worth changing your old passwords if you have some free time, especially if these passwords are used for critical accounts like your online banking account or if LastPass hasn’t generated a new password for it automatically. You can skip this if you want, but it is really important to change old passwords used for online banking.


  • Reused passwords. When you are reusing a password to some of your accounts, then this might be the time to quit doing it because all your data will be at risk. Once a leak happens on a website, your accounts on other websites will be at stake. Make sure that each password is unique from each other to prevent breaches and data loss.


Run the Security Challenge Again

You can try to run the Security Challenge again once all the issues pointed by LastPass have been addressed and fixed. All you have to do is to refresh the page or the app and enter your master password again. After that, the LastPass Security Challenge will scan all your passwords again and show the scores.