Lastpass Security


With LastPass, you can use one strong 'master' password to protect the passwords of all your other accounts. Store your HarvardKey in the LastPass vault. Let LastPass create long, complex passwords for personal services like Facebook or Amazon. You don't have to remember them all, just remember your master password and LastPass remembers the rest.

  • Re-run the LastPass Security Challenge on a routine basis – Keeping good password hygiene is a daily best practice. It is recommended that you re-run the Security Challenge every few weeks to stay on top of secure password storage.
  • The security score is a feature within the Security Dashboard of your LastPass Vault that automatically calculates the strength of your stored site passwords. This feature is not available for LastPass Free users. Learn how to upgrade to LastPass Premium.
  • LastPass makes security simple through an easy-to-use dashboard that works and syncs across browsers and mobile devices to secure every aspect of your digital life.

Please note that this Security Challenge functionality discussed in this post has been updated. For updated information please visit our blog post from 8/5/2020.

Strong security isn’t just a one-time thing. Technology changes quickly, and that means you may need to adjust your security measures from time to time. It’s important to regularly check the apps you’re using, how you’re using them, and the security options available to keep your information private and secure.

October is NCSAM in the US, ECSM in the EU, and Stay Smart Online in Australia, so let’s use this month to check in with LastPass and the strength of your password security.

Ready to do a security check-up?

Lastpass Security

Here’s a list of questions to ask yourself, and what to do from there:


Lastpass Security Breach

LastpassLastpass security breach
  1. Is your Security Score high enough? The Security Challenge can audit your passwords and gives you an overall “score” for how strong your password security is. If your score is less than 80, you should start updating passwords to stronger ones.
  2. Do any passwords need replacing? If your Security Challenge results are less than ideal, use the password generator to start updating your accounts. You may also want to randomize your usernames.
  3. Is your master password strong enough? There are a few recommendations when it comes to your master password: Make it long, unique, and something completely random. Never reuse your master password. Never share it with anyone. If you ever need to log in to your account on a public or untrusted device, update your master password when you’re back on a trusted connection. And if it’s been years since you last updated your master password, it doesn’t hurt to change it to something new. Just practice logging in a few times until the new muscle memory kicks in.
  4. Do you remember your security email address? In our last post, we recommended a security email address so that important account information is sent to a secondary, secure email address that is separate from the email account you use every day. Sometimes, though, people will set up a security email address, and then forget about it because they rarely, if ever, need to use it. Be sure to go to your LastPass account settings to see if you set up a security email address, and make sure you still have access to that account.
  5. Which devices are marked as trusted? If you’re using two-factor authentication, you may have noticed that you can “trust” a device. That way, you won’t have to re-enter your 2FA information every time you log in on that device. In your account settings, you can review which devices are currently trusted, and remove any if those devices have been lost, stolen, or are no longer in use.
  6. Are you still logged in on old devices? In the same vein as the above, you can review your active sessions for your LastPass account. In your account settings, you can click the “Destroy Sessions” button to review everywhere you’re logged in to LastPass and force a logout.
  7. Do any shared passwords need to be revoked? From your vault, you can launch your Sharing Center to review which passwords you’re sharing with others (and the ones they are sharing with you). If someone no longer needs access, now is the time to revoke it. We recommend updating the password after you’re done sharing it with someone.

Lastpass Security Dashboard Not Updating

Running through the above checklist at least once a year will help you stay on top of your password security with LastPass. Why not run it every year during October!