Lastpass Security Challenge , Test Your Last Pass Passwords

Martin Brinkmann
Apr 29, 2011
Updated • Dec 5, 2012
Security
|
10

Using secure, unique passwords for every Internet site or service is one of the best security practices out there. That does not necessarily protect you completely, as the Sony Playstation Network incident has shown, but it invalidates several popular techniques to steal passwords and log in information.

With that incident in mind, I thought it would be pretty cool if you could run a check on all of your passwords and login information to see which of your accounts may have been affected by the hack. While that's unfortunately not possible, the next best thing is. The developers of the popular online password manager and synchronizer Last Pass have created an online tool that evaluates the strength and other information about all passwords stored in a user's vault.

lastpass security challenge

This way, you can assess all of your passwords and logins at once, and make changes to the accounts that receive a weak rating. It begins with an overall score and rank at the top. Detailed results are then displayed when you start scrolling down, and this is where it gets interesting.

password strength

The results screen displays various information about your passwords. This includes the average password length, number of duplicate passwords and sites with those passwords, number of weak passwords or number of blank passwords. While those results are nice to know, they are not that helpful as you do not yet know which sites and log ins share the same password or use a weak passwords.

Those information are displayed when you scroll down to the Analyzed Sites listing. Last Pass' Security Challenge lists all sites with duplicate passwords, unique passwords and no passwords in list form on that page.

You see on first glance which sites share a password. Even better, the password strength is shown on the very same page ranging from 0% (very bad) to 100% (very strong).

A visit site link is provided next to each entry which makes it even more comfortable to visit those sites and change the passwords.

It may take a while to go through all duplicate or weak password sites that are shown, but it is well worth it. Chance is, you find duplicate site listings as well, which is for instance the case if a service uses the same log in on more than one domain, or if you use it to access a site by domain name and IP address.

You can run the test again at anytime, and the score gets automatically updated. Last Pass displays test history information where you can see how the score improves or drops based on your changes.

password history

A low score does not necessarily mean that you do not care about your account security. I for one use the very same username, email, password combination on many sites that force me to register to check out their service. These accounts are in no way linked to me and it would not be problematic if they would get hacked. More or less like a private Bug Me Not password if you like.

Tips on how to improve the overall security score are displayed at the very bottom of the page.

Last Pass users who want to run the test can do it on the Last Pass website. They need to be logged into their Last Pass account for that. (via Caschy)

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Mads Nygaard Pedersen said on November 10, 2013 at 10:26 am
    Reply

    Picking up this old thread – the idea of running a security test is great, however I cannot help wondering how safe it is to run an actual password analysis?

    After all it does involve that you grant access for a script to analyze your actual personal passwords. Sure, the analyses presumably does not involve human intervention, but still… would be nice if LP would elaborate on this is handled.

    Anybody know of a documentation link?

  2. joseph Fairchild said on November 16, 2012 at 5:17 am
    Reply

    I use my LastPass in Opera and i also use it in my copy of safari, and it works quite well in both for passwords and form fill andcredit card, I am not like you with 109 passwords but i could never youse and remember all 34 I have without LastPass,(or something like it) I was also impressed that Opera has its own “social”fourums and groups etc

  3. Dan said on April 30, 2011 at 5:18 am
    Reply

    When I first ran the security check tool in LastPass, I got a measly 48% score. After two days of password strengthening, I now have 85.1% score, good for 1946th best. I have 109 accounts registered in LP.

    My LP score: http://i54.tinypic.com/dboyt0.jpg

    1. Dan said on April 30, 2011 at 5:24 am
      Reply

      Wow, I removed a duplicate password just now and my score increased to 85.8% and 1785th overall.

  4. Transcontinental said on April 29, 2011 at 10:10 pm
    Reply

    78.9%, 4842nd …
    Gosh, I was expecting to be in the top 10 :)
    This is really a nice find, besides fun it calls upon humility when one sees his score, and recalls that awareness is a condition health !

    1. Martin Brinkmann said on April 29, 2011 at 10:15 pm
      Reply

      How many passwords in total? I think it is pretty nice to go over your weakest passwords and change them on the sites.

      1. Transcontinental said on April 30, 2011 at 11:09 am
        Reply

        I should have mentioned the number of files concerned, quite true. In my case: 195 only.
        We can point out that some passwords are weak less on our behalf than due to the fact that some sites just don’t allow passwords longer than x characters, sometimes x<9, when the minimum as I know is 11 characters (aA-zZ, 0-9, special characters) … and that is their responsibility and my risk.

      2. Martin Brinkmann said on April 30, 2011 at 12:12 pm
        Reply

        That’s another good point, companies should not artificially limit the number of characters of a password

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.