LastPass Forums

[cme462]

As background - we are an enterprise customer and I was/am looking to start a "campaign" in my company to get folks into the idea up improving their Security Challenge score. Before starting, I wanted to test my account first to increase my score and sort of validate the process. In my first run of the challenge I had several duplicate passwords, and some false positive weak passwords (e.g. form data capturing a 4 digit pin for example) and my score was 55%. I removed all my duplicates, deleted sites that were not actually passwords (complete deletion - they no longer show up) and increased all of my password strengths to 100 and am now "all in" using LastPass (with multi-factor). I then re-ran my security challenge and I still show 55% (but now at top 1% and a score of 100 for my master password).

However, when I log into my vault - on the left (in grey) the score now shows as a 92% (makes total sense as I am losing a point for having a trusted device or something and only have 15 sites so there is no way I can reach 100 percent).

BUT - when I run the admin user report for all of my users, I still only see the lower score of 55% for myself. Given this, I am not sure I can trust the report as a tool for a campaign (give out prizes to those that improve their scores etc etc). I should also note that if I pull myself up in the admin console - it is still showing the legacy information:

Master Password Score 100
Security Challenge Score 55
Average password strength 56.2
Number of blank passwords 0
Number of duplicate passwords 1
Number of sites having duplicate passwords 5
Number of weak passwords 0

Again, when I run the report on myself - my average password strength is 100, 0 duplicate passwords, and 0 number of sites having duplicate passwords.

So, am I doing something wrong or is this a bug? Is there a way to purge everyone's scores and start fresh? I did give this a few days to see if it needed time to refresh with no luck.

[jud]

This continues to be a problem for me as well, rendering the Admin Console's reporting features virtually useless. Would love to get some kind of update on a fix.

[srsly]

Also having the same issue.

Really annoying since we have a policy saying that every user should have a security score that is 70 or above.

when i run the user report i have users that shows as "weak" in my report, but when i check their client, the score is 96...
Feels good wasting peoples time when asking them to get their score up....

Makes me look reeaaal smart..

Please fix this asap.. as we have an audit coming up.. and having 100+ users is and not being able to pull out the correct report for this is shit.

[Myvekk]

I'm not using enterprise, just a paid version, but I have run into this in a similar way.

My score has increased, but I went through all the sites & deleted dead links, changed passwords & removed duplicates. I had one site that was identical to master password, so it was also changed, yet when I rerun the report, it still says that site and the Master have the same password!? And it still lists al the other problems I went & fixed?

[max966]

I am trying to do something very similar to the OP but am having the same issue.

[jclifton]

Same issue here with the same need to see user scores. Worked an SR with support and was left with the feeling they were mostly guessing as how to fix this.

We have had multiple SRs and while I like the idea of the product execution and support is poor.

Jason