As background - we are an enterprise customer and I was/am looking to start a "campaign" in my company to get folks into the idea up improving their Security Challenge score. Before starting, I wanted to test my account first to increase my score and sort of validate the process. In my first run of the challenge I had several duplicate passwords, and some false positive weak passwords (e.g. form data capturing a 4 digit pin for example) and my score was 55%. I removed all my duplicates, deleted sites that were not actually passwords (complete deletion - they no longer show up) and increased all of my password strengths to 100 and am now "all in" using LastPass (with multi-factor). I then re-ran my security challenge and I still show 55% (but now at top 1% and a score of 100 for my master password).
However, when I log into my vault - on the left (in grey) the score now shows as a 92% (makes total sense as I am losing a point for having a trusted device or something and only have 15 sites so there is no way I can reach 100 percent).
BUT - when I run the admin user report for all of my users, I still only see the lower score of 55% for myself. Given this, I am not sure I can trust the report as a tool for a campaign (give out prizes to those that improve their scores etc etc). I should also note that if I pull myself up in the admin console - it is still showing the legacy information:
Master Password Score 100
Security Challenge Score 55
Average password strength 56.2
Number of blank passwords 0
Number of duplicate passwords 1
Number of sites having duplicate passwords 5
Number of weak passwords 0
Again, when I run the report on myself - my average password strength is 100, 0 duplicate passwords, and 0 number of sites having duplicate passwords.
So, am I doing something wrong or is this a bug? Is there a way to purge everyone's scores and start fresh? I did give this a few days to see if it needed time to refresh with no luck.
LastPass Forums
LastPass' User to User Communication