Add the option to exclude sites from the Security Challenge

Vumad · ‎12-29-2020

I would find it really helpful if there were a per-entry setting for a site that enabled it to be excluded from the Security Dashboard checks. Several of the financial institutions I use have a simple PIN or short numeric password for the first-stage login and then a more complex password for the second stage. As far as I can see LastPass doesn't have the ability to handle two-step logins and therefore only sees the fist password, which it reports as weak. If I change such passwords they will still be considered week, so there is really no benefit in them being included in the dashboard score.

variosity · ‎12-16-2021

very good idea, is very costly to delete the old entries differently

Former Member · ‎12-16-2021

+me

dschwarz · ‎12-29-2021

Completely agree. I created an account here and logged in just to ask about this issue.

orangeTANG · ‎01-13-2022

Came here for the same reason. Love the Security Dashboard option, I review it all the time and take it very seriously. That said, I store passwords for a bunch of my lab systems for the simplicity of auto-complete and it would be really good to have the option to exclude password entries from the Security Dashboard.

Hope this feature is included soon! It looks like there's a fair number of customers asking for it.

Theodulf · ‎01-20-2022

Is there a way to exclude retired password entries from analysis in the security dashboard?

I have some old entries, often with reused passwords, associated with sites that are no longer active so the password cannot be changed. Since these sites sometimes re-emerge I don't want to get rid of these entries, but their existence causes my security score to look poor. This is a problem when I show the security dashboard to customers and encourage them to use it. I would like to be able to acknowledge these issues, but not have them impact the score so heavily. Perhaps a folder called Archive that gets excluded from the security dashboard?

Thanks!

GlennD · ‎01-20-2022

Hi @Theodulf, welcome to the community.

At this time your security dashboard score is based on all sites in your vault and it is not possible to suppress specific ones. One option may be to create a secure note for these old sites and then copy their details into that before deleting them from your vault. That way you retain the information but they are not counted in your score.

pwnytail · ‎02-02-2022

Wow. First post I saw, and I came here to say exactly this.

I also just took the survey that was offered on the Security Dashboard, and made the same suggestion.

Many of the "Change Password" links go to 404s or dead links. I have accounts for websites that may no longer exist.

I have also been using LastPass for many years, and 265/900 passwords are flagged as needing attention.

There is no way I'm going to:

Go through "Change Password" links one by one.
.
1. Go back to my vault
2. search for the account in question
3. select the account
4. edit or delete the account
  1. x265

Which means I will pretty much ignore the security score until I can do something about the accounts in a meaningful way.

The Security Dashboard needs the same entry management features as the rest of the database, including the ability to run batch actions, select, select multiple, shift select etc.

ghalse · ‎02-18-2022

+1 for this. I have some profoundly daft passwords that I didn't create and cannot change, but need to remember nevertheless.

Juddster · ‎06-03-2022

I agree if we can't remove them entirely could we archive them somewhere out of the way?

Eager · ‎06-09-2022

I agree. I have a number of local LAN sites where I have the same user id and password. Flagging each as a security risk is unnecessary.