Skip to content

The 27 LastPass security checks Black Cat runs

Black Cat SSPM evaluates 27 security policies against your LastPass configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

mediumDormant Account

Disable or remove LastPass user accounts that have been dormant for 90 or more days

highAdmin Dormant

Demote or disable dormant LastPass admin accounts after verifying with management

lowNever Logged In Account

Remove or revoke LastPass user accounts that have never been used since provisioning

highAdmin Never Logged In

Remove or revoke admin privileges from LastPass admin accounts that have never logged in

lowDisabled Account Not Removed

Permanently delete LastPass user accounts that have been disabled but not yet removed

mediumExcessive Shared Folder Admins

Reduce the number of admins in LastPass shared folders to the minimum required

highShared Folder All Admin

Downgrade at least some members of LastPass shared folders where all users have admin rights

lowShared Folder No Read-Only Users

Add read-only members to LastPass shared folders that currently grant every user write access

mediumShared Folder Single Admin

Add a second admin to LastPass shared folders that have only a single admin

mediumShared Folder Excessive Users

Reduce LastPass shared folder membership by removing unnecessary users or splitting the folder

lowUser Not Assigned to Any Group

Assign the user to at least one LastPass group to ensure group-level policies apply

highDisabled Account With Admin Privileges

Revoke admin privileges from the disabled LastPass account before or during deactivation

mediumRecently Created Admin Account

Verify that the recently created admin account was authorized through the proper access management process

configuration

highWeak Master Password

Enforce a minimum master password strength policy to eliminate weak master passwords

criticalVery Weak Master Password

Enforce a minimum master password strength of 50 or higher in LastPass policies

lowEmpty Vault User

Send onboarding reminders to LastPass users with empty vaults and remove unused licenses

highStale Master Password

Notify LastPass users with stale master passwords to rotate them and enforce a password age policy

highMaster Password Never Changed

Notify LastPass users who have never changed their master password to rotate it

criticalAdmin Stale Master Password

Enforce immediate master password rotation for LastPass admin accounts with stale passwords

mediumLow Shared Folder Security Score

Improve the security score of LastPass shared folders by updating weak or reused passwords

highCritically Low Shared Folder Score

Update weak or reused passwords in LastPass shared folders to improve the security score

criticalAdmin With Weak Master Password

Require the admin to immediately update their master password to meet the higher strength threshold

lowEmpty Shared Folder

Delete orphaned shared folders that have no members

criticalAdmin Master Password Never Changed

Require the admin to immediately change their master password from the initial value

mfa

criticalMFA Not Enabled

Enable multifactor authentication for LastPass users who have MFA disabled

criticalAdmin Without MFA

Require MFA for all LastPass admin accounts that currently have it disabled

sharing

mediumShared Folder Credential Export Permission

Disable the credential export (give) permission for shared folder members who do not need it

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial