# Security Audit Score Calculation ## How are Security Scores Calculated? This document will cover how the following Security Audit Scores are calculated: * [Record Password Strength](#record-password-strength) * [Unique Record Passwords](#unique-record-passwords) * [Two-Factor Authentication](#two-factor-authentication) * [Master Password Strength](#master-password-strength) * [Security Audit Score](#security-audit-score) ### Record Password Strength The Record Password Strength score represents the percentage of record passwords, across all record passwords for all users, that are **strong**, **medium**, or **weak**. This score is calculated by adding all user's individual Record Password Strength, and then dividing it by the total number of records. For each user, the Record Password Strength is calculated by the taking the number of **strong**, **medium**, or **weak** passwords and dividing it by the total number of records. For example, if a user's vault has 10 total records where: * 6 of the records have a strong password * 3 of the records have a medium password * 1 of the record has a weak password The Record Password Strength score for this user will be as follows: * **Strong** passwords: 6/10 = 0.6 = 60% * **Medium** passwords: 3/10 = 0.3 = 30% * **Weak** passwords: 1/10 = 0.1 = 10% ### Unique Record Passwords The Unique Record Passwords score represents the percentage of record passwords, across all record passwords for all users, that are **Unique** or **Reused**. This score is calculated by adding all user's individual unique password score, and then dividing it by the total number of records. For each user, the Unique Passwords Record Score is calculated by taking the number of unique passwords in the user's vault and dividing it by the total number of records. For example, if a user's vault has 10 total records where: * 6 of the records have a unique password * 2 of the records share the same password * 2 of the records share the same password There are 6 unique passwords, 1 unique password that is shared between 2 records, and another unique password that is shared between 2 records. Thus, there are a total of 8 unique passwords. The **Unique Passwords Record Score** for this user will be as follows: * **Unique** passwords: 8/10 = 0.8 = 80% * **Reused** passwords: 2/10 = 0.2 = 20% ### Two-Factor Authentication The Two-Factor Authentication score represents the percentage of users that have enabled Two-Factor Authentication. This score is calculated by adding all the Two-Factor Authentication scores of all users and then dividing it by the number of total users. For each user, the Two-Factor Authentication score will be one of the following values depending on whether the user has Two-Factor Authentication **On** or **Off**: * 0% if Two-Factor Authentication is **Off** * 100% if Two-Factor Authentication is **On** ### **Master Password Strength** The Master Password Strength is not displayed on neither the Vault Clients nor Admin Console. Instead, the Master Password Strength is displayed upon Account Creation:

Strong Master Password

For each user, the Master Password will be 100% if the Master Password's strength is Strong, and 0% otherwise. For the overall Security Audit Score calculation, the average Master Password across all users is used. ### Security Audit Score The Security Audit Score represents the Overall Average Security Score across all your users in your organization. For each user, the Average Security Score is calculated by taking the average of the user's score from the following categories:
Security Score CategoryValues used to Calculate Average Security Score
Record Password StrengthThe Strong password % is used
Unique Record PasswordThe Unique password % is used
Two-Factor AuthenticationIf Two-Factor Authentication is On, 100% is used, if Off 0% is used
Master Password StrengthIf Master Password strength is strong, 100% is used, otherwise 0% used.
User's **Average Security Score** is calculated as follows: User's Average Security Score = (% of Strong Password Strength + % of Unique Password + Two-Factor Authentication + Master Password Strength)/4 For example, if a user has the following scores: * Strong Password Strength = 60% * Unique Record Passwords = 80% * Two Factor Authentication is Off = 0% * Master Password Strength = 100% The Average Security Score for the above user would be the sum of all the category scores divided by 4: $$ \dfrac{60% + 80% + 0% + 100%}{4} = \dfrac{0.6 + 0.8 + 0 + 1}{4} = 0.6 = 60% $$ ## FAQ ### I have 0 Records, why is my Security Audit Score not 0? Since the following variables affect the Security Audit Score: * Record Password Strength * Unique Record Passwords * Master Password Strength * Two-Factor Authentication if the user has 0 records, this disqualifies the **Record Password Strength** and **Unique Record Passwords** variables, but the calculation of the Security Audit Score still takes the **Master Password Strength** and **Two-Factor Authentication** into consideration. ### Why is my Security Audit Score negative? Across the various Keeper Vault Clients, user's Security Scores are independently calculated which may rarely cause the overall Security Audit Scores to be negative. If the Keeper Admin Console displays negative scores, visit the following [page](https://docs.keeper.io/keeperpam/commander-cli/troubleshooting-commander-cli#security-audit-report-score-re-alignment-process) to correct this issue.