HELP FILE

Use Temporary (One Time) Passwords

When accessing LastPass from a public computer, you may not want to use your Master Password, because someone else may be able to access it (using a keylogger to capture your typed keys or other malware). Additionally, you may not know what kind of security is implemented on that computer. To solve this problem, LastPass provides you with One Time Passwords (OTPs) that only work for one logon session – so even if someone else gets access to a previously used OTP, they will not be able to use it to log on to your account. To use the OTPs, you generate a list of temporary passwords ahead of time, and cross them off as they are used each time you log in to your account. You can also invalidate OTPs if you are concerned that they have become compromised.

Note: If you are concerned that your LastPass account has been compromised, follow these steps.

Generate One Time Passwords

To generate a list of One Time Passwords, do the following:

  1. Log in to LastPass and access your Vault by doing either of the following:
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
  2. Select More Options in the left navigation.
  3. Go to Advanced > One Time Passwords.
  4. Enter your Master Password, and click OK.
  5. Click Add a new One Time Password. Repeat this step as many times as you wish to generate a list of one-time passwords.
  6. Click Print, and keep the passwords in a safe place, crossing them off as you use them. (If you find it more convenient, using your web browser, you can print the passwords to a PDF file so that you can copy and paste them later).

Log in Using a One-Time Password

To log on to LastPass using a one-time password, do the following:

  1. Go to https://lastpass.com/?ac=1 from your desktop web browser.
  2. Click Log in using a One Time Password.
  3. Enter your username and a One Time Password.
  4. Complete steps for Multifactor Authentication, if it is enabled on your account (learn more here).

Multifactor Authentication window

Invalidate One Time Passwords

If you are concerned that someone may have gotten access to your One Time Passwords, you can invalidate them by doing the following:

  1. Log in to LastPass and access your Vault by doing either of the following:
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
  2. Select More Options in the left menu.
  3. Go to Advanced > One Time Passwords.
  4. Enter your Master Password, and click OK.
  5. Click Clear all OTPs.
  6. The system indicates that you no longer have any One Time Passwords. You can now either close the browser window or create new One Time Passwords using the Add a new One Time Password link.

Related

Recover Your Lost Master Password

How do I set up and use mobile account recovery on Android?

How do I set up and use account recovery in the LastPass app for iOS?