HELP FILE

Help! I think my Lastpass account has been compromised!

If you're concerned that your LastPass account may have been compromised but still have access to your account, please log in to LastPass immediately and follow the steps below.

Kill all other active sessions

  1. In your web browser toolbar, click the inactive LastPass icon .
  2. Enter your username and Master Password, then click Log In.
  3. In your web browser toolbar, click the LastPass icon .
  4. Go to Account Options > Advanced > Other Sessions > Kill all but current session.

Review your account history

  1. While logged in to LastPass, click the LastPass icon in your web browser toolbar.
  2. Select Open my Vault.
  3. Go to More Options > Advanced > History.
  4. Make note of any suspicious activity.

    Note:

    Tracking login and Form Fill history is enabled for all LastPass accounts by default.

Restrict your account to only trusted devices

  1. While logged in to LastPass, click the LastPass icon in your web browser toolbar.
  2. Select Open My Vault.
  3. Select Account Settings in the left navigation.
  4. Select the Mobile Devices tab.
  5. Remove any unknown or stolen devices from this list.

Restrict your account to only trusted locations

  1. While logged in to LastPass, click the LastPass icon in your web browser toolbar.
  2. Select Open My Vault.
  3. Select Account Settings in the left navigation.
  4. Click Show Advanced Settings at the bottom.
  5. In the "Security" section for Country Restriction, check the box to enable the Only allow login from selected countries setting, then check the boxes of all countries from which you want to approve LastPass access.
  6. Click Update when finished.

Change your Master Password

  1. While logged in to LastPass, click the LastPass icon in your web browser toolbar.
  2. Select Open My Vault.
  3. Select Account Settings in the left navigation.
  4. In the Login Credentials section under Master Password, click Change Master Password.
  5. In the new web browser page or tab that opens, enter your current Master Password, then create a new Master Password. Enter a password hint (recommended – this is a clue that is sent in a reminder email to help you remember your Master Password if it is ever forgotten).
  6. When finished, click Save Master Password.
    You are logged out of LastPass,
  7. Log back in to LastPass with your updated Master Password.

Update your LastPass account email addresses

If your email address has also been compromised, it is recommended that you update your LastPass account email address using a different email address, as well as your security email address (if you had set one up prior to being compromised).

If you have lost access to your LastPass account...

Revert your Master Password

Navigate to https://lastpass.com/revert, enter your username, then click Send Email. Learn more about reverting your Master Password

Delete your LastPass account (very last resort)

If you are unable to revert your Master Password, it is recommended that you delete your LastPass account.

It is highly recommended that you begin changing your passwords for sensitive accounts (e.g., banking, email, social media, etc.) by generating secure passwords.

The following are best practices to protect yourself from compromising attacks in the future: