HELP FILE

How do I create a Recovery One Time Password to use during LastPass account recovery?

You create Recovery One Time Passwords (ROTPs) by logging in to LastPass via the LastPass web browser extension, online web Vault (LastPass website), and/or the LastPass Password Manager mobile app.

What is a Recovery One Time Password?

The Recovery One Time Password is used as a means of recovery to allow you to change your Master Password and gain access to your LastPass Vault if your Master Password is ever forgotten. Since your Vault is encrypted, this is the key that is used to decrypt it during account recovery. Learn more about ROTPs.

Create ROTPs from your desktop using the LastPass website

Log in to your online web Vault (i.e., the LastPass website) from a device you trust to create a new ROTP.

  1. Go to the LastPass login page at https://lastpass.com/?ac=1.
  2. Enter your email address and Master Password, then click Log In.
You have successfully logged in to your Vault and created a Recovery One Time Password for this specific web browser.

Create ROTPs from your desktop using the web browser extension

To get the most out of ROTPs, log in to the LastPass web browser extension and/or LastPass website...
  • On as many web browsers and trusted devices available to you
  • On any web browser where you have cleared your browser cache – clearing your browser cache invalidates your ROTP, but logging in to the extension and/or LastPass website recreates it
  • On web browsers you don't normally use – you are less likely to clear your browser cache on a browser you don't often use
  1. Install the LastPass browser extension (download here).
  2. Click the inactive LastPass icon inactive LastPass icon in your web browser toolbar.
  3. Enter your email address and Master Password.
  4. Click Log In.

    Result: An active LastPass icon active LastPass icon indicates a successful login, and you have created a Recovery One Time Password for this specific browser.

What to do next:

It is strongly recommended that you perform the following steps immediately after updating your Master Password in order to create new Recovery One Time Passwords:

  1. Log out of LastPass on every computer and/or mobile device where you have installed LastPass and accessed your LastPass Vault. You can check your active sessions for all devices.
  2. Log back in with your new Master Password.
For each computer and/or device where this is done, a new Recovery One Time Password is created, which can be used for account recovery if your Master Password is ever forgotten.

What to do next: If you logged in to your online web Vault (i.e., the LastPass website) on a public or untrusted device, it is strongly recommended that you clear the browser cache on all web browsers where you accessed LastPass in order to clear the Recovery One Time Password that was created from accessing the LastPass website.
What to do next:

If you have created a list of temporary One-Time Passwords to use on public/untrusted computers, then please be aware that changing or resetting your Master Password will invalidate all one-time passwords that you generated before the change occurred (as it requires your Vault to be re-encrypted). This means that you will need to generate new OTPs after a Master Password change, as all OTPs you generated previously will no longer be listed. Learn how to generate new one-time passwords.

Create ROTPs from your mobile device

For mobile devices, the Recovery One Time Password works via mobile account recovery, which uses biometrics for facial recognition or fingerprint identification in order for you to change your Master Password. Please see account recovery setup instructions for iOS or Android.

Related Articles