How do I reset my Master Password using a Recovery One Time Password for LastPass?
A Recovery One Time Password is something that is created for you automatically when you log in to LastPass via the web browser extension, and is not something you can write down.
When using this Master Password recovery method, the system emails you a link that provides you with the ability to reset your Master Password only when used on the specific device and web browser it matches by using the Recovery One Time Password (which was created when you logged in to the LastPass web browser extension and stored invisibly in the browser).
- Navigate to https://lastpass.com/recover.php.
- Enter your email address, then click Continue.
- How you proceed depends on whether or not you previously enabled SMS recovery:
- If you previously enabled SMS recovery to reset a forgotten Master Password, LastPass sends a 6-digit verification code to your mobile device. Enter the code, then click Verify, then proceed to Step #4.
- If you did not enable SMS recovery but did enable a security email, LastPass will send an email to your secondary security email address (or your account email, if no secondary was set up), and you can continue by clicking the link in the email., then proceed to Step #4.
- Select Click to Recover Account.
- When prompted, click Yes to use a one-time password for account recovery.
- Click OK to proceed (if prompted that Account Recovery has been detected and that you must immediately change your Master Password). Troubleshooting: If you encounter a message that "LastPass account recovery has failed because your current browser didn't save account recovery data on this computer" or that a "Recovery One Time Password was not detected" try repeating these steps on another web browser where you have logged in to LastPass. For additional information, please see troubleshooting information here.
- Enter a new Master Password and a password hint (recommended), then click Confirm. Tip: We recommend using the following best practices when creating your Master Password:
- Use a minimum of 12 characters, but the lengthier the better
- Use upper case, lower case, numeric, and special character values
- Make it pronounceable and memorable, but not easily guessed (e.g., a passphrase)
- Make sure that it is unique only to you
- Don't use personal information
- A good example is: Fidoate!my2woolsox
- Click OK to proceed with logging out.
- Log back in using your new Master Password.
It is strongly recommended that you perform the following steps immediately after updating your Master Password in order to create new Recovery One Time Passwords:
- Log out of LastPass on every computer and/or mobile device where you have installed and accessed your LastPass Vault. You can check your active sessions for all devices.
- Log back in with your new Master Password.
If you have created a list of temporary One-Time Passwords to use on public/untrusted computers, then please be aware that changing or resetting your Master Password will invalidate all one-time passwords that you generated before the change occurred (as it requires your Vault to be re-encrypted). This means that you will need to generate new OTPs after a Master Password change, as all OTPs you generated previously will no longer be listed. Learn how to generate new one-time passwords.