How do I reset my Master Password using SMS account recovery for LastPass?
Using SMS account recovery will trigger the Master Password recovery flow as long as at least one of your browsers has captured a Recovery One Time Password which is created by logging in to your online web Vault (via the LastPass website) and/or the LastPass web browser extension at least once.
- Navigate to https://lastpass.com/recover.php.
- Enter your email address, then click Continue.
- The system sends an SMS message to your phone containing a numeric code. Enter this code into your web browser, and click Verify.
- Select Click to Recover Account.
- When prompted if you want to use a one-time password for account recovery, click Yes.
- When the next window appears advising that Account Recovery has been detected and that you must immediately change your Master Password, click OK to proceed. Troubleshooting: If you encounter a message that "LastPass account recovery has failed because your current browser didn't save account recovery data on this computer" or that a "Recovery One Time Password was not detected" try repeating these steps on another web browser where you have logged in to LastPass. For additional information, please see troubleshooting information here.
- Enter a new Master Password and confirm, then enter Master Password hint (optional but recommended). Tip: We recommend using the following best practices when creating your Master Password:
- Use a minimum of 12 characters, but the lengthier the better
- Use upper case, lower case, numeric, and special character values
- Make it pronounceable and memorable, but not easily guessed (e.g., a passphrase)
- Make sure that it is unique only to you
- Don't use personal information
- A good example is: Fidoate!my2woolsox
- Click Confirm.
Result: A message indicates that your password has changed.
- Click OK to proceed with logging out.
- Once you have been logged off of LastPass, log back in again using your new Master Password.
Result: You have successfully reset your Master Password.
It is strongly recommended that you perform the following steps immediately after updating your Master Password in order to create new Recovery One Time Passwords:
- Log out of LastPass on every computer and/or mobile device where you have installed LastPass and accessed your LastPass Vault. You can check your active sessions for all devices.
- Log back in with your new Master Password.
If you have created a list of temporary One-Time Passwords to use on public/untrusted computers, then please be aware that changing or resetting your Master Password will invalidate all one-time passwords that you generated before the change occurred (as it requires your Vault to be re-encrypted). This means that you will need to generate new OTPs after a Master Password change, as all OTPs you generated previously will no longer be listed. Learn how to generate new one-time passwords.