HELP FILE

How do I reset my Master Password using SMS account recovery for LastPass?

Using SMS account recovery will trigger the Master Password recovery flow as long as at least one of your browsers has captured a Recovery One Time Password which is created by logging in to your online web Vault (via the LastPass website) and/or the LastPass web browser extension at least once.

Watch Video

Before you begin: Be sure you have already set up SMS account recovery before proceeding.
  1. Navigate to https://lastpass.com/recover.php.
  2. Enter your email address, then click Continue.
  3. The system sends an SMS message to your phone containing a numeric code. Enter this code into your web browser, and click Verify.
  4. Select Click to Recover Account.
  5. When prompted if you want to use a one-time password for account recovery, click Yes.
  6. When the next window appears advising that Account Recovery has been detected and that you must immediately change your Master Password, click OK to proceed.

    Troubleshooting: If you encounter a message that "LastPass account recovery has failed because your current browser didn't save account recovery data on this computer" or that a "Recovery One Time Password was not detected" try repeating these steps on another web browser where you have logged in to LastPass. For additional information, please see troubleshooting information here.

  7. Enter a new Master Password and confirm, then enter Master Password hint (optional but recommended).

    Tip: We recommend using the following best practices when creating your Master Password:
    • Use a minimum of 12 characters, but the lengthier the better
    • Use upper case, lower case, numeric, and special character values
    • Make it pronounceable and memorable, but not easily guessed (e.g., a passphrase)
    • Make sure that it is unique only to you
    • Don't use personal information
    • A good example is: Fidoate!my2woolsox

  8. Click Confirm.

    Result: A message indicates that your password has changed.

  9. Click OK to proceed with logging out.
  10. Once you have been logged off of LastPass, log back in again using your new Master Password.

    Result: You have successfully reset your Master Password.

What to do next: (Recommended)

It is strongly recommended that you perform the following steps immediately after updating your Master Password in order to create new Recovery One Time Passwords:

  1. Log out of LastPass on every computer and/or mobile device where you have installed LastPass and accessed your LastPass Vault. You can check your active sessions for all devices.
  2. Log back in with your new Master Password.
For each computer and/or device where this is done, a new Recovery One Time Password is created, which can be used for account recovery if your Master Password is ever forgotten.

What to do next: If you logged in to your online web Vault (i.e., the LastPass website) on a public or untrusted device, it is strongly recommended that you clear the browser cache on all web browsers where you accessed LastPass in order to clear the Recovery One Time Password that was created from accessing the LastPass website.
What to do next: (Optional)

If you have created a list of temporary One-Time Passwords to use on public/untrusted computers, then please be aware that changing or resetting your Master Password will invalidate all one-time passwords that you generated before the change occurred (as it requires your Vault to be re-encrypted). This means that you will need to generate new OTPs after a Master Password change, as all OTPs you generated previously will no longer be listed. Learn how to generate new one-time passwords.