HELP FILE

How do I set up all account recovery options for LastPass?

Once you have created your LastPass account, it is strongly recommended that you set up and configure all account recovery options so that you can regain access to your LastPass Vault if your Master Password is ever forgotten. These recovery options can be configured at any time during the life of your LastPass account.

If recovery options are not set up and you are unable to recover your Master Password, you will need to create a brand new LastPass account and re-enter all of your Vault data.

CAUTION:

Please be aware that LastPass Customer Care has no knowledge of a user's Master Password. It is not possible for LastPass Customer Care to reset or change a user's Master Password if it is forgotten.

Before you begin setting up recovery options

There are a few things you need to do first so that you can utilize certain account recovery in case your Master Password is ever forgotten.

Install the LastPass web browser extension and log in to the extension often (from multiple trusted devices)

  • Download and install the LastPass web browser extension.
  • Log in to the LastPass web browser extension as often as you can and, if possible, from multiple devices that you trust.

You will gain the following benefits:

  • Creates a Recovery One Time Password, which can be used to reset your Master Password during account recovery if it is ever forgotten. Additionally, logging in from multiple trusted devices ensures that you have multiple Recovery One Time Passwords.
  • Creates an encrypted cache of your Vault data, which continues to be updated as you store more data (site passwords, secure notes, form fill items).
  • Automatically generates a Sharing Key so that you can create and use shared folders (if applicable).
Web browser extension login window

Recovery Option #1: Log in to the LastPass web browser extension on multiple devices

When you log in to the LastPass web browser extension on multiple browsers and devices that you trust, you create a Recovery One Time Password on each browser and device. This means that if you ever make a change to your LastPass account that causes your Vault to be re-encrypted, the Recovery One Time Password will become invalidated on that device, but you could still reset your Master Password from another device where you had logged in to the LastPass web browser extension. Here are some actions that would cause your Recovery One Time Password to be lost or invalidated:
  • Changing your Master Password on a mobile device (invalidates ALL Recovery One Time Passwords stored in your web browsers)
  • Uninstall/reinstall of the LastPass web browser extension
  • Disabling the LastPass web browser extension
  • Clearing your LastPass cache
  • Reformatting your computer
  • Unintentional corruption of your encrypted Vault cache (this is rare, but can be caused by other programs on your machine)

For more information, see What is the difference between a One Time Password and a Recovery One Time Password?.

Recovery Option #2: Set up mobile account recovery on iOS or Android

Important:

Regardless of how you use LastPass (desktop app, web browser extension, mobile app), you are strongly encouraged to set up Touch ID/Fingerprint or Face ID so that you can use mobile account recovery for iOS or Android, allowing you to reset your Master Password using biometrics from that device. Even if you decide that you will never use the LastPass Password Manager mobile app, setting up mobile account recovery on your current mobile device acts as a safety net in that you can reset your Master Password using biometrics.

Recovery Option #3: Manage your Master Password Reminder

Recovery Option #4: Set up SMS account recovery

Note: This recovery option requires a valid Recovery One Time Password, which is created when you log in to the LastPass web browser extension on your desktop and have not cleared your cache.

For more information, see Set Up SMS Account Recovery for LastPass.

You can also set up additional security options to further protect your account

Security Option #1: Add a security email address for alerts

  • Add a secondary security email address
Important:

If you ever forget your Master Password, enabling a security email allows LastPass to send a Master Password recovery link to that email address, which will trigger the account recovery flow. To complete the steps for account recovery, a valid Recovery One Time Password is required, which is created when you log in to the LastPass web browser extension on your desktop and have not cleared your cache.

Security Option #2: Generate One Time Passwords

To use the One Time Passwords, you generate a list of temporary passwords ahead of time, and cross them off as they are used each time you log in to your account. You can also invalidate OTPs if you are concerned that they have become compromised.

Please note that One Time Passwords do not replace your Master Password. Additionally, if you log in with a One Time Password, you will not be able to export your LastPass Vault data.

For more information, see What is the difference between a One Time Password and a Recovery One Time Password?