HELP FILE

How do I set up all account recovery options for LastPass?

Once you have created your LastPass account, it is strongly recommended that you set up and configure all account recovery options so that you can regain access to your LastPass Vault if your Master Password is ever forgotten. These recovery options can be configured at any time during the life of your LastPass account.

If recovery options are not set up and you are unable to recover your Master Password, you will need to create a brand new LastPass account and re-enter all of your Vault data.

CAUTION: Please be aware that LastPass Customer Care has no knowledge of a user's Master Password. It is not possible for LastPass Customer Care to reset or change a user's Master Password if it is forgotten. Learn more at Why can't LastPass Customer Care reset the Master Password for my account?.

Recovery Option #1: Log in to LastPass from your desktop

When you log in to LastPass from your desktop, you create a locally-stored Recovery One Time Password on each web browser where you log in, which can be used in the account recovery process if you ever forget your Master Password.

  • Log in via the LastPass web browser extension (recommended) – This login method is recommended so that you can manage extension settings and preferences to customize the way you want to use LastPass only on devices that you trust. Additionally, logging in using the extension creates an encrypted cache of your Vault data locally, and generates a Sharing Key for creating and using shared folders (if applicable).

    It is encouraged that you log in via the extension on multiple web browsers (as often as you can), and, if possible, from multiple devices that you trust, which will store the Recovery One Time Password locally in the LastPass extension's repository for each browser. Additionally, logging in from multiple trusted devices ensures that you have multiple Recovery One Time Passwords.

    For more information, see What is a Recovery One Time Password in LastPass?

Coming soon!

LastPass will be debuting a new account recovery feature that will allow users to reset their Master Password as long as they have logged in to the LastPass website via the LastPass Login page at least once on any supported web browser. This means that users who are unable to install/use the LastPass web browser extension will be able to use account recovery from a desktop in case their Master Password is ever forgotten.

Recovery Option #2: Set up mobile account recovery on iOS or Android

Important: Regardless of how you use LastPass (desktop app, web browser extension, mobile app), you are strongly encouraged to set up Touch ID/Fingerprint or Face ID/Face Unlock so that you can use mobile account recovery for iOS or Android, allowing you to reset your Master Password using biometrics from that device. Even if you decide that you will never use the LastPass Password Manager mobile app, setting up mobile account recovery on your current mobile device acts as a safety net in that you can reset your Master Password using biometrics.

Recovery Option #3: Manage your Master Password Reminder

Recovery Option #4: Set up SMS account recovery

You can set up SMS account recovery by adding a mobile number to your account to receive a verification text message that is used in the account recovery process in case you every forget your Master Password.
Important: To complete the steps for account recovery, a valid Recovery One Time Password is required, which is created when you log in to the LastPass web browser extension on your desktop and have not cleared your cache.

Follow the steps to Set Up SMS Account Recovery for LastPass.

You can also set up additional security options to further protect your account

Security Option #1: Add a security email address for alerts

If you ever forget your Master Password, enabling a security email allows LastPass to send a Master Password recovery link to that email address, which will trigger the account recovery flow.
Important: To complete the steps for account recovery, a valid Recovery One Time Password is required, which is created when you log in to the LastPass web browser extension on your desktop and have not cleared your cache.

Security Option #2: Generate temporary One Time Passwords

One-time passwords (OTPs) can be used if you want to access LastPass from a public computer and do not want to enter your Master Password because someone else may be able to access it (using a keylogger to capture your typed keys or other malware). They are also handy if you need to access your LastPass Vault but you do not know what kind of security is implemented on the computer you are going to use.

To use the One Time Passwords, you generate a list of temporary passwords ahead of time, and cross them off as they are used each time you log in to your account. You can also invalidate OTPs if you are concerned that they have become compromised.

Please note that One Time Passwords do not replace your Master Password. Additionally, if you log in with a One Time Password, you will not be able to export your LastPass Vault data.

For more information, see What is the difference between a One Time Password and a Recovery One Time Password?