Manage Account Settings
Your Account Settings section allows you to view and edit your global Settings and Preferences. You can edit your username and Master Password, security settings, email notifications, manage your trusted devices, and control how LastPass interacts with websites.
Topics in this article:
- If you have not done so, log in to LastPass.
- In your web browser toolbar, click the LastPass icon then click Open My Vault.
- In the left pane, click Account Settings.
- Account Email – View or change the email address used to access your LastPass account. To change the email address, replace the old email address with the new one and click Update to save the changes. Use Send Test Email to validate your email address.
- Master Password – If you would like to change your Master Password, click Change Master Password. If you would like to revert the change you made, click Revert Password Change. Learn more.
- Password Reminder – Click View to view your Master Password reminder.
- Type – Displays your account type (i.e., Free. Families, Teams, Enterprise) with the ability to upgrade when applicable.
- Links – Helpful links for your account.
- My Account allows you to access your account data, such as when your Premium subscription expires.
- Payment History allows you to view any payments you have made for LastPass.
- Email Subscriptions allows you to manage the types of email notifications you would like to receive from LastPass. Learn more.
- Language – You can change the default language (English) to any of our other supported languages. Once you have selected your desired language, click Update to save the changes. You will need to log off and log back in to display LastPass in your newly selected language. Editing your language selection from your online Vault will only apply to viewing and using the online Vault – language settings for your web browser extensions need to be changed via the LastPass icon > Preferences > Advanced.
- Time Zone – Indicates your time zone from the drop-down menu (relative to GMT).
LastPass offers an optional account recovery feature via an SMS verification code. Learn more.
From the General Account Settings, click Show Advanced Settings, to view the following:
- Password Alerts – When enabled, LastPass will alert you when you are logging into a website where you have a weak or duplicate password. To remove these alerts, click Disable Password Alerts. Learn more.
- Re-prompt for Master Password – Choose which actions will be protected by your Master Password. Learn more.
- Security Email – As an additional layer of security, you may wish to have an email address separate from the one you use on a regular basis to receive important LastPass security emails that require actions. This email address would be used to receive your, LastPass Multifactor Authentication disable email, password hint email, account recovery email, history removal verification email, reverting Master Password change verification email, and abuse/blacklisted IP notifications (these are also sent to your primary email). Learn more.
- Country Restriction – Allows you to restrict login to IP addresses originating only from countries that you select. Learn more.
- Tor Network – Blocks any logins that originate from Tor (virtual tunnel network). Learn more.
- Master Password Reverting – This option is enabled by default, and allows you to revert Master Password changes should you forget your Master Password. Uncheck this box to disable it. Learn more.
- Disable Email Verification – Allows you to skip email verification of unknown devices and locations.
- Disable Multifactor trust expiration – Allows you to skip 30 day expiration for trusted clients.
- Auto-Logoff Other Devices – If enabled, you can only be logged into one instance of LastPass at a time. If you log in from one device, it will log you out of all others.
- Password Iterations – Controls how many times your credentials are hashed using PBKDF2 before being sent to LastPass servers. Learn more.
- Website Auto-Logoff – This controls how long your session exists on the server, allowing you to automatically log in when using the plugin. This assumes that your session does not get destroyed by methods such as explicitly logging out or closing the browser when ‘Logoff when browser is closed’ is enabled in your Extension Preferences.
- Bookmarklet Auto-Logoff – Similar to the "Website Auto-Logoff" option in that it controls how long your session exists on the server, except it only applies to the Bookmarklets feature. Learn more.
Configure your Multifactor Authentication devices.
When logging on to a computer for the first time using Multifactor Authentication, LastPass will provide the option of approving the computer as a trusted computer by checking the box for the "Enable" option.
Doing so adds the computer to the "Trusted Computers" list, and ensures that you will not be prompted to enter Multifactor Authentication the next time you log in. These steps must be completed on every device that you want to mark as trusted.
You can disable a trusted computer at any time by unchecking the box for the "Enable" option next to the entry, or delete the entry entirely by clicking the Delete Entry icon . If you want to rename a trusted device, click on the Edit icon , type the new name into the Label field, then click the Save icon to save your changes. Learn more about managing your trusted devices.
Each time you successfully login via a mobile device, the mobile device’s unique identifier (UUID) will be added to a list on the Mobile Devices tab. All devices listed here can be renamed, enabled, disabled, or deleted. Be sure to click the Save icon to save your changes.
If you would like to restrict which devices can log into your LastPass account, click the Enable or Disable button to restrict access to all mobile devices except those allowed to access your LastPass Vault.
LastPass does not restrict mobile login by default. Learn more.
You may encounter a Site that you do not want LastPass to offer to save, generate a password for, fill forms, autologin, or autofill. The ‘Never URLs’ tab allows you to view, edit, and add all of those Sites for which you do not want LastPass to ever act on. Learn more about managing Never URLs.
The Never URLs options are as follows:
- Never Add Site – Prevents prompting the notification to add a Site.
- Never Generate Password – Prevents prompting the notification to generate a password.
- Never Fill Forms – Prevents prompting the notification to use a Form Fill.
- Never AutoLogin* – Prevents the Site from automatically logging in.
- Never AutoFill Application* – Prevents the automatic filling in the Site (the Site must be also listed under "Never AutoLogin").
- Never Show Context Icons – Prevent the field icons from appearing.
- Never do Anything – Disables LastPass on a website/webpage entirely.
To manually add a "Never" action for a page or domain, enter the URL in the field, then use the drop-down menu to select the type of "Never" action and click Add. To delete a "Never" action, click on the Delete Entry icon .
* If the Site is launched from the LastPass Vault or from the LastPass web browser extension, it will ignore the "Never AutoLogin" and "Never Autofill Application" options.
If you access multiple websites from a single provider, adding these Sites as equivalent domains allows you to use just one username and password. Learn more.
To add domains as equivalent, do the following:
- Click the active LastPass icon > Open my Vault > Account Settings > Equivalent Domains.
- Click Add.
- Input domains and separate with commas.
Please note that only top level domains should be submitted. For example, lets say you have two Sites you would like to make equivalent: http://subdomain.example.com/path and http://sample.com. Your input should look like: example.com,sample.com Noting that that: subdomain.example.com,sample.com will not work because subdomain.example.com still includes ‘subdomain’, which is too low of a domain to be accepted.
You can delete an equivalent domain at any time by clicking the Delete Entry icon .
Equivalent Domains labeled as "Global" mean that these domains are set by LastPass. These Global domains are updated from time to time.
If you have multiple logins for a particular domain, LastPass fills in the closest URL match by default, but will display all Sites from that domain in its matching list.
This behavior can be changed to only show Sites that match particular hosts/paths by managing your URL Rules. To manage your URL Rules, go to your active LastPass icon > Account Settings > URL Rules. Click the Delete Entry icon to delete the URL rule. Learn more.