Since my LastPass Vault is encrypted with my Master Password, why can my One Time Passwords decrypt it?
First, let's review how the One Time Passwords (OTPs) process works:
- A completely random 256-bit number is created
- A random key is made from the username and random password as a hash
- The random hash from your username and random password is sent to LastPass. This is how LastPass can confirm that you entered the correct 32 digits of hex to allow you to access your encrypted Vault.
- Your actual key is then encrypted with the new random key so it can be retrieved when the random password is entered later and sent to LastPass
Using One Time Passwords is a very safe and secure way of accessing your LastPass Vault, especially if you turn over your OTPs, as each OTP is a full 256-bit encrypted key that gets cleared once it has been used. For more information about our technology, please see our Security Architecture.