HELP FILE

Use Temporary (One Time) Passwords

When accessing LastPass from a public computer, you may not want to use your Master Password, because someone else may be able to access it (using a keylogger to capture your typed keys or other malware). Additionally, you may not know what kind of security is implemented on that computer. To solve this problem, LastPass provides you with the ability to generate one-time passwords (OTPs) in which each password will only work for one login session. This means that even if someone else gets access to a previously used OTP, they will not be able to use it to log on to your account.

About one-time passwords

A one-time password is something you generate after you have logged in to your account, and is something you can write down. Please be aware that one-time passwords are not sent via email or Customer Care, they are generated directly by you.

To use the one-time passwords, you generate a list of temporary passwords ahead of time, and cross them off (if they are printed or stored elsewhere) as they are used each time you log in to your account. You can also invalidate OTPs if you are concerned that they have become compromised. Please note that you can only log in with a one-time password from the one-time password login page at https://lastpass.com/otp.php.

If you are concerned that your LastPass account has been compromised, follow these steps.

Note: Please note that a one-time password is not the same as a Recovery One Time Password used for account recovery. For more information, please see What is the difference between a One Time Password and a Recovery One Time Password?

Generate one-time passwords

You can generate a list of one-time passwords so they can be used whenever needed.

  1. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
  2. Select More Options in the left navigation.
  3. Go to Advanced > One-Time Passwords.
  4. Enter your Master Password, then click OK to continue.
  5. Click Generate a one-time password.
  6. Enter your Master Password, then click OK.
    A new one-time password is generated and displayed in the lower navigation.
  7. Repeat Steps #5 - 7 as many times as desired to generate a list of one-time passwords.

    Tip: You can click Print and store your list of one-time passwords in a safe place, crossing them off as you use them. If you find it more convenient, you can click Print and save as a text file that you can update as you generate new one-time passwords.

Log in using a one-time password

Please be aware that you can only log in to LastPass using a one-time password on the specific one-time password login page.

  1. Navigate to the one-time password login page at https://lastpass.com/otp.php.
  2. Enter your email (LastPass username) and a one-time password that you generated.
  3. Click Log In.
  4. You are now logged in to your online web Vault. It is recommended that you cross the one-time password you used off your list and/or generate a new one-time password for future use.

Clear one-time passwords

If you are concerned that someone may have gotten access to your one-time passwords, you can invalidate them by doing the following:
  1. Log in to LastPass and access your Vault by doing either of the following:
    • In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault.
    • Go to https://lastpass.com/?ac=1 and log in with your username and Master Password.
  2. Select More Options in the left navigation.
  3. Go to Advanced > One-Time Passwords.
  4. Enter your Master Password, then click OK.
  5. Click Clear all OTPs.
  6. If prompted, enter your Master Password, then click OK.
    The system indicates that you no longer have any one-time passwords.
What to do next: You can now either close the browser window or create new one-time passwords.