If you have forgotten your Master Password, we recommend following the below steps to attempt to regain access to your account. Recovery for LastPass is not the same as other services you may have previously used – due to our encryption technology, LastPass does not know your Master Password, so we cannot look it up, send it to you, or reset it for you. This means your data remains secure from threats, but also means that there are limited options when you forget your Master Password.
If you are having difficulty logging into LastPass, please attempt the following steps:
- Attempt to login through the LastPass website at www.lastpass.com and through the browser add-on in any browser on any computer available. If you are able to login via the website but not via the plugin, or are able to login on one computer but not another, this is likely a problem with the LastPass browser add-on, in which case you should try clearing your browser cache, and then report the problem to us directly.
- If you cannot login through the website, check your password hint (https://lastpass.com/forgot.php) that you setup for yourself when you created your LastPass account. The password hint is not your Master Password.
- If the password hint doesn’t help you, go to the Account Recovery page (https://lastpass.com/recover.php) to follow the steps to activate your local One Time Password and recover your account. LastPass will send you an email with a link to launch in your browser. If the first browser on which you attempt to use the link doesn’t work, try the same process on any other browser on any computer on which you have previously accessed your LastPass account. Please note that this can only be attempted from a desktop – mobile devices and apps are not supported for account recovery.
- Use the recovery link sent via email on all desktop browsers you have used in the past to log into your account until the recovery tool detects the recovery one time password and allows you to reset the master password. Below is what you see when you click on the recovery link.
- If all of these steps are unsuccessful and you’ve recently changed your Master Password, you can try reverting back to a previous version of your Vault (https://lastpass.com/revert.php). This should be a last resort, as you will lose whatever data you’ve changed or added since the date of the backup.
- If at this point you have failed to remember your password, your hint didn’t jog your memory, and you’ve tried the password recovery on every machine you’ve logged into, your only recourse is to Delete Your Account and start over.
You can choose not to save this disabled One Time Password by launching Preferences from the LastPass Icon menu, and selecting the Advanced tab (LastPass Icon > Preferences > Advanced tab). If you decide to disable the local OTP, your only recourse if your password hint doesn’t help is to delete your account and start over. If you disable the preference after creating one, it causes the One Time Password to be deleted off LastPass’ servers.
As with all One Time Passwords, LastPass cannot gain access to your account; you must be on a PC where you’ve enabled the feature to recover your account, since the random number of a One Time Password is stored on your computer and is unique to that computer.
LastPass offers an optional account recovery feature via an SMS verification code. When you login to LastPass via the browser extension, a special recovery One Time Password is saved onto your computer. If you add a phone number to your LastPass account, LastPass can text you a code to help you reset your master password if you ever forget it by activating the recovery One Time Password.
Enable SMS Recovery
- Open your LastPass Vault.
- Launch the Account Settings.
- Scroll down to SMS Account Recovery.
- Click Update Phone.
- Add or edit your phone number
- Save your changes with the “Update” button.
Using SMS Recovery
- Go to the account recovery page.
- Enter your account email address.
- Check your phone for the SMS / text message with the verification code.
- Enter the code on the webpage to activate your local recovery One Time Password.
If it fails, try again in another browser as a separate local recovery One Time Password is stored separately in each browser you have used LastPass with.
- When recovery is successful, create your new master password.
Notes & Limitations
- This feature is opt-in. Providing a phone number is not required.
- The phone number is only used for account recovery.
- Local message and data rates may apply
Login OTPs vs Recovery OTPs
Login OTPs (One Time Passwords)
Login OTPs can be generated on this page: https://lastpass.com/otp.php and they are “one time passwords” that you can print off and carry with you. Each one time password in that list can then be used to login to LastPass via https://lastpass.com/otp.php – the idea is that if you are on an untrusted computer, and do not want to enter your Master Password because of a threat of keyloggers, you can use the OTP. It expires after you use it, but allows you to login without entering your Master Password. These are portable, and are not local to the device where they are generated. The list can be accessed anywhere when you login at https://lastpass.com/otp.php where you can generated and print more. They are not to be used for Account Recovery.
Recovery OTPs (One Time Passwords)
Users do not have direct access to OTPs. These are bits of data that are stored automatically by the browser add-on. When you use the LastPass browser add-on, it generates this OTP and stores it in the browser. It will stay there until you go through Account Recovery in that specific browser where the OTP was generated and stored. If you do the recovery process (https://lastpass.com/recover.php), it will try to “call up” that OTP, and allow you to immediately reset your password if it detects that the OTP was stored in the browser. OTPs are local to specific browsers, and one OTP should be generated for each browser, on each computer, where you use LastPass. The Recovery OTPs are not portable, they are stored in the specific browser’s file, so recovery can only be done on a browser where you have used your LastPass account before. Like Login OTPs, though, Recovery OTPs will expire after they have been used once. When you next login to your account after you’ve reset your Master Password, new OTPs are generated for the browser.
Table of Contents
- Help Center and FAQs
- Getting Started with LastPass
- Downloading and Installing LastPass
- Using LastPass on Your Mobile Device
- LastPass App for Mac OSX
- Navigating the LastPass Browser Extension
- Your LastPass Vault
- Adding & Filling Sites
- Editing an Existing Site Entry and Editing Form Fields
- Importing Passwords
- Account Settings
- Emergency Access
- Browser Extension Preferences
- Sharing & Share Center
- Secure Notes & Attachments
- Generating Secure Passwords
- Using LastPass to Fill Forms
- Protecting Your Account with Multifactor Authentication
- Filling into Windows Applications
- LastPass Security Challenge
- LastPass Credit Monitoring
- LastPass Command Line Application
- LastPass via USB
- Windows 8 Metro
- Uninstalling & Deleting
- Site Map