Your ‘Account Settings’, which are found only in your Online Vault, allow you to view and edit your global LastPass Settings and Preferences.

Launching Account Settings

There are two ways to launch your Account Settings. Select your LastPass Icon > Preferences > Account Settings >click the link to launch your Online Vault:

settings1Log in to your Vault, then click Settings on the left-hand menu:

vaultmenu

Change Account Settings

To save any changes before exiting the Settings dialog box, click ‘Update’. You will need to enter your Master Password to confirm changes. If you want to only view your Settings or do not want to save any changes, click ‘Cancel’ or the ‘x’ in the top-right corner to close out of the dialog window.

General

settings_general

Email: View or change the email address used to access your LastPass account. To change the email address, replace the old email address with the new one and click ‘Update’ to save the changes.

Change Master Password: If you would like to change your Master Password, type a new one into the field. The color gradient below the field shows the security level of your new Master Password. Click ‘Update’ to save the changes.

Password Reminder: Modify your password hint.

Time Zone: Indicate your time zone from the dropdown menu relative to GMT.

Language: You can change the default language selection of English to any of our other supported languages. Once you have saved the language change by clicking ‘Update’, you will need to log off and log back in to update your settings. Editing your language selection from your Online Vault will only apply to viewing and using the Online Vault – language settings for your browser plugins need to be changed in the Advanced tab of the Preferences control panel.

Website autologoff timeout: This controls how long your session exists on the server, allowing you to automatically log in when using the plugin. This assumes that your session does not get destroyed by methods such as explicitly logging out or closing the browser when ‘Logoff when browser is closed’ is enabled in your Extension Preferences.

Bookmarklet autologoff timeout: Similar to ‘Website auto-logoff timeout’ in that it controls how long your session exists on the server, except it applies to the Bookmarklets feature.

Only allow login from select countries: Allows you to restrict login to IP addresses originating only from the country that you select

Disallow logins from Tor network: Blocks any login that originate from Tor (virtual tunnel network).

Kill other sessions on login: Automatically logs you out of any other sessions when logging in to your account. You must have polling enabled to use this feature, which is unchecked by default.

Send anonymous error reporting data to help improve LastPass: Helps us work out any potential bugs or compatibility issues.

Remove duplicate entries from your account: You may find that you want to delete any duplicate entries for one or more sites stored in your vaults. By clicking on this link, LastPass will determine if a site is ‘unique’ or not by comparing domain, username, and password. After launching the ‘deduplicator’, you will be able to view the duplicate(s) and have the option of deleting the duplicate entries.


 

Security

The ‘Security’ tab in your Account Settings controls your global LastPass security settings.  LastPass is set to ‘Normal’ security level by default, but you can click on the ‘Medium High’ or ‘High’ options to increase your security level. Choose ‘Custom’ to select your security options.

settings_security

Allow reverting LastPass master password changes: This option is enabled by default and allows you to revert Master Password changes should you forget your Master Password. Uncheck this box to disable it.

Prompt for LastPass master password when: Master Password reprompt is a global setting that controls if the Master Password must be entered when performing tasks such as logging into a site, editing a site, viewing passwords, editing a form fill profile, etc. Once you check an action for which you wish to be reprompted, the setting will apply to every site, Secure Note, or Form Fill Profile stored in your Vault. If you only want to require a Master Password reprompt for a specific site or set of sites, use the ‘Require Password Reprompt’ option when editing a specific site in your Vault or via your icon’s dropdown menu. LastPass is set to the ‘Normal’ security level by default, which only checks ‘Prompt for Master Password’ when switching or editing Identities.  Please note that it is recommended you protect your accounts by logging out of LastPass, as that is stronger than this setting.

Security Email: As an additional layer of security, you may wish to have an email address separate from the one you use on a regular basis to receive important LastPass security emails that require actions.  This email address would be used to receive your, LastPass multifactor authentication disable email, password hint email, account recovery email, history removal verification email, reverting Master Password change verification email, abuse/blacklisted IP notifications (these are also sent to your primary email).

This email should therefore be held to much higher security standards than your usual email account.  By entering an email address in the Security Email field, your notifications for the above list will only be sent to your security email address rather than the email address tied to your LastPass account. Having a separate security email address is optional and may provide an additional solution for those requiring a high level of security.

Email Subscription Preferences: Click this button to access your email subscription preferences.

Enable Weak Alerts: Click here to enable in-browser weak and duplicate site alerts.


 

Equivalent Domains

settings_equiv

If you access multiple websites from a single provider, adding these sites as equivalent domains allows you to use just one username and password.

To add domains as equivalent, input domains separated by commas. Note that only top level domains should be submitted. For example, lets say you have two sites you would like to make equivalent: http://subdomain.example.com/path and http://sample.com. Your input should look like:
example.com,sample.com

Note that:
subdomain.example.com,sample.com
will not work as subdomain.example.com still includes ‘subdomain’, which is too low of a domain to be accepted.

You can delete an equivalent domain at any time by clicking ‘Delete’ next to the entry.

Equivalent Domains labeled as ‘Global’ mean that these domains are set by LastPass. These Global domains are updated from time to time.


 

Never URLs

You may encounter a site that you do not want LastPass to offer to save, generate a password for, fill forms, autologin, or autofill. The ‘Never URLs’ tab allows you to view, edit, and add all those sites for which you do not want LastPass to never

settings_neverTo manually add a ‘Never’ action for a page or domain, enter the URL in the field, select the type of ‘Never’ action from the dropdown menu, then click ‘Add’. To delete a ‘Never’ action, click on the grey ‘x’ next to the site entry. The following Never URLs are below:

  • Never Add Site: Prevent prompting the notification to add a site
  • Never Generate Password: Prevent prompting the notification to generate a password
  • Never Fill Forms: Prevent prompting the notification to fill a form with a Form Fill Profile
  • Never AutoLogin: Prevent the site from automatically logging in
  • Never AutoFill Application: Prevent the automatic filling in the site (the site must be also listed under Never AutoLogin)
  • Never Show Context Icons: Prevent the field icons from appearing

LastPass does not store any default Never URLs.

Disable Using Field Icons

Disable Field Icons for a page by clicking on the Field Icon:

disable

Click on the more option:

disable3

Click on the disable option:

disable4

And confirm if you want to disable the site (domain) or that specific page:

disable5


 

Multifactor Options

Configure your multifactor authentication device. To see our full list of Multifactor Options, visit our Multifactor Authentication page.


 

Mobile Devices

settings_mobile

Each time you successfully login via a mobile device, the mobile device’s unique identifier (UUID) will be added to a list on the Mobile Devices tab.  All devices listed here can be renamed, enabled, disabled, or deleted.

From within the Mobile Devices tab, you can check the ‘Restrict mobile devices to the specific UUIDs listed as enabled below’ checkbox to enforce the restriction on your account.

LastPass does not restrict mobile login by default.


 

Trusted Computers

The ‘Trusted Computers’ tab shows those computers which you have marked as trusted and therefore do not require multifactor authentication.

settings_trust

When logging onto a computer for the first time using multifactor authentication, LastPass will give you the option of marking the computer as ‘trusted':

Doing so adds the computer to the ‘Trusted Computers’ list and ensures that you will not be prompted to enter multifactor authentication the next time you log in. These steps must be completed on every device that you want to mark as trusted.

You can disable a trusted computer at any time by clicking Disable/Enable next to the entry or delete the entry entirely by selecting ‘Delete’.


 

URL Rules

If you have multiple logins for a particular domain, LastPass fills in the closest URL match by default but will show all sites from that domain in its matching list:

FirefoxDropdown

This behavior can be changed to only show sites that match particular hosts/paths by managing your URL Rules. To manage your URL Rules, launch your Account Settings. In the menu that opens, select the last ‘URL Rules’ tab:

settings_url

If a URL Rule is created with exact host matching, then you will only be presented with logins that match the exact host for that domain. For example, if you create a rule with domain=facebook.com and specify exact host matching=yes, then when visiting www.facebook.com, you will only see sites saved from www.facebook.com, but will not see sites saved from login.facebook.com.

If you specify a URL Rule with a path, then only sites that match this path will be shown. For example, LastPass created a default URL Rule for google apps with path=/a/. This causes you to only see the appropriate logins when you visit google.com/a/aaa versus google.com/a/bbb.

You can delete a URL Rule at any time by clicking the grey ‘x’ next to the domain entry in the URL Rules tab.

By default, LastPass stores a URL Rule for some sites for your convenience. Sites are added and updated from time to time.