Account Settings allows you to view and edit your global Settings and Preferences. Here you can edit your username and Master Password (General Settings), security settings, email notifications, manage your trusted devices and how LastPass interacts with websites.
Launch Account Settings
There are two ways to launch your Account Settings:
- Select your LastPass Icon > Preferences > Account Settings > click the link to launch your Online Vault:
- Log in to your Vault, then click Account Settings on the left-hand menu:
Account Email: View or change the email address used to access your LastPass account. To change the email address, replace the old email address with the new one and click ‘Update’ to save the changes. Use Send Test Email to validate your email.
Master Password: If you would like to change your Master Password, click Change Master Password. If you would like to revert the change you made, click Revert Password Change.
Password Reminder: Click View to view your Master Password reminder.
Type: Lets you know what kind of account you have: Enterprise, Premium or Free.
Links: Helpful links for your account. Choose My Account to your account data such as when your Premium expires. Click Payment History to view any payments you have made for LastPass. Use Email Subscriptions to manage what kind of emails you would like to receive from LastPass.
Language: You can change the default language selection of English to any of our other supported languages. Once you have saved the language change by clicking ‘Update’, you will need to log off and log back in to update your settings. Editing your language selection from your Online Vault will only apply to viewing and using the Online Vault – language settings for your browser plugins need to be changed in the Advanced tab of the Preferences control panel.
Time Zone: Indicate your time zone from the dropdown menu relative to GMT.
LastPass offers an optional account recovery feature via an SMS verification code. Click here to learn more about LastPass SMS Recovery.
From Account Settings, click Show Advanced Settings, to view more settings:
Password Alerts: When enabled, LastPass will alert you when you are logging into a website where you have a weak or duplicate password. Disable this option to remove these alerts.
Re-prompt for Master Password: Choose which actions will be protected by your Master Password.
Security Email: As an additional layer of security, you may wish to have an email address separate from the one you use on a regular basis to receive important LastPass security emails that require actions. This email address would be used to receive your, LastPass multifactor authentication disable email, password hint email, account recovery email, history removal verification email, reverting Master Password change verification email, abuse/blacklisted IP notifications (these are also sent to your primary email).
Country Restriction: Allows you to restrict login to IP addresses originating only from countries that you select.
Tor Network: Blocks any login that originate from Tor (virtual tunnel network).
Master Password Reverting: This option is enabled by default and allows you to revert Master Password changes should you forget your Master Password. Uncheck this box to disable it.
Auto-Logoff Other Devices: If enabled, you can only be logged into one instance of LastPass at a time. If you log in from one device, it will log you out of all others.
Website auto-logoff: This controls how long your session exists on the server, allowing you to automatically log in when using the plugin. This assumes that your session does not get destroyed by methods such as explicitly logging out or closing the browser when ‘Logoff when browser is closed’ is enabled in your Extension Preferences.
Bookmarklet autologoff timeout: Similar to ‘Website auto-logoff timeout’ in that it controls how long your session exists on the server, except it applies to the Bookmarklets feature.
Track History: This will keep a history of when your logins and form fills are used. This information is used for Account History and the Recently Used folder.
Send anonymous error reporting data to help improve LastPass: Helps us work out any potential bugs or compatibility issues.
Destroy Sessions: This option allows you to kill some or all active sessions for devices where you have logged in to your LastPass account.
Remove duplicate entries from your account: You may find that you want to delete any duplicate entries for one or more sites stored in your vaults. By clicking on this link, LastPass will determine if a site is ‘unique’ or not by comparing domain, username, and password. After launching the ‘deduplicator’, you will be able to view the duplicate(s) and have the option of deleting the duplicate entries.
Configure your multifactor authentication device. To see our full list of Multifactor Options, visit our Multifactor Authentication page.
The ‘Trusted Computers’ tab shows those computers which you have marked as trusted and therefore do not require multifactor authentication.
When logging onto a computer for the first time using multifactor authentication, LastPass will give you the option of marking the computer as a trusted computer by enabling Trust this computer:
Doing so adds the computer to the ‘Trusted Computers’ list and ensures that you will not be prompted to enter multifactor authentication the next time you log in. These steps must be completed on every device that you want to mark as trusted.
Note: When logging in on a trusted device, you will not be asked to provide your multifactor authentication. Trusted devices automatically expire after 30 days, after which you must re-trust them.
You can disable a trusted computer at any time by de-selecting the check box under Enabled column next to the entry or delete the entry entirely by clicking the x sign. If you want to rename the trusted devices, click on the pencil edit icon and type the new name into the field. Then click the floppy disk icon to save the change.
Each time you successfully login via a mobile device, the mobile device’s unique identifier (UUID) will be added to a list on the Mobile Devices tab. All devices listed here can be renamed, enabled, disabled, or deleted. Be sure to click the floppy disk icon after you rename the device to save the change.
If you would like to restrict which devices can log into your LastPass account, toggle the Enable/Disable button for Only the above listed mobile devices will be able to access your LastPass vault.
LastPass does not restrict mobile login by default.
You may encounter a site that you do not want LastPass to offer to save, generate a password for, fill forms, autologin, or autofill. The ‘Never URLs’ tab allows you to view, edit, and add all those sites for which you do not want LastPass to never
To manually add a ‘Never’ action for a page or domain, enter the URL in the field, select the type of ‘Never’ action from the dropdown menu, then click ‘Add’. To delete a ‘Never’ action, click on the grey ‘x’ next to the site entry. The following Never URLs are below:
- Never Add Site: Prevent prompting the notification to add a site
- Never Generate Password: Prevent prompting the notification to generate a password
- Never Fill Forms: Prevent prompting the notification to fill a form with a Form Fill Profile
- Never AutoLogin*: Prevent the site from automatically logging in
- Never AutoFill Application*: Prevent the automatic filling in the site (the site must be also listed under Never AutoLogin)
- Never Show Context Icons: Prevent the field icons from appearing
- To disable LastPass on a website/webpage entirely, add the URL twice here as Never Autologin and Never Show Context Icons.
LastPass does not store any default Never URLs.
*Note: If the site is launched from the LastPass Vault or from the LastPass Icon, it will ignore ‘Never AutoLogin’ and ‘Never AutoFill Application’.
Disable Using Field Icons
Disable Field Icons for a page by clicking on the Field Icon:
On the red sub-menu, click the circle with a slash to see the Disable option.
Click on the disable option and confirm if you want to disable the site (domain) or that specific page:
If you access multiple websites from a single provider, adding these sites as equivalent domains allows you to use just one username and password.
To add domains as equivalent do the following:
- Go to the LastPass Vault > Account Settings > Equivalent Domains.
- Click Add
- Input domains separated by commas. Note that only top level domains should be submitted. For example, lets say you have two sites you would like to make equivalent: http://subdomain.example.com/path and http://sample.com. Your input should look like:
will not work as subdomain.example.com still includes ‘subdomain’, which is too low of a domain to be accepted.
You can delete an equivalent domain at any time by clicking the “x” next to the entry.
Equivalent Domains labeled as ‘Global’ mean that these domains are set by LastPass. These Global domains are updated from time to time.
If you have multiple logins for a particular domain, LastPass fills in the closest URL match by default but will show all sites from that domain in its matching list:
This behavior can be changed to only show sites that match particular hosts/paths by managing your URL Rules. To manage your URL Rules, launch your Account Settings. In the menu that opens, select the last ‘URL Rules’ tab:
If you specify a URL Rule with a path, then only sites that match this path will be shown. For example, LastPass created a default URL Rule for google apps with path=/a/. This causes you to only see the appropriate logins when you visit google.com/a/aaa versus google.com/a/bbb.
If a URL Rule is created with exact host matching, then you will only be presented with logins that match the exact host for that domain. For example, if you create a rule with domain=facebook.com and specify exact host matching=yes, then when visiting www.facebook.com, you will only see sites saved from www.facebook.com, but will not see sites saved from login.facebook.com.
This can be used to specify that you are running different apps at the same host but on different ports and that it uses different accounts. So that when you visit https://example.com:8443/, it uses different credential sets than https://example.com:9443/.
You can delete a URL Rule at any time by clicking the grey ‘x’ next to the domain entry in the URL Rules tab.
By default, LastPass stores a URL Rule for some sites for your convenience. Sites are added and updated from time to time.
Table of Contents
- Help Center and FAQs
- Downloading and Installing LastPass
- LastPass Mobile
- LastPass App for Mac
- Your LastPass Icon
- Your LastPass Vault
- Adding & Filling Sites
- Editing an Existing Site Entry and Editing Form Fields
- Importing Passwords
- Account Settings
- Emergency Access
- Browser Extension Preferences
- Sharing & Share Center
- Secure Notes & Attachments
- Password Generator
- Form Fill Basics
- Multifactor Authentication
- LastPass for Applications
- LastPass Security Challenge
- LastPass Credit Monitoring
- LastPass Command Line Application
- LastPass via USB
- Windows 8 Metro
- Uninstalling & Deleting
- Site Map