Security

The ‘Security’ tab in your Account Settings controls your global LastPass security settings:

SettingsSecurity

You will need to enter your Master Password to confirm any updates made to your Security preferences.

LastPass is set to ‘Normal’ security level by default, but you can click on the ‘Medium High’ or “High’ options to increase your security level, or ‘Custom’ select your security options.

Global Security Preferences

After launching your Account Settings dialog, click the second tab from the left to view the following options:

Grid Multifactor Authentication: By checking the box, you will enable the Grid Multifactor Authentication feature. Once you have enabled the feature and generated your Grid, you can print the file or export it to a CSV file so that you can securely login to your LastPass account. Grid is not enabled by default, and requires you to re-enter your Master Password when enabling it:

  • Print your Grid: Allows you to print a Grid of randomly generated, unique characters.
  • Grid in CSV file: Export your Grid in .csv format, which allows you to view the data in a spreadsheet on a program such as Microsoft Excel. However, we do not recommend using this method unless necessary as it could create a security risk, since the .csv file is not encrypted or password-protected by default.
  • Reset your Grid: If you have enabled the Grid Multifactor Authentication and have cycled through many of the combinations, you may wish to refresh your Grid. After clicking on this link, LastPass will verify that you are sure you want to reset your Grid and reminds you that you will need to print your Grid again to have access to the new information.

Fingerprint or Card Reader Authentication:  By enabling this, you will be prompted to setup Fingerprint Authentication or Card Reader Authentication.  Learn more about this at our Fingerprint Authentication page and Smart Card Reader Authentic page.

Prompt for LastPass Master Password when: Master Password reprompt is a global setting that controls if the Master Password must be entered when performing tasks such as logging into a site, editing a site, viewing passwords, editing a form fill profile, etc. Once you check an action for which you wish to be reprompted, the setting will apply to every site, Secure Note, or Form Fill Profile stored in your Vault. If you only want to require a Master Password reprompt for a specific site or set of sites, use the ‘Require Password Reprompt’ option when editing a specific site in your Vault or via your icon’s dropdown menu. LastPass is set to the ‘Normal’ security level by default, which only checks ‘Prompt for Master Password’ when switching or editing Identities.  Please note that it is recommended you protect your accounts by logging out of LastPass, as that is stronger than this setting.

Security Email: As an additional layer of security, you may wish to have an email address separate from the one you use on a regular basis to receive important LastPass security emails that require actions.  This email address would be used to receive your:

  • LastPass multifactor authentication disable email.
  • Password hint email.
  • Account recovery email.
  • History removal verification email.
  • Reverting Master Password change verification email.
  • Abuse / Blacklisted IP notifications (these are also sent to your primary email).

This email should therefore be held to much higher security standards than your usual email account.  By entering an email address in the Security Email field, your notifications for the above list will only be sent to your security email address rather than the email address tied to your LastPass account.   Having a separate security email address is optional and may provide an additional solution for those requiring a high level of security.

Email Subscription Preferences: Click this button to access your email subscription preferences.

Enable Weak Alerts: Click here to enable in-browser weak and duplicate site alerts.