Account Recovery

Using Account Recovery

If you have forgotten your Master Password, we recommend following the below steps to attempt to regain access to your account. Recovery for LastPass is not the same as other services you may have previously used – due to our encryption technology, LastPass does not know your Master Password, so we cannot look it up, send it to you, or reset it for you. This means your data remains secure from threats, but also means that there are limited options when you forget your Master Password.

LastPass has added support for an optional way to store a disabled One Time Password (OTP) locally on your computer in case you forget your Master Password. This feature makes account recovery possible without revealing your password to LastPass.

If you are having difficulty logging into LastPass, please attempt the following steps:

1. Attempt to login through the LastPass website at www.lastpass.com and through the browser add-on in any browser on any computer available. If you are able to login via the website but not via the plugin, or are able to login on one computer but not another, this is likely a problem with the LastPass browser add-on, in which case you should try clearing your browser cache, and then report the problem to us directly.

2. If you cannot login through the website, check your password hint (https://lastpass.com/forgot.php) that you setup for yourself when you created your LastPass account. The password hint is not your Master Password.

3. If the password hint doesn’t help you, go to the Account Recovery page (https://lastpass.com/recover.php) to follow the steps to activate your local One Time Password and recover your account. LastPass will send you an email with a link to launch in your browser. If the first browser on which you attempt to use the link doesn’t work, try the same process on any other browser on any computer on which you have previously accessed your LastPass account.

4. If all of these steps are unsuccessful and you’ve recently changed your Master Password, you can try reverting back to a previous version of your Vault (https://lastpass.com/revert.php). This should be a last resort, as you will lose whatever data you’ve changed or added since the date of the backup.

5. If at this point you have failed to remember your password, your  hint didn’t jog your memory, and you’ve tried the password recovery on every machine you’ve logged into, your only recourse is to Delete Your Account (https://lastpass.com/delete_account.php?np=1) and start over.

You can choose not to save this disabled One Time Password by launching Preferences from the LastPass Icon menu, and selecting the Advanced tab (LastPass Icon > Preferences > Advanced tab). If you decide to disable the local OTP, your only recourse if your password hint doesn’t help is to delete your account and start over. If you disable the preference after creating one, it causes the One Time Password to be deleted off LastPass’ servers.

As with all One Time Passwords, LastPass cannot gain access to your account; you must be on a PC where you’ve enabled the feature to recover your account, since the random number of a One Time Password is stored on your computer and is unique to that computer.

Login OTPs vs Recovery OTPs

Login OTPs: Login OTPs can be generated on this page: https://lastpass.com/otp.php and they are “one time passwords” that you can print off and carry with you. Each one time password in that list can then be used to login to LastPass via https://lastpass.com/otp.php - the idea is that if you are on an untrusted computer, and do not want to enter your Master Password because of a threat of keyloggers, you can use the OTP. It expires after you use it, but allows you to login without entering your Master Password. These are portable, and are not local to the device where they are generated. The list can be accessed anywhere when you login at https://lastpass.com/otp.php where you can generated and print more. They are not to be used for Account Recovery.

Recovery OTPs: Users do not have direct access to OTPs. These are bits of data that are stored automatically by the browser add-on. When you use the LastPass browser add-on, it generates this OTP and stores it in the browser. It will stay there until you go through Account Recovery in that specific browser where the OTP was generated and stored. If you do the recovery process (https://lastpass.com/recover.php), it will try to “call up” that OTP, and allow you to immediately reset your password if it detects that the OTP was stored in the browser. OTPs are local to specific browsers, and one OTP should be generated for each browser, on each computer, where you use LastPass. The Recovery OTPs are not portable, they are stored in the specific browser’s file, so recovery can only be done on a browser where you have used your LastPass account before. Like Login OTPs, though, Recovery OTPs will expire after they have been used once. When you next login to your account after you’ve reset your Master Password, new OTPs are generated for the browser.

Watch the Tutorial for Account Recovery