How do I create a Recovery One Time Password to use during LastPass account recovery?

You create Recovery One Time Passwords (ROTPs) by logging in to LastPass via the LastPass browser extension, online web vault (LastPass website), and/or the LastPass app on your mobile device.

What is a Recovery One Time Password?

The Recovery One Time Password is used as a means of recovery to allow you to change your master password and gain access to your LastPass vault if your master password is ever forgotten. Since your vault is encrypted, this is the key that is used to decrypt it during account recovery. Learn more about ROTPs.

Create ROTPs from your desktop using the LastPass website

Go to the LastPass login page at https://lastpass.com/?ac=1.
Enter your email address and master password, then click Log In.

Results: You have successfully logged in to your vault and created a Recovery One Time Password for this specific web browser.

Create ROTPs from your desktop using the web browser extension

About this task: To get the most out of ROTPs, log in to the LastPass browser extension and/or LastPass website...

On as many web browsers and trusted devices available to you
On any web browser where you have cleared your browser cache – clearing your browser cache invalidates your ROTP, but logging in to the extension and/or LastPass website recreates it
On web browsers you don't normally use – you are less likely to clear your browser cache on a browser you don't often use

Install the LastPass browser extension (download here).
Click the inactive LastPass icon in your web browser toolbar.
Enter your email address and master password.
Click Log In.
Result: An active LastPass icon indicates a successful login, and you have created a Recovery One Time Password for this specific browser.

What to do next: Create new Recovery One Time Passwords on trusted devices (strongly recommended)

Create new Recovery One Time Passwords for account recovery (in case your master password is ever forgotten) by doing the following:

Log out of LastPass on every trusted computer and/or mobile device where you have installed LastPass and accessed your LastPass vault. You can check your active sessions for all devices.
Log back in with your new master password.

What to do next: If you are using a public/untrusted computer (recommended)

Clear the browser cache on all web browsers where you accessed LastPass in order to clear the Recovery One Time Password that was created from accessing the LastPass website.

What to do next: If you use temporary, one-time passwords (optional)

Generate new temporary, one-time passwords because all OTPs you generated previously are now invalidated and no longer listed due to your vault being re-encrypted from your master password change.

Create ROTPs from your mobile device

For mobile devices, the Recovery One Time Password works via mobile account recovery, which uses biometrics for face recognition or fingerprint identification in order for you to change your master password. Please see account recovery setup instructions for iOS or Android.