How do I reset my master password using a Recovery One Time Password for LastPass?
A Recovery One Time Password is something that is created for you automatically when you log in to LastPass from a desktop (via the LastPass Login page and/or using the LastPass web browser extension) and is not something you can write down.
When using this master password recovery method, the system emails you a link that provides you with the ability to reset your master password only when used on the specific device and web browser it matches by using the Recovery One Time Password (which was created when you logged in to the LastPass website and/or the LastPass browser extension and stored invisibly in the browser).
- Navigate to https://lastpass.com/recover.php.
- Enter your email address, then click Continue.
- How you proceed depends on whether or not you previously enabled SMS recovery:
- If you previously enabled SMS recovery to reset a forgotten master password, LastPass sends a 6-digit verification code to your mobile device. Enter the code, then click Verify, then proceed to Step #4.
- If you did not enable SMS recovery but did enable a security email, LastPass will send an email to your secondary security email address (or your account email, if no secondary was set up), and you can continue by clicking the link in the email., then proceed to Step #4.
- Select Click to Recover Account.
- When prompted, click Yes to use a one-time password for account recovery.
- Click OK to proceed (if prompted that Account Recovery has been detected and that you must immediately change your master password).
Troubleshooting: If you encounter a message that "LastPass account recovery has failed because your current browser didn't save account recovery data on this computer" or that a "Recovery One Time Password was not detected" try repeating these steps on another web browser where you have logged in to LastPass. For additional information, please see troubleshooting information here.
- Enter a new master password and a password hint (recommended), then click Confirm.
Tip: We recommend using the following best practices when creating your master password:
- Use a minimum of 12 characters, but the lengthier the better
- Use upper case, lower case, numeric, and special character values
- Make it memorable, but not easily guessed (e.g., a passphrase)
- Make sure that it is unique only to you
- Don't use personal information
- Don't use sequential characters (for example, "1234") or repeated characters (for example, "aaaa")
- Make sure you don't use your master password for any other account or application
- Click OK to proceed with logging out.
- Log back in using your new master password.
- Log out of LastPass on every trusted computer and/or mobile device where you have installed LastPass and accessed your LastPass vault. You can check your active sessions for all devices.
- Log back in with your new master password.
Clear the browser cache on all web browsers where you accessed LastPass in order to clear the Recovery One Time Password that was created from accessing the LastPass website.
Generate new temporary, one-time passwords because all OTPs you generated previously are now invalidated and no longer listed due to your vault being re-encrypted from your master password change.