How do I reset my master password using SMS account recovery for LastPass?
Using SMS account recovery will trigger the master password recovery flow as long as at least one of your browsers has captured a Recovery One Time Password which is created by logging in to your online web vault (via the LastPass website) and/or the LastPass browser extension at least once.
- Navigate to https://lastpass.com/recover.php.
- Enter your email address, then click Continue.
- The system sends an SMS message to your phone containing a numeric code. Enter this code into your web browser, and click Verify.
- Select Click to Recover Account.
- When prompted if you want to use a one-time password for account recovery, click Yes.
- When the next window appears advising that Account Recovery has been detected and that you must immediately change your master password, click OK to proceed. Troubleshooting: If you encounter a message that "LastPass account recovery has failed because your current browser didn't save account recovery data on this computer" or that a "Recovery One Time Password was not detected" try repeating these steps on another web browser where you have logged in to LastPass. For additional information, please see troubleshooting information here.
- Enter a new master password and confirm, then enter master password hint (optional but recommended). Tip: We recommend using the following best practices when creating your master password:
- Use a minimum of 12 characters, but the lengthier the better
- Use upper case, lower case, numeric, and special character values
- Make it pronounceable and memorable, but not easily guessed (e.g., a passphrase)
- Make sure that it is unique only to you
- Don't use personal information
- A good example is: Fidoate!my2woolsox
- Click Confirm.
Result: A message indicates that your password has changed.
- Click OK to proceed with logging out.
- Once you have been logged off of LastPass, log back in again using your new master password.
- Log out of LastPass on every trusted computer and/or mobile device where you have installed LastPass and accessed your LastPass vault. You can check your active sessions for all devices.
- Log back in with your new master password.
Clear the browser cache on all web browsers where you accessed LastPass in order to clear the Recovery One Time Password that was created from accessing the LastPass website.
Generate new temporary, one-time passwords because all OTPs you generated previously are now invalidated and no longer listed due to your vault being re-encrypted from your master password change.