Verify your trusted device

Please follow these steps outlined below to protect your LastPass account.

Why is my previously trusted device asking me to re-verify?

The privacy and security of our users is always a top priority at LastPass. As a security precaution, LastPass will routinely require users re-login to their accounts and re-verify their trusted devices. If you are prompted to do so, please log into your LastPass account with your master password and check your email to re-verify your trusted devices.

Additional information regarding trusted devices can be located here.

What if I am unable to access the LastPass verification email?

You should contact your email service provider and work with them directly to regain access to your email account. Once they've assisted you with accessing your email, you can proceed with the trusted device verification for LastPass.

If your email service provider is unable to help you regain access to your email account, please contact our LastPass Support team so that we can pursue all potential avenues to help you regain access to your LastPass account.

I don't remember my master password. How can I recover?

Due to our zero-knowledge security infrastructure, LastPass does not know your master password and cannot reset your master password for you.

If your master password for LastPass is ever lost or forgotten, there are several account recovery methods to use to restore access to your vault.

See here for more information on recovering a lost master password.

What is LastPass doing to help protect my account?

LastPass protects our customers through many layers of encryption and security we put in place to keep your data safe, but using a strong, unique master password will help to protect your LastPass account. When a LastPass user creates a master password, it is used to generate a unique encryption key that is local to the user’s device. Master passwords are never sent or shared with LastPass. Without the encryption key, encrypted vault data will remain in an encrypted and essentially non-usable state.

The following safeguards and measures are also implemented and designed to ensure customer data remains secure:

End-point encryption: Encryption happens at the device level before syncing to LastPass for safe storage, so only users can decrypt their sensitive vault data.
256-bit AES encryption: This algorithm is widely accepted as impenetrable – it’s the same encryption type utilized by leading banks and the military.
TLS for secure data transfer: Even though sensitive data is already encrypted with AES-256, the TLS protocol secures the connection to LastPass to further protect a user’s data.
600,000 rounds of PBKDF2-SHA256 hashing for brute-force attacks: We strengthen the master password and encryption key against large-scale, brute-force attacks by slowing down guesses. The default minimum number of password iterations is 600,000 rounds (for new accounts and those who update their existing iteration count).
Private master password: Your master password is never stored with LastPass, which helps ensure that access to your sensitive vault data remains secure.
Zero-knowledge model: LastPass Federated Login Services is designed to ensure that the user’s identity provider credentials are not exposed to LastPass and all data stored encrypted on LastPass’ servers.