What is a recovery one-time password in LastPass?
The recovery one-time password is used during the account recovery process to allow you to gain access to your LastPass vault and change your master password if your master password is ever forgotten. Since your vault is encrypted, this is the key that is used to decrypt it during account recovery.
About recovery one-time passwords
A recovery one-time password is something that is created for you automatically when you log in the LastPass browser extension and/or vault (that is, the LastPass website), and is not something you can write down.
When you log in to the LastPass from your desktop on multiple browsers and devices that you trust, you create a recovery one-time password on each browser and device. This means that if you ever make a change to your LastPass account that causes your vault to be re-encrypted, the recovery one-time password will become invalidated on that browser & device combination, but you could still reset your master password from another browser & device combination.
- If you have logged in to the LastPass website on Chrome, Firefox, and Edge, it means you have 3 separate ROTPs – one for each individual browser.
- If you have installed the LastPass browser extension on Chrome, Firefox, and Safari, and have logged in to the extension at least once, it means you have 3 separate ROTPs – one for each individual browser.
- If you have installed the LastPass app on two different mobile devices and have enabled account recovery using biometrics (face or fingerprint) on both devices, it means you can use mobile account recovery from each app on each of your devices.
About invalidating recovery one-time passwords
- Clearing your web browser cache
- Changing your master password on a mobile device (invalidates ALL recovery one-time password stored in your web browsers)
- Uninstall/reinstall of the LastPass browser extension
- Disabling the LastPass browser extension
- Clearing your LastPass cache
- Changing your password iterations
- Reformatting your computer
- Unintentional corruption of your encrypted vault cache (this is rare, but can be caused by other programs on your machine)
If you have performed any of the actions above, you can create Recovery One-Time Passwords again from your desktop and set up account recovery for iOS or Android.