LastPass Account Settings: Managing Your Command Central

If you’ve ever looked “under the hood” in your LastPass account, you may have noticed that there are many settings you can use to improve your security and tweak how you want LastPass to work. Think of your account settings as your command central for your LastPass account and password management experience. For new users and LastPass pro’s alike, familiarizing yourself with the account settings will help you create the LastPass experience you want and secure your data the way you prefer.

What can you do in account settings?

Account Settings is the central hub where you can manage and change your LastPass account information, your privacy and security settings, adjust your email subscription preferences, and generally make LastPass work the way you want it to. In your account settings you can:

• Set up two-factor authentication
• Enable a “security email address”
• Review and delete trusted devices
• Configure preferences for different URLs
• See your purchase history
• Change your account email address

And lots more. To get there, you just launch your vault (either from the LastPass browser extension or by logging in to the web vault at www.LastPass.com) and launch the Account Settings from the left panel. From there, you can review and change settings of all sorts.

An overview of account settings

Once you open the LastPass Account Settings dialog, you’ll see that there are 7 tabs dividing your account settings into different categories:

> General: Manage your LastPass account information, your privacy and security settings, your email subscription preferences, and even update your master password. Be sure to click “Show Advanced Settings” to see the additional security options available.

> Multifactor Authentication: Add even more security to your LastPass account with two-factor authentication. We have many options for you to choose from so you can find the one that best fits with the devices you use and your preferred workflow. Here you can enable, disable, and adjust your preferences for two-factor authentication with LastPass.

> Trusted Devices: Once you set up two-factor authentication, you can “trust” any of your desktops or laptops. LastPass will remember that the device is trusted so that next time you login, you can skip the two-factor authentication step. Your account itself is still protected with two-factor authentication. Here you can enable, disable, or remove any trusted devices.

> Mobile Devices: You can also “trust” your smartphones or tablets. Here you can enable, disable, or remove any mobile devices that you have “trusted”. Note that the UID that appears here to identify your mobile devices are generated by LastPass and do not correspond with the default UUID of your device.

> Equivalent Domains: If you have to use the same login credentials across multiple websites, you may want to mark those URLs as “equivalent”. Some are set up by default for popular websites, and you can add more if needed. These are particularly helpful in work environments where you’re required to use the same login across company apps.

> Never URLs: Are there websites where you don’t want LastPass to save and fill information? Add them to the “never” list here, and LastPass will ignore the forms on that website. You can add and remove websites any time.

> URL Rules: If you use a web service with many subdomains that you want LastPass to treat differently, you can create rules here for how LastPass should handle those domains. By default LastPass always shows you matching login entries for a URL, but you can limit which logins are shown if you want to see fewer entries for subdomains.

The most important settings you should familiarize yourself with are the ones that help you add more security to your LastPass account. After all, LastPass secures all of your passwords and other personal information, and keeps that information encrypted and backed up so you can safely sync it where you need it. That’s why we offer so many additional security settings and features to help you keep your account safe.

Important housekeeping of your account settings

If it’s been awhile since you reviewed your settings in LastPass, here’s a quick checklist for you to do a little housekeeping

1. Double-check your account email address. Always make sure that the email address you’re using for your LastPass account is up-to-date, spelled correctly, and an active email address. For important things like account recovery and disabling multifactor authentication you will need access to the email account, so now’s the time to check that it’s right! (Located under General.)
2. Turn on two-factor authentication. Two-factor authentication requires that you provide something you have (a code, a key) or something you are (a fingerprint) before you can access your LastPass account. Should someone steal your master password and then try to login to your account, they wouldn’t be able to without the two-factor authentication information. Choose the two-factor option that works with your devices today! (Located under Multifactor Options.)
3. Traveling soon? Change your country restrictions. By default, LastPass restricts access to the country where you regularly use your account. If you’re traveling soon, be sure to adjust your account settings to permit logins from those other locations, and then change it back when you return. (Located under General > Show Advanced Settings.)
4. Decide if you want a security email address. If you turn on two-factor authentication, you may want to consider adding a “security email address”. Any alerts for your two-factor authentication, including the steps to disable it, will be sent to the security email address instead of your account email address. The idea here is to redirect these critical emails to another account in the event that your primary account email is hacked. (Located under General > Show Advanced Settings.)
5. Reprompt for your master password. LastPass can also prompt you for your master password when you take specific actions (viewing a password, editing secure notes, etc) or when you’re launching specific websites (such as banking accounts). The password prompts help protect your account from prying eyes, should someone start browsing while you’re still logged in to LastPass. Turn these prompts on in the LastPass Settings menu from your vault, or edit a specific login in your vault to reprompt on a site-by-site basis. (Located under General > Show Advanced Settings.)
6. Destroy other active sessions. Can’t remember if you’re still logged into LastPass on another computer? Review your active sessions and logout of those you’re no longer using.
7. Consider your account history preferences. The History feature allows you to review your recent activity and keep an eye out for suspicious activity in your LastPass account. But if you no longer want to have the history feature active, you can disable this in your account settings.
8. Bonus: Combat keylogging with One Time Passwords. If you know you’ll be traveling or using an untrusted computer, like that in a library, hotel, or even at a friend’s, use a “throwaway” password to login to your account. The one time password, works exactly like it sounds – the password that’s generated for you can only be used to login to your account once. Generate the throwaway passwords by clicking the Tools menu at the left of your vault and launching the one time passwords page. You can generate as many as you need and print off the list to be carried with you. When you login at www.LastPass.com you can choose the One Time Password login option, and type in one of the OTPs. This protects you from keylogging by allowing you to bypass entering your master password with the secure one time password.

  Regularly reviewing your LastPass account settings will ensure your security is up-to-date and will help make your LastPass experience even better!