LastPass takes away the burden of remembering passwords – and getting locked out of your accounts. But what if you forget your LastPass master password? It’s the one password you still need to remember. Because of our zero-knowledge security model, LastPass never knows your master password and therefore can’t reset it for you. So, what do you do if you’ve forgotten it?
Today is World Password Day, so we thought it was a great time to announce our newest way to recover your master password – Mobile Account Recovery! We’re also giving you a refresh of other account recovery options, too.
Mobile account recovery
Users who have downloaded and logged into the LastPass mobile app on Android or iOS can recover their accounts very easily using fingerprint or Face ID authentication. We encourage users to download the app because it’s very helpful to have all your passwords on the go – but it also acts as a safety net should you get locked out of your account.
Setting up and activating account recovery on your mobile device is super easy. Note that when you enable mobile account recovery on Phone A, it is specific to that device; you will not be able to recover on Phone B without also going through the steps to enable account recovery for Phone B.
To set up mobile account recovery:
- Download the LastPass app from the Apple App Store or the Google Play Store
- Log in
- You should be prompted to enable mobile account recovery. But if you don’t see this welcome message, you can enable it manually.
- Enable fingerprint or Face ID authentication. Go to Settings > Security > Enable Touch ID/ Face ID/ Fingerprint Authentication. Ensure the toggle is switched on.
- Enable account recovery: Go to Settings > Security > account recovery. Ensure the toggle for account recovery is switched to on.
Now you’re all set up! Should you forget your master password, all you need to do is:
- Open your app
- Tap “Forgot Password”
- Authenticate with your fingerprint or Face ID
- You will then be prompted to enter your new master password
Download the app now, so you can recover your account in the easiest way possible.
Send password hint
As we mentioned above, we encourage you to download the mobile app and enable account recovery as your first line of defense for account recovery. But if you need a desktop recovery option, the first step is to send yourself a password hint.
When you created your master password, you are given the option of creating a password hint. If you forgot your master password but created a password hint, you can navigate to https://lastpass.com/forgot.php, then enter your email address and click Send Hint to email you a clue about your master password. Hopefully, this will remind you of your master password and you can then log in.
Use a recovery one-time password
If you still cannot figure out your password with the password hint, you can try using a recovery one-time password.
This method provides you with a one-time password you can use to reset your master password. This method does require some persistence because it’s specific to both the computer and web browser you use. For example, if you use 2 different computers and 3 different web browsers, each one has a different recovery password.
To try this method, follow the full instructions here.
If you are admin of a LastPass Enterprise account, your users can take advantage of the above self-serve options to recover their accounts – unless you have the “Prohibit Account Recovery” policy turned on (which is not turned on by default). While this policy is available, we do not encourage you to enable it so that your users can recover their accounts on their own, taking the burden off your IT team.
Educate your end users on all their account recovery options – especially mobile account recovery as it’s an easy way for them to regain access to their accounts. Plus, we’ve found that using the mobile app helps promote overall LastPass adoption and improved password behavior.
Additionally, admins can reset passwords on their users’ behalf by enabling the “Super Admin – Master Password Reset” policy. Details can be found here.
All is not lost
If you forget your master password, all is not lost. There are steps you can take today to make it much easier for you to recover your account. Please download and log in to the mobile app and enable account recovery.
Full instructions can be found here for Android and here for iOS . Once this is done, you can be confident that you’ll be able to regain access to your account should you ever get locked out. Just in case, here are some tips for creating a strong but easy–to–remember master password – so hopefully you’ll never forget it in the first place.
Happy World Password Day!
Watch the video below to see LastPass Mobile Account Recovery in action: