Never Lose Access to LastPass with Account Recovery on Mobile 

LastPass takes away the burden of remembering passwords – and getting locked out of your accounts. But what if you forget your LastPass master password? It’s the one password you still need to remember. Because of our zero-knowledge security model, LastPass never knows your master password and therefore can’t reset it for you. So, what do you do if you’ve forgotten it? 

Today is World Password Day, so we thought it was a great time to announce our newest way to recover your master password – Mobile Account Recovery! We’re also giving you a refresh of other account recovery options, too 

Mobile account recovery 

Users who have downloaded and logged into the LastPass mobile app on Android or iOS can recover their accounts very easily using fingerprint or Face ID authentication. We encourage users to download the app because it’s very helpful to have all your passwords on the go – but it also acts as a safety net should you get locked out of your account.  

Setting up and activating account recovery on your mobile device is super easy. Note that when you enable mobile account recovery on Phone A, it is specific to that device; you will not be able to recover on Phone B without also going through the steps to enable account recovery for Phone B. 

To set up mobile account recovery:  

  1. Download the LastPass app from the Apple App Store or the Google Play Store 
  2. Log in  
  3. You should be prompted to enable mobile account recovery. But if you don’t see this welcome message, you can enable it manually.  
  4. Enable fingerprint or Face ID authentication. Go to Settings > Security > Enable Touch ID/ Face ID/ Fingerprint Authentication. Ensure the toggle is switched on.  
  5. Enable account recovery: Go to Settings > Security > account recovery. Ensure the toggle for account recovery is switched to on.  

Now you’re all set up! Should you forget your master password, all you need to do is:  

  1. Open your app 
  2. Tap “Forgot Password”  
  3. Authenticate with your fingerprint or Face ID 
  4. You will then be prompted to enter your new master password  

Download the app now, so you can recover your account in the easiest way possible.  

Send password hint  

As we mentioned above, we encourage you to download the mobile app and enable account recovery as your first line of defense for account recovery. But if you need a desktop recovery option, the first step is to send yourself a password hint.  

When you created your master password, you are given the option of creating a password hint. If you forgot your master password but created a password hint, you can navigate to https://lastpass.com/forgot.php, then enter your email address and click Send Hint to email you a clue about your master password. Hopefully, this will remind you of your master password and you can then log in.  

Use a recovery one-time password 

If you still cannot figure out your password with the password hint, you can try using a recovery one-time password.  

This method provides you with a one-time password you can use to reset your master password. This method does require some persistence because it’s specific to both the computer and web browser you use. For example, if you use 2 different computers and 3 different web browsers, each one has a different recovery password.  

To try this method, follow the full instructions here.  

Admin Policies 

If you are admin of a LastPass Enterprise account, your users can take advantage of the above self-serve options to recover their accounts – unless you have the “Prohibit Account Recovery” policy turned on (which is not turned on by default). While this policy is available, we do not encourage you to enable it so that your users can recover their accounts on their own, taking the burden off your IT team. 

Educate your end users on all their account recovery options – especially mobile account recovery as it’s an easy way for them to regain access to their accounts. Plus, we’ve found that using the mobile app helps promote overall LastPass adoption and improved password behavior.  

Additionally, admins can reset passwords on their users’ behalf by enabling the “Super Admin – Master Password Reset” policy. Details can be found here. 

All is not lost 

If you forget your master password, all is not lost. There are steps you can take today to make it much easier for you to recover your account. Please download and log in to the mobile app and enable account recovery.  

Full instructions can be found here for Android and here for iOS . Once this is done, you can be confident that you’ll be able to regain access to your account should you ever get locked out. Just in case, here are some tips for creating a strong but easytoremember master password – so hopefully you’ll never forget it in the first place.  

Happy World Password Day! 

Watch the video below to see LastPass Mobile Account Recovery in action:

60 Comments

  • Steve says:

    I just logged in and I tried to enable Account Recovery, but that option is in gray and I can’t turn it on.

    • Amber Steel says:

      Account Recovery requires biometric unlock to be enabled. This means Face ID / Touch ID on iOS, and fingerprint unlock on Android. In addition to this, the iOS app also requires push notifications to be enabled.

  • Chuck says:

    I tried to activate the Account Recovery on my mobile app, as I already use the Touch ID to sign back in once I have logged on. When I go to the Security screen, Account Recovery is grayed out. How can I take advantage of Master Password Touch ID recovery?
    Thanks,
    Chuck

  • Tracy Saritzky says:

    Whatever fingerprint recognition software you use, it is much more finicky than say, my BofA app uses. It always takes multiple attempts to get a successful read of my print.

    • Amber Steel says:

      Are you using the iOS or Android app? We’d like to hear more about your experience, please contact us via support.

  • While this seems useful, it only seems to work if the fingerprint functionality is enable for screen unlock… which, kind of defeats the purpose here. If I can unlock my screen, I don’t the double protection of fingerprint on this app. What I need is functionality that unlocks the app “without” requiring facial id or fingerprint on the home screen.

    • Amber Steel says:

      We are aiming for the right balance here between usability and adequate security. The local recovery key is protected with biometrics (the Secure Enclave on iOS devices), and will be only unlocked after a successful biometric authentication. If you have any additional questions or suggestions, please reach out to our support team.

  • David Graves says:

    I have version 4.5.2 and there is no “Forgot Password” button on the login screen so the instructions for resetting Master Password using Touch ID Fail. What should I do?

  • Jennie says:

    Why doesn’t the Android app allow for face recognition? I have a phone with a bad fingerprint reader so can’t use that method, but I do use facial to unlock the phone and would love to use it for LP so I don’t have to always enter my long master PW, and also for recovery. Is this something that will be added in the near term?

    • Amber Steel says:

      We are constantly monitoring additional biometric options. As soon as these vendor solutions are approved by Google’s validation system and get support from the Android standard SDK, we will include them as an option. As of today, only the fingerprint readers are supported.