If you use LastPass, you have to remember your master password. The company does not know the password and cannot help you reset it.
It’s part of the reason that LastPass is secure. If bad guys hacked into LastPass and stole all the data, they would get nothing; they wouldn’t be able to reset your password or see your information. The price for that security is that no one in the company can see your data either. It’s a serious and secure solution but the burden is on you: you must not forget the master password.
But let’s be real. It’s a mix of uppercase and lowercase letters, numbers, and symbols; you don’t use it anywhere else, and you’ve set your browser so you don’t have to type it very often. At some point, you might forget.
There are two effective ways to recover or reset a master password, but they have to be set up ahead of time. Your LastPass vault contains vitally important information. It is the modern equivalent of a fireproof safe in the bedroom closet, and probably more important in our 21st century lives than that safe ever was. Take the time now to set up one or both of these ways to recover your master password if it is forgotten.
Preliminary note
There are other methods to recover a lost master password. LastPass lists them here. I’m focusing on Mobile Account Recovery because it’s new, easy, and effective, and Emergency Access, which is more of a back door. If you forget your master password and you haven’t set one of these up, then go down the list of other options. In my experience, they can work but the risks go up that things will go sideways and account recovery won’t work, which is sad. Get everything in order before you’re in this position!
LastPass Mobile Account Recovery
Last month LastPass added Mobile Account Recovery to its Android and iOS apps, which allows you to recover access to your account using fingerprint or Face ID authentication.
Install LastPass on your phone and connect it to your account. It might help you recover your account someday, even if you don’t otherwise plan to use it on your phone. (Don’t stop there – keep the app in mind and think about using it on the phone. The mobile app is getting better at filling in login names and passwords on other phone apps, which can be pretty handy.)
Set up the mobile app to unlock with your fingerprint or Face ID (Settings > Security > Enable Touch ID/ Face ID/ Fingerprint Authentication).
Then, in the phone app, enable Mobile Account Recovery (Settings > Security > account recovery).
You’re all set! If you forget your master password, open the phone app and tap on “Forgot password.” You’ll be asked to authenticate your identity with your fingerprint or Face ID and you’ll immediately be prompted to enter a new master password.
Although LastPass hasn’t publicly spoken about the details, it’s obvious that the app is tied into the biometric system on the phone, which is very secure. If you supply your fingerprint or are recognized by Face ID, the chances are very, very high that it is really you and it’s safe to let you reset the password. There are almost no openings for the bad guys to insert themselves.
This is a major step forward for LastPass and sets it ahead of other password managers. Highly recommended for all LastPass users!
LastPass Emergency Access
LastPass Emergency Access provides a safe way for you to give a trusted family member or friend access to your LastPass Vault if you become incapacitated or die. An interesting side effect is that the Emergency Access also gives you a back door into your Vault if you ever forget your master password. It’s not a perfect answer but if the worst happens you could obtain access through the trusted friend’s account and recover the data in your Vault. LastPass calls it an “alternative account recovery feature.”
This costs money! Emergency access is now only available with a LastPass Premium subscription, $36/year and rising. There is more information here about how it works in emergencies. The short description: you give emergency access to a trusted person who also has a LastPass account. In a crisis (say, for example, if you forget your master password) that trusted person can get a copy of your vault.
This is opt-in and optional. You’re trusting the people you choose to allow access and you’re trusting that you will be alert to notifications if they’re trying to gain access at the wrong time. Spouse, parent, child, sibling, friend: you have to trust them not to abuse this privilege and rummage through your passwords while you’re on vacation and out of touch.
But if you’re locked out of your account and nothing else works, this gives you one last chance to obtain your LastPass info by working with that trusted friend to gain access to the data instead of losing it forever.
Remember:
The number one rule of LastPass is: you do not talk about Fight Club.
The number two rule, and perhaps more important in this context, is: you must never forget the master password.
Go set up Mobile Account Recovery, and Emergency Access if you have a Premium account, and protect yourself in case you violate Rule Number Two. (I can’t help you if you violate the first rule.)