With any password manager, the only password you need to remember is the master password that locks the vault from both hackers and the company. This makes the master password very important. But what happens if you forget this password? Well, LastPass has you covered.
It isn't a stretch to believe you might forget your password. With LastPass, it's one of only two barriers protecting all your passwords and the personal information stored on your account. Ideally, this master password should be extremely strong, using a range of upper- and lowercase letters, numbers, and symbols that exceed 12 or more characters. This can become difficult to remember, which is why so many users still use terrible passwords such as "123456" and "password."
Previously, LastPass provided users with a few options in this circumstance. You could be reminded of your password via a hint you entered at the time of your password's creation. You could use a one time password (OTP), but this could be tricky as the password is specific to the computer and web browser. For example, if you used LastPass on Computer A with Google Chrome, that would create one OTP. If you used it on the same computer but with Mozilla Firefox, that would create a new OTP. So it's possible you'd need to try OTPs before being able to reset your master password.
Finally, mobile users could also reset their password using SMS, where they needed to navigate to a website and use numeric code (which was sent via text message to their phone) to reset their password. This last method is a security nightmare, as SMS can be easily spoofed or intercepted, making it possible for someone to take control of your database.
With more than 33% of new LastPass users registering from their phones, LogMeIn realized they needed to make this procedure easier for mobile users. It needed to be a more secure method than SMS recovery, but one that didn't require a computer. The result is Mobile Account Recovery.
Mobile Account Recovery is a new feature rolling out on May 2, 2019 that lets you reset your password from your phone. With a successful authentication via the fingerprint scanner or facial recognition sensors (such as Face ID), you can reset your master password. And this only takes a few steps.
To try this out, first make sure you are running the latest version of LastPass. Open the Play Store (Android) or App Store (iOS) and update LastPass if the option is available. Be aware that the version with Mobile Account Recovery is in the process of rolling out as of May 2, 2019, so it may not have reached your device quite yet.
With LastPass open, enter the app's settings by either selecting the hamburger menu in the upper-left corner and choosing "Settings" (Android), or by choosing "Settings" in the lower-right corner of your display (iOS). Select "Security," then enable usage of the fingerprint scanner or facial recognition by selecting the corresponding toggle next to the option.
Now, scroll down and enable "Account Recovery" and authenticate using your phone's biometrics.
With Mobile Account Recovery enabled, you can now reset your password all from your phone. Whenever you're in a situation where you can't remember your master password, select "Forget password" and choose "Recover account" on the next page. Choose "Recover with fingerprint" (or Face ID if using an iPhone X, XS, XS Max, or XR), then use your phone's biometrics to authenticate yourself when prompted.
Once LastPass successfully identifies you, it will bring you to a new page with three text boxes: "Master Password," "Confirm master password," and "Password hint (optional)." Here is where you input a new master password to lock your vault and protect the other passwords stored in its database. After some loading, LastPass will inform you the reset was complete and you can now log in using the new password.
Remember that you will input this new password into all devices which access LastPass. All your browsers, tablets, and other devices will need the new password to sync data and continue to let you autofill your credentials to their corresponding accounts.
With Mobile Account Recovery, LastPass has further separated themselves from the competition by making their password manager even easier to use. LogMeIn identified a need for their customers and addressed it by taking advantage of a feature most mobile users already have access too, biometric. LastPass already managed to top our list for the best password manager on iOS and Android, and it looks like they're going to keep that lead for the foreseeable future.