Okay, I think I fixed it. I feel a bit stupid but I do want to share how here as it might help others. My problem was that -among the many LastPass emails I got in the process- I received one to confirm the new device/location. That was the second email I got after the security code and it came exactly around the time I couldn't log in and started stressing that I/LastPass was hacked. The last thing I wanted to do was give the hacker access to change everything! After I did just confirm the device, it let me log in with the MFA and now everything works as expected. So partly my bad but this is also just very bad communication from LastPass as a short email that notified me of the security upgrade ahead of time would've helped me understand what was about to happen. Hopefully this helps others.
Thanks for adding this! Hopefully it helps some folks.
However, my problem is I did all the requested resets and when I try to log into LastPass, it puts me back into the same process. I'm in an infinite loop of authenticator resets.
First, I'd like to apologize if you experienced any difficulty after the forced logout + MFA resync event. While this event was necessary for LastPass security upgrades, and all users were sent an email notification in advance, there may be a few issues to be aware of.
The individual cases may vary depending upon your environment, including the following:
if you're still experiencing MFA - reset difficulty, please outline the following:
What authenticator(s) did you reset?
After the successful reset, what kind of MFA method did you try to log in with?
Have you been prompted to verify your new location on your next login attempt after the successful reset?
Have you checked your email for 'verify your new location' on your next login attempt after the successful reset?
I found myself locked out of my account, wasting a large part of my morning trying to regain access. This situation was worsened by the fact that all block notices were erroneously directed to the security email address, but the user account address was displayed in the error. Not only did this cause needless inconvenience and frustration, but it also disrupted my productivity and workflow significantly.
Could you imagine the frustration of knowing there's a simple solution available, but having no means to access it? That was my reality today. The block notices had they been sent to the user account email address, or the error would have pointed to check the security address, would have expediently resolved the issue at hand, saving me time and unnecessary stress.
Moreover, the abrupt requirement to change/update my Multi-Factor Authentication (MFA) provider came as a surprise. A simple courtesy email notifying me of this imminent change would have been highly appreciated, granting me the time to prepare and adapt, rather than being forced to react in the midst of the issue.
While I understand that technical issues can occur, the lack of effective communication and the inconvenience caused have been extremely frustrating. I urge you to review your customer communication protocols and ensure that users are not left in the dark, especially when faced with such critical issues.
I am hopeful that my feedback will be taken into serious consideration, and that future users will not have to endure a similar ordeal. I believe in the potential of LastPass, and I trust that you will take the necessary actions to improve your services and restore the trust of your loyal users.
Thank you for your immediate attention to this matter.
Absolutely this - I cannot wrap my head around how a change like this was forced with little to no warning and no access while resetting. I woke up to work this morning and have spent time on calls all day with my clients having to apologize that I cannot log into their websites to work. This has cost me a significant amount of lost income and not how any sort of change with implications like this should have been implemented.