I get Login Attempt Blocked Notification when I enter MY LastPass master password from MY PC laptop with MY VPN IP address.
Please read my facts and try to answer my questions at the end.
I am running LastPass premium on my PC laptop through the LastPass extension on Google Chrome. I connect the laptop at home to the internet wirelessly with a Spectrum router and use TunnelBear as a VPN. Apparently, my IP address changes frequently.
I have a very strong and secure LastPass master password.
I have been using this arrangement since late September 1919 on my new PC laptop. Until May 17, 2021, I had no problem logging in to LastPass at home with this internet/VPN connection by entering my master password.
I believe that on May 14, 2021, LastPass automatically installed version 4.72.0, built May 14, 2021, on my Google Chrome browser.
Beginning on May 17, 2021, on a number of occasions, when I attempted to log in to LastPass in this manner, by personally entering MY LastPass master password in this manner on MY laptop with MY home internet and VPN turned on, LastPass denied my log on and sent a login attempt blocked notification to my LastPass security email address. On May 17, 2021,
Among other things, the notification stated:
“Someone just used your master password to try to log in to your account from a device or location we didn’t recognize. LassPass blocked this attempt, but you should take a closer look”
“Was this you”….and identified my account, the date and time of the attempt, and the IP address, all of which were correct.
Yes, it was me.
Press the “Verify new device or location” button.
Each time this happens, I have been afraid to press this button and follow through because I did not know what would happen.
Instead, I shut down my laptop, waited a while, started up the laptop, turned on TunnelBear, checked for viruses with Norton 360, and then successfully logged on to LastPass.
Each time I log on successfully, I find no evidence that any of my accounts in the vault have been changed, entered, or hacked, or that my master password has been compromised.
I have had no problems logging into LastPass on my office PC which also uses the LastPass extension on Google Chrome.
Question 1: On these occasions (I am entering MY master password on MY PC using MY internet and VPN turned), when I get these login attempt blocked notifications, should I press the Verify new device or location button and follow through with it, and is it safe for me to do this?
Question 2: On these occasions, why should I do or not do this, and why is it safe or not safe?
Question 3: On these occasions, is there any adverse effect from doing this, and if so, what is the adverse effect?
Question 4: On these occasions, what happens when I press the Verify new device or location button and follow through with it?
Question 5: If I change my LastPass master password, what is to prevent this same thing from happening when I use my new LastPass master password?
Question 6: On these occasions, what is causing this to happen, and what can I or LastPass or someone else do to prevent this from happening again?
Questions 7: What is LastPass actually doing now to prevent this from happening again?
Thanks in advance on this.
I found a solution that works for me. Open vault, then Account Settings>Advanced Settings and check "Don't require email verification from unknown devices and locations." Makes sense that it would work since the VPN, by design, constantly switches our IP addresses, so LastPass sees them as unknown locations.
"I found a solution that works for me. Open vault, then Account Settings>Advanced Settings and check "Don't require email verification from unknown devices and locations." Makes sense that it would work since the VPN, by design, constantly switches our IP addresses, so LastPass sees them as unknown locations."
Another Chicken and egg solution, you need to be logged in to view vault, I can't login because I can't get into email because I foolishly trusted Lastpass.
I also had already set it not to require any verification because this same thing happened to me a few years ago when on holiday and I was locked out of all my sites etc. I had codes for emergency access to money in the Lastpass vault and I had hired a mobile phone with data plan for the Caribbean country which cost me $700, all wasted because I could not get in. I also nearly lost my job because my employer required me to be able to log in while on holiday in cases of client emergency.
Lastpass made a huge number of errors in their time but this is really making me rethink whether I can trust LogMeIn / Lastpass.
I am not on a VPN, I am not on Holiday or in a dangerous place, I am using my ISP's network of IP's (British Telecom) they change the IP when DHCP lease expires, sometimes daily sometimes a few days. I have no control over the IP address.
Time to take this to the next level as we are getting NO SOLUTION from LogMeIn, Social media and TrustPilot here I come.
Yes, that is my experience too. After the initial version of this problem, someone at LastPass unlocked my account, and I was able to get in and make similar selections (i.e. I set LastPass to not require email verification when the IP changes.)
But what really burns me up is that I have access to my email. I NEVER receive the promised email to verify my identity. Something must be really wrong with LastPass' staff, if they can't figure out that they aren't sending the verification email. There's literally no way back in, if I can't respond to the email message to prove I am the account owner.
This goes from BAD to WORSE to TERRIBLE
So today I managed to find a way into my email by redirection, NO THANK TO LASTPASS, only to find LogMeIn is NOT sending emails to verify.
I have tried numerous times
I can't get onto twitter or TrustPilot because Lastpass has their passwords but when I do I am going to be warning EVERYONE to stay away from Lastpass.
The Cowards have not replied to my comments and request for help in this thread and I had not access to Lastpass for two days prior.
So as I said, ransomware, cease support for free users, then deny them access to their data, then what, pay for support to fix a problem LogMeIn created.
Utterly disgusting behaviour or lack of it
The community is currently monitored M - F, so if you posted over the weekend that is why you did not receive a reply until today. If you click on my profile and PM me the email address for your account we can take a look at what is happening.
If you are seeing the message to check your email but there are no verification emails in your inbox, the most common reasons have been the emails are being filtered out as spam by mistake, or a security email address was set up some time in the past so that is where those emails are going.
If you are not being directed to check your email, your sign in issue is most likely not related to an unrecognized device or IP address.
I have started having this issue also recently on my Mac recently upgraded to Big Sur - 11.3.1
I also am using it over a VPN, since this is my work laptop.
The native Mac app still allows me to login. However the lpass CLI and my remote access manager app both fail.
The CLi gives: Error: Failed to enter correct password.
These e-mails go to my GMail account and like others in this thread I'm not seeing any please verify device requests coming in.
Dear LastPass support,
Quite a few people are telling you that the email your system promises when accounts are locked are not arriving. Do you think you could accept that we all aren't crazy and that something might be wrong with your system, insofar as it claims it's sending verification emails, but they aren't being sent?