We have updated the messaging displayed when a Login verification email is sent or the Master Password was mistyped:
For your security:
1. Check your inbox to verify it's you.
2. No email from LastPass? Review your login info and try again.
If you are trying to log in to LastPass and see this error message this means that either:
There are a number of reasons why your IP or device might not be recognized even if you have used it before, especially if you are signing in directly through the browser and not a LastPass extension or App. So before you try account recovery or anything else, please check your email (if you set up a security email you will need to check that).
We are always working to ensure top security for our users. To combat recent unusual activity targeting our customers, we added an additional security system to further detect and flag suspicious bot activity and verify a LastPass user’s identity. Following feedback from our users, we have since resolved the login issues reported. As always, delivering a secure, reliable service for our users remains our top priority.
Currently, verification by email is the only option for this particular situation.
We may add another authentication option besides email in the future.
Please Note: If you do not have access to your email account and there is no way to recover access to your email account through your email provider, you will need to open a support ticket, and please make sure to include an alternate email address that you can be reached at (create one if necessary).
Solved! Go to Solution.
Hi@thomasmbrooks , this is not the LP support channel here. It's a community forum for LP users.
Your valid concerns expressed here will not reach management other decision makers! You need to directly contact Support via website or phone.
Too many people are getting the same response from LastPass, i.e. "Try again or look for an email from LastPass if you think you entered valid credentials", yet are not receiving an email. Do we all have independent issues with our mail servers? Do none of us know to check the Spam/Junk folder? Or perhaps there is a bug somewhere with LastPass that the system really isn't sending the verification email?
I'm a Linux administrator and I have done tier 1 and 2 support for a living. And while many issues can be solved with simple questions like, "Did you reboot?", "Did you check your spam folder?", "Is the Caps Lock key set?", "Do you have it plugged in?", and so on, those questions are infuriating to those of us who have done all those things. Sometimes it's necessary to assume the user isn't an idiot and actually look into the problem he is reporting.
There is no means for us to support another user's valid concerns through the support channel, so I'm doing it here, hoping that someone will realize these may not be isolated problems, but might have a cause other than the user being an idiot.
For example, I set my LP settings to not send verification emails, because I know my IP will change. Could it be that their system doesn't check that before locking my account, and then once locked, sees that it isn't supposed to send me an email? Another possibility. The VPN I use often routes me through Houston. Yet some websites see my IP address as coming from Russia. (IPv4 address to country to maps aren't to be trusted.) Could that be what is causing them to lock my account? Could it be the VPN provider? Could it be a commonality among mail handlers that is deleting the email?
You see, I can't expect the support staff to check al these possibilities for just me. But if someone there starts believing that the email problem isn't a user issue; if someone accepts multiple reports of the same issues just might indicate a problem they need to solve, then maybe we'll get some results and less stalling in hopes that the complainer will go away.
I appreciated the information @thomasmbrooks 😊
Something is definitely not working the way it was intended. I've used LP via a designated ISP with dynamic IPs for many years! I never ever had to verify my location. To be honest I wasn't even aware that there was such a feature like email verification; it just worked out of the box ever since I signed up.
Now I've been locked out of my account for more than a week, waiting to hear my back from support on my case.
I've been dealing with this nightmare since last Friday. I'm astonished that LastPass still hasn't addressed it. Right now, they have zero credibility with me. I'm giving them until Friday to fix it If at that point it's not addressed, I'll stink it up, switch to 1Password and start the laborious process of gradually changing all of my passwords. What a disaster.
@andy-heremy experience mirrors yours. I've been using a VPN for years now and never had this problem before March or April. That was the first time my account was locked. It was unlocked a few weeks later after several emails and problem reports. I assumed someone at LP unlocked it, but it may be that my VPN randomly put my back to the original IP address and that's what allowed me in. Anyway I've been locked out like you since last Friday. I'm getting responses from the support staff, but so far they amount to "You must be doing something wrong because our software is perfect and has no flaws."
It was unbelievably foolish of LastPass to put in a major change right before a weekend, and apparently have no plan to back out of the change when so many people are reporting problems. Like @davidl442 , I'm pretty close to having to laboriously request all my passwords from the various URLs I use, and start using a more reliable password manager. I'm certainly not paying for software which more than a week after I've reported the problem and still basically telling me the problem in on my end, not theirs.
Just to clear up some confusion, no new feature or major change was made to LastPass. Due to an increase in bot net activity a couple of weeks ago that was triggering account recovery emails to be sent to multiple LastPass customers, we temporarily increased sensitivity to further detect and flag suspicious bot activity and verify a LastPass user’s identity. This temporary increase in sensitivity was already rolled back last week.
We have updated the messaging to be clearer, you should now see "Try again or look for an email from LastPass if you think you entered valid credentials." If you are not seeing this message, most likely the Master Password you are entering does not match. The Master Password is case sensitive and a single character in the wrong case will prevent you from signing in.
@davidl442 can you please reply to the support email from yesterday with the requested information? Once support has that to verify your identity they will be able to let you sign in and remove the defunct security email on your account.
@thomasmbrooks I have checked our email server and it shows that the verification emails that were sent to you were delivered successfully. The emails are sent from email@example.com you may need to add that to your address book to ensure the emails are not being sent to spam by mistake.
@GlennD, I have firstname.lastname@example.org in my address book, and even if I didn't, I know to check my spam folder. I can't get into Hotmail's logs, but the emails do not appear to be reaching my account.
I try logging in to LP several times a day. By now, I should have 30 or more verification emails. I have none. If this is the limit of what LP can do, i.e. we are sending them but I'm not getting them, then it's time I found a better password manager. If you lose enough customers, maybe you'll start looking harder for a problem on your end.
Incidentally, my VPN says it's using 126.96.36.199 as my IP address, and claims that is in Houston, Texas. Is it possible that your system thinks that is Russia, and that's why my account is locked?
Thanks for the response. I still wish you'd just look at my settings, realize that when I set to not send verification emails, it meant your system should not have locked my account, and just unlock it. I trust that no one but me has my master password.
@GlennD, I respect the proactive response to additional bot traffic, and I understand that you have rolled back the sensitivity. Yet my account was apparently locked under the higher sensitivity, and isn't being unlocked. Further, whether your system is or isn't sending the verification email, I am NOT getting it.
Does LP/LMI have ANY alternative to a verification email that I am not receiving?
I know my master password, and I know about case and I know I'm entering it correctly. To continue to harp on this is condescending. To continue to claim that I should be getting an email when I am not is also condescending. Do you have any solutions to offer?