cancel
Showing results for 
Search instead for 
Did you mean: 
Bob20
Active Contributor

Re: How many recovery options do you have enabled?

(RESOLVED!!)
Thanks guys. This means a lot to me.

jillkint
New Contributor

Re: How many recovery options do you have enabled?

Helpful

Itsmebeccat
Active Contributor

Re: How many recovery options do you have enabled?

He recommended putting the extension on all browsers but with the new guidelines and only one device allowed well that messes up mother**bleep**er gosh

You recommended putting the extension on all browsers but with the new guidelines and only one device allowed will that mess us up

Just wondering if you still recommend that since the new device limited guidelines
GlennD
LogMeIn Manager

Re: How many recovery options do you have enabled?

LastPass Free customers that select mobile as their device type can still use the browser extensions for account recovery and other account settings, they just do not have access to their vault through the extension. In the same way, customers that select desktop as their device can still use the mobile app for account recovery.

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
Itsmebeccat
Active Contributor

Re: How many recovery options do you have enabled?

OK well that is very helpful and I’m sure many others have wondered the same… Thank you Glenn

feveralburyau
New Contributor

Re: How many recovery options do you have enabled?

Email option is working for recovery.

JayneG
New Contributor

Re: How many recovery options do you have enabled?

Hi EvoLeadr,

I've been reading this with interest and appreciate your position - I feel the same.

I'm not great with IT at the best of times but really want to Nail the security and recovery of an enormous amount of sensitive and critical passwords held in LP.

I currently have 2FA turned on as the authenticator app on my mobile phone.  But in the event that both laptop and phone are gone - what then?

 

In layman's terms, can you tell me what you eventually decided to do? 

GlennD
LogMeIn Manager

Re: How many recovery options do you have enabled?

@JayneG If that happens, as long as you know your Master Password you will be able to sign into your LastPass account from another device and access your data. LastPass support can help you if you lose access to your 2FA device, it is only when you cannot enter the Master Password correctly and have no recovery options enabled/left that you will be locked out of your account. 

 

We advise having more than one recovery method set up, and encourage you to sign in on a regular basis so that you reenter your Master Password and it stays fresh in your memory. 

 

 

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
EvoLeadr
Active Contributor

Re: How many recovery options do you have enabled?

Hey there @JayneG  thanks for your message.
Im still surprised how much traction this post created and I that it's not an upfront topic brought to the forefront by LP. It does seem a little avoided..and its a BIG one IMO.

If i'm honest it brought up a LOT and I explored tonnes of options.

I disagree with @GlennD  comment:

"If that happens, as long as you know your Master Password you will be able to sign into your LastPass account from another device and access your data."

This assumes you have authorised another device. I know at the bottom of your thread you say "you advise" but this can easily be taken as not necessary, because its only ADVISED.

From my testing and all these chats if you do not have another approved device then you cant access LP without an email confirmation which if you dont know your email pass (because its in LP) then you are sc**wed. There is no one red magic pill though as GlennD and others said and LP final response was for me to remember my MP and my email PW.

Where did I end up?
Well I now run TWO managers, LP and MyKi.

Why? I choose MyKi because...
1. There is no cloud, which is a concern for me. I do trust LP and their vault, but I always have concerns with anything that is cloud based. Esp for the level of importance I place on my PW's.
2. They have BUILT IN 2FA, this is SOOOOOOOOO good. I mean its super slick and was a massive sell feature for me. 
3. I can manage multiple clients, all giving them difference "companies" so I dont see 50 logins for one site. LP has identites, but switching between this is a faff. So for me, the use case of MyKi just really served.
 
PROBLEMS...
1. MyKi store a LOCAL encrypted 256 file on my computer. So everday it backs up. To restore a backup, a bad actor would need to gain access to the file, a dedicated mobile number I use, they need to receive a text code sent to it and then restore it in MyKi software and then a pin to unlock it. So i feel confident that its safe.
...BUT...i 100% need to look after that file. Which brings a whole host of different problems.
However, dealing with those problems, is actually much easier than my LP problems (for me).
2. I still run LP. So I have both on the go. And my iphone can only allow ONE password manager. So I cant run LP and MyKi on my mobile. But im ok with this ATM. I have not moved over cause im still new to MyKI where as I have like 7 years with LP and right now I trust LP in general, more than MyKi (but only due to experience and the fact that i have less exp in managing the backup and what to do in the event of a problem with MyKi).

NEXT STEPS
I will run some scenario's see how MyKi responds, what I would do, etc etc.

There is no magic red pill.
It is a layer approach.
If you do not consider yourself very techie, MyKi might not be for you.
The responsibility of managing a backup file is a lot.

Personally, for ease, my suggestions to others i've spoken to is...
1. If you are securing your LP with 2FA, then save a backup code somewhere you can gain access. Or use a system that is not LP Authenticator so you can restore something. Many use AUTHY, as it backups. But remember every backup to a cloud poses a risk. I suggest a physical copy of a backup code with someone you trust or hide it deep in an email structure and/or phone contact so you could find it (using your memory to locate it on your device only! - this assume your email has not 2FA)
2. Keep hold of your LP MP and email PW. From what I know, a VERY long password only made up of words/numbers (like a big sentence) is more secure than an 8 character PW that is random generated with symbols. Confirm this, but my point is you can have security for PW's without complexity. This was you can access your email if you don't have a browser or computer already authorised to access your LP account
3. Authorise as many trusted devices as you can. So that you dont NEED your email PW.
 
All of this is my personal opinion.
I do like and trust LP, very much.
using MyKi has made me see how date LP is in some ways, but that doesnt mean new and shiny is better.

I hope this was helpful.
 
Kind regards
For a greater world for us all.
x
GlennD
LogMeIn Manager

Re: How many recovery options do you have enabled?

Hi @EvoLeadr 

 

You misunderstood my reply so I am going to state this again to prevent any confusion for those reading the comments on this topic:

 

1. If you lose your 2FA/MFA device but you still have access to your email, you can disable 2FA/MFA on your account using your email and sign in to LastPass.

2. If you lose your 2FA/MFA device and you do not have access to your email, you can open a support ticket and LastPass support can disable 2FA/MFA on your account so you can sign in to LastPass.

 

The only thing LastPass support cannot help you with is if you cannot correctly remember your Master Password and you have no recovery options available to use.

 

 

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
Tags (3)