Well, I have been using LastPass for about 3 weeks now & so far so good. The only issue I had was a corrupt extension & the support team emailed me within 24 hours & it's all good now. I really struggled to come up with a master password, but so far I seem to remember. It, I just do not want to forget it.
Before I started using LastPass, I used Bitwarden & still have both running. What I did was make a safe note in Bitwarden and put my LastPass master password in there as a safe note. I know I still have to remember that master password BUT I have used Bitwarden so long that I doubt I would forget that master password. I wonder if that is a "dumb" thing to do?
I was going to delete Bitwarden, but I think I will keep it BUT use LastPass as my go-to password manager. I just do not want to forget my master password.
FYI >> I did not enable biometric recovery. I am a bit Leary of biometrics I have read that using biometrics is not as secure as a pin or password. I may consider using it in the future as I do more reading on that subject. I DO use 2FA with last pass authenticator I also have an HP Chromebook & android device running android 10 using LastPass on my android as well.
There are a couple of other recovery options that you can set up now that do not require biometrics, please review: How do Iset up all account recovery options for LastPass?
Many LastPass customer end up relying on Recovery One Time Passwords to recover their account, this depends on a token that is generated when you sign into the browser extension and stored in the browser cache: How do I create a Recovery One Time Password to use during LastPass account recovery?
Thank You for the reply I created OTP with the advice you gave me. I assume IF I forget my master password and am home using my Chromebook and use my OTP that I could change my password once I get in? Just want to verify that and of course save the OTP. Also, do they expire or should I get new ones say every year?
@mdc1022 Regular OTPs will not allow you to change your Master Password or export your data, they only grant you access to the vault. A Recovery One Time password will allow you to login if you forget your Master Password and you will be prompted to create a new Master Password when you sign-in. This support article provides more details: What is the difference between a One Time Password and a Recovery One Time Password?
Tip: Most people have more than one web browser installed on their computer, install the LastPass extension on all browsers and sign-in to your LastPass account through them. This will create Recovery One Time Passwords in each of them so you have back ups in case your main web browser cache is wiped.
I have a Chromebook, so I am locked to the Chrome browser. And when I log off my browser clears the cache cookies & history. I do have my cell phone added as a sms recovery option.So, I would think IF I ever forget my master I will get a code to get back in.
I have a chrome book & had it set to automatically clear cookies and site data when I quit Chrome.(shut off my Chromebook) I unchecked it now so that my cookies and site data when I quit Chrome will NOT clear. Is this necessary to do so that in the event I forget my master password that I will be able to use the one time recovery to gain access? I read this on LastPass info on OTP and I think I MUST NOT clear site data when I quit Chrome.>>>
Would I be able to automatically clear cookies and site data when I quit Chrome and still be able to get The Recovery OneTime Password? I disabled that feature until I get clarification.
I did not enable biometric recovery. I am a bit Leary of biometrics I have read that using biometrics is not as secure as a pin or password. I may consider using it in the future as I do more reading on that subject. I DO use 2FA with last pass authenticator.
So for me I would need to be sure The Recovery One Time Password will work for me using my Chromebook & android device (not using biometrics)
If anyone wants to give their opinion on biometric as a log in on my mobile device I'm all ears.
I also have my mobile number set up for sms codes as a recovery option.
I know the steps below would be the EASIEST WAY to recover a forgotten master password BUT fingerprint log in I think is easier to hack than a pin. Your thoughts??
Recovery One Time Passwords are created when you sign into the LastPass browser extension, it is a token stored in the browser so if you clear the cache it will be deleted along with everything else. LastPass users should consider this recovery method the last option, after all of the others.
For your specific situation I would recommend generating a list of regular One Time Passwords and storing them some place safe. While they cannot be used to reset the Master Password they can be used to sign in so you can copy your data out of you LastPass account if you were ever unable to recover the account for some reason.
You may be able to lock your device with a PIN, but then use bio-metrics with the LastPass App. At the end of the day it is a balance of security and convenience that you have to choose.
For your specific situation I would recommend generating a list of regular One Time Passwords and storing them some place safe. While they cannot be used to reset the Master Password they can be used to sign in so you can copy your data out of you LastPass account if you were ever unable to recover the account for some reason.>>>>>>>>>>>>>>>>Great idea thank you!! I did that today....
You may be able to lock your device with a PIN, but then use bio-metrics with the LastPass App. At the end of the day it is a balance of security and convenience that you have to choose. <<<< I tried that and when I use the fingerprint with the lock app, it >>relocks<< after it opens & then LastPass won't autofill. I think it is because the lock app with fingerprint is set that way but it confuses LastPass so that is why I don't use it BUT getting recovery codes & then exporting my file & importing it to a new LastPass account would work as a last resort.
Since both of your posts are around the same general topic I have merged them.
I was able to set up BOTH pin unlock via my app lock app & biometrics on LastPass and it works!! NO relocking of lastPass when using it. I had to change a few settings in the app lock app, but now it works.
So now when I use LastPass on my android device. I get the prompt from my app lock for a pin-number, then once I get past that, I then need my fingerprint to access LastPass. my "forgot password" worry is over because using biometrics to unlock LastPass I can then reset it via my mobile device. And anyone that gets my phone has to get past the pin & then fingerprint. 😃
I appreciate everyone commenting here to help Thank You!!