Master Password Lastpass

Posted onby admin
  • 1Password features an Emergency Kit — a simple text file containing your Secret Key, email address, and a text box for you to record your master password. This can be kept off-line as a last line of defense against your own bad memory.
  • How to delete your LastPass account with a master password. Go to LastPass.com in your preferred web browser. Click the 'Log In' button in the top right corner of your tab screen and enter.
  • If you’re creating a master password that you’ll need to remember, try using phrases or lyrics from your favorite movie or song. Just add random characters, but don't replace them in easy patterns. Use a password manager like LastPass to save your passwords. We keep your information protected from attacks or snooping.

LastPass will warn you if your master password matches a password for an item in your vault when you start the challenge. To boost your master password score, change your master password to be longer and stronger—and ensure it doesn’t match a password for a website that’s already in your vault. If you previously set up a Master Password hint/reminder (either during account creation, when you last changed your Master Password, or by manually entering one into your Account Settings), you can have LastPass send you a clue in a reminder email. Follow these instructions to reset your Master Password using a hint/reminder.

HELP FILE

Lastpass

Reset a User's Master Password (Super Admin)

LastPass admins can enable the 'Permit super admins to reset Master Passwords' policy for their account to allow designated admins to reset a user's Master Password. Once enabled, user accounts will be able to have their Master Passwords reset as long as they have logged in to the LastPass web browser extension at least once.

Note: Existing users who are actively logged in will need to log out and log back in via the LastPass web browser extension before the reset option will become available to the admin. It is required that the user logs back in via the LastPass web browser extension only, as logging in via https://lastpass.com will not activate the Master Password reset option for the admin.
Lastpass
  1. Enable the 'Permit super admins to reset Master Passwords' policy.
  2. User logs in via the LastPass web browser extension, that activates the policy in Step 1.
    Note: At this point during the process, the listed super admin will have the option in the Admin Console to reset the Master Password for their selected user.
  3. Super admin resets the user's Master Password.
    Warning: When you reset a user's Master Password, any linked personal LastPass account of the user will automatically become delinked from their company LastPass account. If desired, the user can link their personal account again.
    Warning: If the user whose Master Password you are resetting is a federated user, they will be converted to a non-federated user account upon reset. Learn how they can become a federated user again without the risk of data loss.
    1. In the Admin Console, go to Users in the left menu.
    2. Click on the email address of the user, then click the More icon and select Reset Master Password.
    3. When prompted, click OK.
    4. Enter your own Master Password, then click Submit.
    5. Enter a new Master Password for the user, then re-enter it to confirm.
    6. Optional: If desired, you can click Change the user's email to also update their LastPass username.
    7. Optional: You can choose to uncheck the box to disable the Force password change on next login option, as it is enabled by default for security best practices.
    8. When finished, click Submit.
What to do next:
Important: If you have been added as a super admin in your account's policies and do not see the 'Super admin master password reset' option for a user, it may mean that the user has not yet logged out of their active LastPass session. You can force user log off, then advise them to log back in to their account via the LastPass web browser extension (not the website). Once they have done so, you can refresh the User page in the Admin Console and try again.
Important: If your LastPass Enterprise organization is using federated login to provision new users (using AD FS, Okta, or Azure AD), then the Master Password being used is the user's account password that is stored in their Active Directory. If a federated user's Master Password is reset, it will convert them to a non-federated user status upon reset. Learn how they can become a federated user again without the risk of data loss.
Related Articles
  • How do I enable the 'Permit super admins to reset Master Passwords' policy?
  • How do I force active users to log off?
  • What is the encryption process when a super admin resets a Master Password?

Updated 3/15/2018

According to the 2017 Verizon Data Breach Report, 81% of breaches are caused by weak or reused passwords. So creating strong passwords is essential. The great thing about LastPass is that you only have one password to remember. You create and remember your master password, and LastPass does the rest. Generate strong, random, utterly-impossible-to-remember passwords, for every single one of your online accounts, and let LastPass manage them for you. “Set it and forget it,” as they say.

But when it comes to properly securing that precious vault, it’s very important that you use a strong master password. Although you’re protected by the many layers of encryption and security we put in place to keep your data safe, using a strong, unique master password will not only protect you from a brute-force attack but will also ensure that a breach at another random website won’t affect your LastPass account.

Password

So what does it take to create a strong master password?

What you’re typically told:

Have you ever seen those overwhelmingly-long lists of password guidelines? They go something like this:

  • Use uppercase and lowercase letters
  • Use numbers
  • Use symbols
  • Use at least 8 characters
  • Don’t use words from a dictionary
  • Don’t use the same password twice
  • Don’t use personal information

While the advice itself is good, a password might still be weak even when it meets these requirements. For example, “Passw0rd123!” meets all of the above criteria. However, it’s a variation of the good old favorite “Password123”, and it’s been leaked in data breaches before. That means it will take no time at all for the bad guys to crack it.

A strong master password needs to be truly unique. You should never use your master password, or even a variation of it, for any other account or app.

A simple strategy for creating a memorable but difficult-to-crack master passwords is to use a passphrase.

What you should actually do:

A passphrase is a sequence of random words and characters strung together to create a password. The difference is that a passphrase is typically longer, with at least 20 to 30 characters. But by using a combination of words and/or characters that only make sense to you, it’s no trouble to remember it.

Creating a strong passphrase is easy. Check out these examples:

mydogfido’sbirthdayisnovember19

yellowcatbaseball…newyork

myvacation2paris-wasincredible

soexcitedtoStartCollege!thisfall

Notice how each of these is a fairly simple phrase. By stringing together a couple words we’ve created passwords that are pretty long, but also pretty random. Including a few symbols, numbers, or uppercase letters somewhere in the passphrase also increases its strength.

When you take into account the AES 256-bit encryption, a well-chosen phrase would take many, many lifetimes to crack.

PasswordLost master password lastpass

Update your master password today

Reset Master Password Lastpass

Ready with a new master password? You can update your master password from your LastPass Vault in the Account Settings. Be sure to carefully type your new master password. And don’t forget to practice logging in a few times to build up the muscle memory for your new master password!