What are /r/Lastpass' favorite Products & Services?

From 3.5 billion Reddit comments

> Why does Lastpass not use the mobile number as a backup option?

Because SMS is inherently insecure, and cannot be used to transmit cryptographic data. Also because LastPass does not (and should not) know your encryption key, so recovery is impossible without local information saved on the user's end. The easier the recovery, the worse the security. This is just an unavoidable trade off.

Can you explain what exactly you mean by "recovery doesn't work" and "revert option ... doesn't work"? What exactly happened when you tried to do that? What's your OS and browser?

You can also contact support by opening a ticket. They cannot help with recovery, but they should be able to help with revert password change.

This is expected behavior and addressed in the official FAQ: Why does LastPass fill credentials on my site before prompting for 2 Factor Authentication?

Your master password is used for encryption and authentication, whereas 2FA is only used for authentication but not encryption. When there's a local copy on your computer, authentication is not needed to access your local data.

>As another Premium subscriber, up until August, when I will not be renewing...

July for me. Have been a paid user for seven years. In two of those years the price tripled. Not worth it for me anymore. I moved everything to KeepassXC, set up syncing on both iCloud and Syncthing (for non-Apple devices) and it's been rock solid.

My password is written on a piece of paper and in our safe at home. Will put a copy in our safety deposit box next time I visit the bank.

The only thing that is a bit weak with KeepassXC for me is their Yubikey support. It works but requires dedicating a slot in the key to that purpose.

I don’t think this is. UX issue. I think it’s a U issue. LastPass asks me which account I want to update when the URL matches and the usernames are different. I also make sure I change the name of each LastPass entry to match. For example, if you have a work Facebook, you may consider changing its name to Facebook (work).

Another solution would be to create two identities in LastPass. Use one for work and one for personal. Use two profiles in Chrome and keep one identity in each. Then you know which one you are working in. You’ll need to do some organization at first, but you won’t have the issue ever again. https://lastpass.com/support.php?cmd=showfaq&id=7366

An extreme solution would be to create a LastPass using your work email. Have a separate profile in Chrome for work and use the LastPass account you created for work in that profile.

In summary, use Chrome and have two Chrome profiles. Use Identities in LastPass and just keep them in each profile.

It's a security measure introduced in 2015 after the breach (https://lastpass.com/support.php?cmd=showfaq&id=9222). Having your access credentials for your recovery email address stored in your vault and not knowing them/having another means for access, isn't really a good idea in general (no matter how confident you are in your hw key). Having specific security email address is a solid way of avoiding any problems in the future. Or perhaps using "Emergency access" feature for worst case scenarios.

But still, I think it's good idea to send your case to LastPass as a feedback and possible update for this "suspicious IP" prompt.

I've been on the fence to switch to BitWarden for a while (with a hard lean towards bitwarden) but the thing that has kept me from switching is the lack of emergency recovery for my BitWarden account. With BitWarden, your password is the decryption key to your vault - if that's gone, your account is toast.

In theory, I can keep a free Lastpass account open, with ONLY my bitwarden account credentials in there, and then if I croak, a trusted person can recover my bitwarden credentials from there. But I wish there was a better option.

(OP here) So, I opened the LastPass Vault in Chrome. Noticed a URL blocked by uBlock. To my surprise it's from mediaplex.com. A company that is in the Advertising business. I checked the page and didn't find include, so either I missed it or it's added via the LastPass code.

I personally feel it's not cool to be adding (I hope) a pixel from a 3rd party when I'm seeing my personal vault with all the passwords.

They are also hitting "https://lastpass.com/ads.php" several times, I'd guess for the Families ad on the right, but really. Yes, it's the free plan but there's no mention of ads in the pricing page anywhere.

Thoughts?

If you don't want to retrieve anything from the old account, there is an option to simply delete your account.

https://lastpass.com/delete_account.php?np=1

I recently used this, as I must have signed up to use LastPass years ago and decided not to use it.

I have now deleted the old account and created a new one with details I remember.

Can confirm cookies are not the issue.

Upon restarting Chrome, I can still view my account and session info at https://lastpass.com/my.php and https://lastpass.com/sess.php, but the extension is logged out. So the issue is with the extension being unable to retrieve my key.

Seeing the same thing here--it does not work for me in Firefox 57.0.2 for Win10 (64-bit) but does work in Chrome v.63. Have you reported it to LastPass?

Does the weak response from lastpass about cloudbleed seem odd to anyone else? The only thing they have done is one single tweet brushing off the issue by saying 'lastpass services are not served by CF'. But their customers and the websites they use are affected so they should be moving to mitigate customers potential exposure.

Heartbleed in comparison was a minor bug with only the potential for exploitation while cloudbleed has already leaked real data. Lastpass responded very strongly to heartbleed, basically launching an education campaign to reach affected customers.

They sent out a bunch of email notices, wrote blogpost, tweeted about it, quickly launched https://lastpass.com/heartbleed/ They also edited their password audit tool within a few days to provide a 1 click scan for all your saved sites to check if their server was vulnerable and then prominently display that site as in need to password changes.

Would this help?: https://lastpass.com/support.php?cmd=showfaq&id=375

Point 4 specifically.

EDIT: Make sure you log out of all open sessions on Google because if they get access to your laptop, they can also get the recovery email for lastpass and other services. Remember, things like Kon-boot exist.

It seems like you're experiencing a known issue that we are currently beta testing a fix for. Go to our Play Store listing and opt-in to the Beta release channel and see if that addresses it.

I'm a fellow Mac user. I have not yet updated, though I've gotten a couple pop-up alerts. I don't think you have anything to worry about. On this page (make sure the selector near the top is on "Mac"):

https://lastpass.com/misc_download2.php

It shows that both the Safari plugin and the stand-alone Mac app are at 4.64.

You can use the AutoFill feature in Android to autofill things in Firefox for Android:

​

https://lastpass.com/support.php?cmd=showfaq&id=1763

The best way to get support ASAP is always going to be opening a support ticket. We try to monitor the support forum and this subreddit as best we can but opening a ticket directly will always get you the fastest and most direct support.

https://lastpass.com/supportticket.php

The best thing to do is to contact LP support: https://lastpass.com/supportticket.php

I was unable to confirm this behavior to be "expected" anywhere in Families plan manual.

The data were probably just corrupted.

Try clearing your LP cache and refreshing your sites: https://lastpass.com/support.php?cmd=showfaq&id=483

​

If you are sure about your backup:

Disable 2FA on lastpass https://lastpass.com/support.php?cmd=showfaq&id=7066

Clean/reinstall android app

Restore from last backup

Reactivate 2FA on lastpass

If you aren't so sure, contact LastPass support.

https://lastpass.com/support.php

Yes, see our support doc here. You'd want a Path rule, and I believe you'd want to do it for the path / but feel free to experiment a little bit.

Echoing my colleague Chris on our forum:

> Sorry for the inconvenience. The issue has been fixed. Please try to fully logout of your LastPass extension and relogin. If you need any further assistance, please reach out to us here: https://lastpass.com/supportticket.php. Thank you.

We think there's more to your issue than we can easily address through Reddit comments. Would you mind opening a ticket with our support team here so we can investigate more thoroughly?

You can try installing and enabling the binary component so the browser isn't doing as much work:

​

https://lastpass.com/support.php?cmd=showfaq&id=5576

> submiting a form to google for the auth codes

How does this work? Are you requesting access to your Google account, or are you requesting your auth codes saved in your Google Authenticator in attempt to get into LastPass? The latter won't work, because auth codes are saved locally, and Google doesn't have them.

Best course of action would be opening a support ticket with LastPass. They can disable 2FA for you. You don't need to log into LastPass to use the ticketing system, only need access to your email.

Also I'd like to emphasize that the "support forum" is mostly a user-to-user platform now. Official support is only provided through the ticket system.

Also I would go ahead and back up everything.

If it won't let you do it with the export tool, go ahead and do it manually before it asks you to re-authenticate and you lose access.

https://lastpass.com/support.php?cmd=showfaq&id=1206

Lastpass breaks it down here.

The 100,000 extra rounds makes a huge difference. Even a weak password like 8 characters that can be cracked in say 2 days is now 100k times harder to crack--longer than you will live.

Many sites simply store your password as SHA1($password), in which case you want a strong password (12+ characters minimum, 16+ characters preferred). Salting your password also helps immensely as cracking efforts are limited to single hashes.

Received this reply few hours ago:

> Hi there,

>Apologies for the inconvenience. Please note that if you have 2 or more authenticators activated for your account, only one will activate per login attempt. For more information on this, please visit: https://lastpass.com/support.php?cmd=showfaq&id=5686

>Let me know if I can be of further assistance.

>Best,

I find it strange that you had such issues where LastPass was down. Perhaps you didn't activate offline access?

That aside, keeping multiple online password managers increases the area of exposure to attacks and mistakes. I wouldn't recommend having more than once password manager with internet access. Because of that, I would say that you should get an offline password manager. In case you're not having secured offline backups, I strongly recommend you to start doing them now.

The most used offline password manager I believe it's KeePass. It's typically used on PC, but there should be versions for Android/IOS as well. You can take a look here.

If you need to access credentials that you don't charge often, you shouldn't have too many issues. You can just put the data you want on the phone, and keep it there just in case the online password manager you're using is not available. I have used the offline access for LastPass and I didn't have many issues in the past, but having a secure backup with you almost always beats it.

Alternatively, you could pick another password manager that also supports an offline vault until the main server is back up again. But I would trust more the offline password manager, as it's guaranteed to give you 100% uptime regardless of any online service.

Bitwarden for password management. 100%.

Also, for places that require a card on file (or if you're like me I use a distinct credit card number on every site just like I do with passwords) then check out Privacy.com. It will generate credit cards that you can pause, define 1 time use (burner card), per day/week/month/year limits, etc. It has browser and mobile apps that will autofill sites for you, etc. There's no cost to use it as they just profit from the interchange fees that the merchants and banks charge. ADDED BONUS: You can use whatever address you want online and it will validate it as legit. So if it's a service that legitimately doesn't even need your address you can use a bogus one if you want.

OK - I would consider work to be less of a risk than donating or giving your computer to someone.

I would uninstall LastPass and then enable two-factor authentication on your account. Then remove all of your one-time passwords and then run something like Eraser to wipe free disk space. This can take time, make sure to only select free disk space. This will prevent (or make more difficult) restoration of deleted files without removing everything on your computer. It can take some time. In theory, if LastPass was uninstalled and there was a local copy of your encrypted password file, it would be securely deleted.

Remove one-time passwords: https://support.logmeininc.com/lastpass/help/how-do-i-clear-my-temporary-one-time-passwords-for-lastpass

Eraser: https://eraser.heidi.ie/download/

you can have second, secret email set in lastpass settings

there are free email services like https://tutanota.com - you can park your email address there indefinetely

setting second, secret email works better than changing main email, because you use main email each time you log in and essentially you treat it as public knowledge (when lastpass data leaks next time)

On: https://lastpass.com/support.php?cmd=showfaq&id=956

What happens when LastPass.com is down? Can I still log in?

If you are logging in via the LastPass browser plugins, it will automatically switch to offline mode and you'll still be able to view your stored data.

This is not working for me, it just asks for my passwords and I cannot login.

Oh thanks! Yes, I do use AirVPN, but connect to U.S. servers only. Although, now that I think about it, i may have once used a different country one when I was testing something, but it would have only been for a few minutes. I used a different browser to submit another ticket and finally got an email confirmation that it had been submitted. So, if I get a response from them, I'll update here in case it happens to someone else.

My billing and residence is U.S. and the ipleak shows U.S. connections.

This is what I use to get rid of that annoying notification Hide "running in the background" Notification. It was reviewed on Android Police to positive reviews.

It's more important because if you reuse a password 5 places and its stolen you lose those 5. With lastpass you lose everything. I think there's a way to say "remember this device for 30 days", did you try that?

There's a bevy of other security stuff you should do too. 2 key things IMHO are not allowing logins from outside the US and refusing all mobile devices except approved ones. Those are in the advanced settings.

Edit: Read this http://www.makeuseof.com/tag/ways-supercharge-lastpass-security/ and do them. What I said above I think is 3/4.

1. You are very good "H4ck3r" during your sleepwalking episodes.
2. This person was on your computer and saved her info.

But seriously, I have no idea. If it is correct login info with correct password, let this person know.

It would also be a good idea to check her email against data breach database like https://haveibeenpwned.com/ ... maybe it will shed some light on it.

>requires software installation to work in conjunction with browser extension. if you're work computer is locked down, you may not be able to install this.

Check out 1Password X, it works completely in the browser (Chrome or Firefox).

Also for the more clicks to generate a password, if you use 1Password X and it detects a password field it will recommend a random password for you under that field. No buttons to press.

For the security score, 1Password uses Watchtower which uses the https://haveibeenpwned.com/ database to let you know if your password has been breached. So far haveibeenpwned is the largest database of breached accounts that is also safe to use, so you have a better shot at knowing if you've been in any breaches.

Assuming you can access the lastpass.com website and don't care if your company monitors your use of LastPass, I would use the paper grid as your 2FA default option to help protect your master password login and go from there.

It is a pain not having the Lastpass browser extension for auto fill-in; but, those are the breaks of working in a closed area.

Apparently right before a price change... https://alternativeto.net/news/2022/1/lastpass-seemingly-deliberately-holding-users-password-data-hostage-alongside-new-pricing-plans

==> https://keepassxc.org

In accordance with Section 5 of LogMeIn's Terms of Service, "Customer shall not permit its users to access or use any Service or Content in a U.S. embargoed country or in violation of any U.S. export law or regulation." This means that an account can be de-activated and cannot be re-activated if the end user attempts to login from an embargoed country.

https://www.logmein.com/legal/terms-and-conditions

I hope this will change.

Sadly no. I still have to click on it and click login. I'm used to it now though.

If you clear cookies on closing Firefox, then try whitelisting lastpass.com. It didn't work for me, however I noticed it affects LP on Edge (clearing history results in having to re-login to LP). It might be an avenue.

hmmmm - interesting

No I hadn't but I don't see anything there specifically although the mention of cookies sure gets me thinking. I do see cache/cookies/localStorage for lastpass.com and logmeininc.com present and I am allowing cookies in Safari per the LP doc.

While I do run pihole to try to cut down on ads, I see nothing being blocked in the logs re: LP and I've run pihole for several years without issue.

Still seems to me it's a os/browser or LP upgrade caused some incompatibility.

The link below should pull in all the binary components, but its not clear to me whether the software is distributed direct from LastPass or whether its just a script which pulls updates from apps stores

https://lastpass.com/installer/

Did you use the Google Authenticator option when setting-up Authy? Do you have any other MFA options enabled?

How are you trying to access Lastpass? Are you going to lastpass.com or have you installed the browser extension?

From further down in this thread:

Looks like LP has corrected the problem.

"I've processed updates in the account please try again, if still notworking please uninstall the extension and reinstall it, you can get the latest version using the following link: https://lastpass.com/misc_download2.php"

I followed the instructions and attachments now work properly.

One thing I did (not in the list) was a reboot of my pc after removing
the addon and before installing the new one. it may be necessary.

Yay !!!

Looks like LP has corrected the problem.

"I've processed updates in the account please try again, if still not
working please uninstall the extension and reinstall it, you can get the latest version using the following link: https://lastpass.com/misc\_download2.php"

I followed the instructions and attachments now work properly.

I also had this issue and I emailed LastPass Customer Support about it:

> I have been unable to export form field data from my LastPass Vault. This does not seem to be addressed in the FAQ.

> To clarify, I am not talking about "form fill" data. I have been able to export that but that export did not include my form field data; it only included my Addresses and one Payment method. Rather, I'm talking about the fields that can be added on the Edit Password -> Edit Form Fields page. Each field comprises a name, a type (Text, Password, Selects, and Checkboxes), and a value.

> Can you advise me as to how best to export this data alongside my passwords?

Here is the reply.

> The issue you've reported has been identified as a bug by our Engineering Team and is currently on their backlog as an item to fix. Unfortunately, due to their other priorities and commitments currently in progress, we do not have an ETA at this time.

> We will be closing the support case at this time.

> Again, we apologize for the inconvenience, and appreciate your patience while this matter is attended to. In the meantime, you can follow our future releases and fixes here: https://lastpass.com/upgrade.php

Not very helpful, unfortunately. I'm planning to look into lastpass-cli and other tools, if the CLI doesn't pan out.

Question,

If you choose the mobile client as your lastpass free device type, how would you modify the settings on last pass? The mobile client does not have all of the settings on the lastpass.com website. Do we just use the mobile browser to access lastpass free?

I figure even if we migrate out, the lastpass could be still useful as a way of detecting mobile client URI.

Log into the web interface via lastpass.com and if things are corrupt there, then it's not a local problem.

They may have automatically bumped up your key stretching PBKDF2 iterations. That would trigger vault reencryption and show up as a "password change" in the account settings panel. A revert procedure would fix it in this case. I somewhat suspect this since you were logged out.

If you've ruled out local corruption, and an iteration change, contact support for assistance. Request escalation if level one people give you the runaround. There should be a contact us link at the bottom of the KB articles you've been looking at.

just deleted

It was super easy, go to "support" type in "delete" and they give you the link and super easy to follow instructions. Or you can click this link here

here btw side note make sure you have all your file attachments are out first cause exports don't get that data if you used premium https://lastpass.com/delete_account.php

I did these steps in sequence, and closed Firefox for a minute. Opened it again, still no auto-login. I need to click the icon, click login, then the icon goes yellow, I have to click 'ok' to 'cannot connect to server' message, then I'm logged in. An annoying faff.

No extensions were added or modified at the time, however I have since whitelisted lastpass.com in uBlockO, and whitelisted it in Firefox protection. To no avail.

Thanks anyway, appreciate it.

Does this direct link to that section help with you at all?

https://lastpass.com/delete_account.php

I had to go directly to that link without clicking on options within the site/extension to get there.

The blog post mentions a discount for families upgrades, but the link appears to not be applying the discount: https://lastpass.com/families/payment?cp=LPF2021-DT-25CS

Anyone else had luck?

Reminder to delete your last pass account after you successfully migrate. No need to leave your personal information behind on a platform you won't be actively using.

https://lastpass.com/delete_account.php

I find that the behavior is as you described when I click Security Dashboard from the Chrome plugin. It opens in a Chrome tab and looks like a web page, but the URL is chrome-extension://hdokikjssdhfksdf-blah-blah

If I actually open lastpass.com and log in, I see my emails listed as monitored in the Dark Web section, and the rest of the Security Dashboard is populated as expected. The page otherwise looks identical to what opens with a click form the plugin. I believe this to be a Lastpass bug.

This probably doesn't help, but there is an option to revert to your previous password. If you can revert back to where you started, maybe you can get the process to work the second time? lastpass.com/revert.php

" This recovery option also requires a valid Recovery One Time Password, which is created when you log in to the LastPass web browser extension on your desktop and have not cleared your cache. "

Ah, just saw that on their site. So as soon as I clear my cache, I would not be able to follow the recovery process?

So Step #4 is when the email link will load and check your browser for the recovery key in your cache? Then tell it to text you a matching key?

​

1. Navigate to <em>https://lastpass.com/recover.php</em>.
2. Enter your email address, then click Continue.
3. Check your inbox, then click Start LastPass Account Recovery.
4. When redirected in your web browser, click Click to Recover Account.
5. An SMS message is sent to your mobile device from LastPass containing a 6-digit verification code. Enter the code into the verification prompt on your web browser and click Verify.
6. Click Click to Recover Account.

LastPass are replacing the Security Challenge with a new Security Dashboard. LastPass, in the Firefox browser, was updated yesterday, August 3rd, to the new Dashboard.

https://lastpass.com/upgrade.php?fromwebsite=1&amp;releasenotes=1

As you will read the change is being gradually rolled out so I would keep an eye out for the update.

Yes, then why have Google Authenticator in the first place if you can disable it at login? It's a false sense of security.

They even have an easy to fill out form for disabling your Yubikey. https://lastpass.com/lostkey.php

It's maddening that they allow you disable the 2 most common forms of MFA just by knowing their email.

Thnx for info I wish it was phishing but unfortunately it is not and its a legit email which makes me confused

This is the actual destination link (not a simple copy paste from gmail)

https://lastpass.com/s/?s=—-I MYSELF REMOVED THIS PART—-&utm_source=trans_email&utm_medium=LastPass%3ADisableMultifactorAuthenticationRequ

Yeah, what happened to Lastpass pocket?

According to this link it should be on the download page, but it's no longer there: https://helpdesk.lastpass.com/lastpass-on-the-go-2/

All mention of Pocket has been removed from: https://lastpass.com/releasenotes.php?older=1

What if these 2 things happen: Lastpass.com is not available (outage/bankrupt/fire etc) I have a local backup of the lastpass (S)XML file. However no copy of lastpass pocket, there is no way to load the XML into any of the extentions? Also: logging in without internet is not possible, unless that is enabled in the settings to allow login offline.

So make sure when you backup the (S)XML file of Lastpass, you keep a copy off Lasspass pocket next to it.

have you updated to the 4.41.2 extension in Chrome and 4.41.1 in firefox?

I had the same problem -- so did lots of people. The fixes were supposed to push out the browsers but I never got them -- probably because I had the universal windows installer. I ended up removing the extensions and downloading fresh ones from lastpass.com -- now mine log out after 30 minutes like they are supposed to.

I've been having the same issues for the last couple of days. I put in a support case but no response yet. I can still login but it puts me into "offline mode" and keeps me having to re-login. I've tried on multiple different browsers, different computers, the login on lastpass.com and on the Android App. as well.

I have 2FA but it doesn't even ask me for that, just gets a 500 error back from https://lastpass.com/login.php

The wrong password brings up a different message. :( Hope it gets fixed, would hate to migrate these to something else.

- Reported earlier on the LP forums

- I recommend you to download the full installer and try if that works. Otherwise there is likely a corruption in your Chrome profile. Then you could try to create a new person (in the menu right top) and then reinstall the extension.

Hope this helps!

To anyone else with this issue..this is the only thing I found that actually worked.

The part towards the bottom of the instructions about the binary component did not work. Even installed it would not do a csv like it says, but the second part about saving as a web page, did. I did have to run it through notepad++ and then it would import.

If the link does not work at first and locks you out...wait about 15 minutes and try again.

Anyway, i got my data now, but it should not be so many hoops to jump though to get it.

Instructions that worked:

Log in to LastPass and access your Vault by doing either of the following: Go to https://lastpass.com/?ac=1 and log in with your username and Master Password. In your web browser toolbar, click the LastPass icon LastPass then click Open My Vault. Select More Options in the left navigation. Go to Advanced > Export. If prompted, enter your Master Password and click Continue. If you do have the binary component installed, you will be prompted to enter a file name and save as a CSV file. If you do not have the binary component installed, your exported info will display in a webpage, which you can copy the contents and paste into a text editor application, then save.

It looks like they've changed the process. In the past, when you failed the recovery process, there was an option that said you could reset the account and it would give you several warnings that you were about to wipe it. Now they want you to visit their delete account page.

According to https://lastpass.com/gift.php

You will get gift certificate which you can print out and they will use it during their creation of an account.

I never did it myself, so I can't share my personal experience.

Our official, up-to-date download link is always going to be here. We don't support the Mac App Store anymore, the listing there is our legacy Mac application.

Check "what's included" on https://lastpass.com/premium/

One feature missing on the list is synced sharing, i.e. changes on shared items are synced between sharer and sharee in premium version, but not in free version.

If you can use the mobile browser on the new phone, you should be able to log in using the web interface through lastpass.com and manually copy the password. There is no copy feature on the web interface for security reasons, so you'll have to edit the site entry, view the password, and manually copy it like any text string.

Per the instructions HERE

I used this command line from an elevated command prompt and it worked fine: msiexec /i LastPassInstaller.msi ALLUSERS=1 ADDLOCAL=ExplorerExtension,ChromeExtension,FirefoxExtension,EdgeExtension NODISABLEIEPWMGR=1 NODISABLECHROMEPWMGR=1 /L*v LastPassMSI.log /qn

Hi, security researcher here. Yes, it is broken on Firefox for me too. To "fix" it, you either disable some privacy protections (I read someone had luck with this in another comment) or you log in on https://lastpass.com which will log the extension in automatically (this worked for me).

Hopefully they release a fix soon.

>r/Lastpass3.0kMembers4OnlineThis is the place to discuss the program, "LastPass." It can be found and downloaded here: https://lastpass.com/ It offers password management, password sync, encryption, mobile password filling, secure notes, credit reporting, among other things.JoinedLeaveCommunity options
>
>Moderatorsu/Ging287u/Golden_RuffView All Moderators

How staggered? 19 days later and still not rolled out...

I believe from my experiences with using both a Yubikey Neo and Kensington Verimark f p scanner myself that this doc is relevant to your situation:

https://lastpass.com/support.php?cmd=showfaq&amp;id=5686

In my case, I have the Yubikey, f p scanner and Microsoft Authenticator enabled with the default not set to anything other then 'choose default'. I trust the Yubikey for 30 days and use the scanner every day otherwise.

You will be locked out of your account probably for few hours.

You can try recover your account by following these steps https://support.logmeininc.com/lastpass/help/recover-your-lost-master-password-lp020010

If it won't help, you can try contacting support here https://lastpass.com/supportticket.php?lpnorefresh=1

If everything fails, there's no way of getting back to passwords for all your accounts. Nobody at LastPass knows your master password and nobody at LastPass knows your passwords to websites you use.

We haven't actually seen this behavior before from any of our users, as far as I know. Personally I use the Safari extension every day and I haven't seen it either. Try unchecking the Safari extension from the menu, deleting the LastPass application in /Applications, reinstall the LastPass Mac app (here is a link), and then re-enable it in Safari. If that still exhibits the behavior you're talking about, we would really appreciate you opening a support ticket so that we can investigate further and get the engineering team on it.

Contact support here: https://lastpass.com/supportticket.php

And let them know that you tried clearing cache, creating new profile and installing it on different browser.

The favicons are custom, so LastPass maintains their own collection for the most popular sites and serves them. They have a FAQ article with steps you can try if you aren't seeing them:

&#x200B;

https://lastpass.com/support.php?cmd=showfaq&amp;id=766

Did you try deleting LastPass cache itself? Here's how: https://lastpass.com/support.php?cmd=showfaq&amp;id=6796

If it does nothing;

Try creating new Google Chrome profile and installing extension in there. https://support.google.com/chrome/answer/2364824?co=GENIE.Platform%3DDesktop&amp;hl=en

Hi there! Let us know the site and we can investigate. Alternatively, you can always file a support ticket and our support team can help you through some basic troubleshooting steps.

It used to be able to do this on Firefox. I think the new extension API, which is similar to Chrome's, does not provide a way to override the basic auth prompt.

It looks like they don't support it - https://lastpass.com/support.php?cmd=showfaq&amp;id=275

You should definitely contact support! If you had a dedicated LastPass account manager you were working with, reach out to them, otherwise you should just file a regular support ticket here

Is the password prompt a browser window? E.G. does it look like this? If so, we don't support browser logins at this time. If it's a login form that's on an actual website - I.E. it's actually part of an HTML web page, that's something we should support so if you don't mind, we'd appreciate you filling out a support ticket so we can investigate further.

What is that even showing? A bunch of URLs?

Is that an access log from activity on lastpass.com?

If it is, doesn't seem like anything unusual. lastpass.com is just a website, it's not your secured vault.

Last september someone asked about U2F on their blog and the official answer was " It’s on our radar and something we are evaluating. But we have no timeline to provide right now. Thanks!"

Raise a ticket via lastpass.com/supportticket.php for any official statement.

If you have access to your phone number, use "Send SMS passcodes" and then disable your authenticator in the settings.

The links aren't available because you are using LastPass Authenticator, hence this on the FAQ page:

"Using LastPass Authenticator?

Click "Send SMS" to receive an SMS backup code. If your phone number has changed or is lost, contact the support team by opening a support ticket below to disable it."

So, if you don't have access to your phone number, you must contact LastPass support https://lastpass.com/supportticket.php

Hi.

Please, send this suggestion with screenshot attached via support ticket on this website https://lastpass.com/supportticket.php

Even tho some LP employees visit this subreddit, the best chance to have this addressed is still through official support channel.

1. When installed fresh, the first extension window is for sign-in, not for log-in. I suspect you have mistaken the sign-in window for log-in and that's why you got the message "email is in use".
2. I am using Chrome extension and I can't replicate your problem. Just to add, LastPass doesn't know your Master Password, so it is impossible for LastPass to use your Master Password to override your sites passwords.

Always feel free to contact support here: https://lastpass.com/supportticket.php and provide them with screenshots or videos.

Hope it'll get sorted out for you.

On that site I am having troubles in "password" field, because the LP icon is underneath "show/hide" element. Every website is written differently, but you can contact LastPass support and let them know. https://lastpass.com/supportticket.php

Do you have Binary component installed? (click on the extension icon - More Options - About LastPass).

If not, uninstall your LP extension + Mac OS app and install it again via LastPass Universal Mac Installer: https://lastpass.com/misc_download2.php

Then try importing it again.

That is definitely unexpected behavior then. I'd really appreciate you filing a ticket with support. If you do that we'll be able to dig more into this bug and make sure it gets addressed. Make sure you give them a link to this thread as well so they know you already tried our support doc.

> The best thing to do is to contact LP support: https://lastpass.com/supportticket.php > > I was unable to confirm this behavior to be "expected" anywhere in Families plan manual.

Yep I just did a little bit ago -- because I did the same thing as you lol :P. Went on a digging expedition to try and see if somewhere they mention like "Note: Watch out if you change your PW!" but nothing so.. bug report it is!

Thanks for helping double check to ensure I didn't miss it.

I was talking about Mac App, but the Chrome extension was updated 2 days ago, so I think if there were some major issues, they should be resolved now.. LastPass Universal Mac Installer was updated at least in December as well, from the looks of it.

If you are still worried, feel free to contact support here: https://lastpass.com/supportticket.php?lpnorefresh=1

&#x200B;

What's the name of the website? Unless the website was coded poorly, I've never had a problem with the password generator. There should be a confirmation box under the extension icon if it captures a new or changed password.

&#x200B;

If you haven't logged out yet, the generated password should still be in the history: https://lastpass.com/support.php?cmd=showfaq&amp;id=7356

The best thing to do is to contact support here: https://lastpass.com/supportticket.php I am pretty sure they will try to help you.

The regular Premium trial period is 30 days (just for clarification)

&#x200B;

It's literally in their FAQ, so I am not sure what this snarky "way to go Lastpass" comment is about.

>**Once you create a new account with the same email address, if you have remaining Premium subscription time, it will automatically carry over to your new account.

https://lastpass.com/support.php?cmd=showfaq&amp;id=163

&#x200B;

This has come up before: https://www.reddit.com/r/Lastpass/comments/9uq9hk/google_titan_security_key_support/

Here's the company's statement: https://lastpass.com/support.php?cmd=showfaq&amp;id=8126

Support's standard advice for sites not autofilling. Maybe worth a try, even though it did indeed used to work....

https://lastpass.com/support.php?cmd=showfaq&amp;id=455

&#x200B;

&#x200B;

Uninstall your LastPass extension and install it again via LastPass Universal Mac Installer, which can be found here: https://lastpass.com/misc_download2.php