Want to get my easy to follow Tech Tips in your email?
Sign up for my daily Rick’s Tech Tips Newsletter!
Question from Nancy: I have a big problem Rick, and I really need your help.
I tried logging into LastPass this morning and it wouldn’t let me. Every time I try it says my master password is incorrect even though I know it isn’t.
Do you know of any way I can get it to let me log back in?
I clicked on “Forgot Password” and it asked for my email address. It said I’d get an email that would help me reset my password but I never received it after trying three times.
I searched Google for help and found this Help page:
I tried everything on that page but nothing worked.
I don’t know what do at this point. I don’t want to have to reset my account and start over because I have a lot of passwords in there that I don’t know what they are. This is a real mess.
Please help if you can because LastPass won’t help me at all!
Rick’s answer: I feel terrible for your predicament, Nancy. Unfortunately, this happens a lot and it rarely ends well.
LastPass never helps in these situations, and they explain why in this excerpt from the page you linked to above:
Important: LastPass Support has no knowledge of a user’s master password. It is not possible for LastPass Support to reset or change a user’s master password if it is forgotten.
That means you’re pretty much on your own if the recovery methods LastPass provide fail to work, and unfortunately they do fail at times, as you have discovered.
I wish I had good news for you Nancy, but I’m afraid I just don’t.
At this point the only thing you can do is visit each website that had its password stored in LastPass and try to reset the passwords from there, one by one.
And that brings me to this very important point…
I strongly recommend that you reset those passwords as soon as possible. And if at all possible, I recommend that you set up passkeys for your accounts because they are a lot more secure than passwords.
Also, if any of the affected accounts are financial in nature you need to contact those companies immediately and let them know that your accounts have potentially been breached.
I have no way of knowing for sure but I have a strong hunch that a scammer has tricked you into handing over your LastPass Master Password via a phishing attempt.
These phishing ploys are very effective and it’s very easy to fall for them without even realizing it.
The reason I believe that’s what happened is because…
1 – The password you know to be correct is not working.
2 – The email address you used with LastPass isn’t receiving the password reset emails.
Those two things taken together strongly indicate that your account was hijacked via a phishing attempt.
Again, I am so very sorry this happened to you. I know it probably isn’t much consolation but you’re certainly not alone.
I receive these types of requests for help on a regular basis, and not just from LastPass users. Every password manager has similar vulnerabilities.
I have written several posts explaining why I never recommend the use of password managers. You will find them right here if you’re interested in reading them, and I recommend that you do before deciding whether to continue using LastPass (or some other password manager).
Bottom line: I am so very sorry that I’m unable to help you, Nancy. I really wish I could but I’m afraid there’s nothing more you can do besides the things you’ve already tried.
Update from Nancy: Thanks, Rick. I knew in my gut that this would be your answer, but I was hoping against hope. Thanks for taking the time to write such a thorough answer.