LastPass Forums

[danishAce]

Hi, I love LastPass and recommends it to everyone I speak with about secure passwords and/or storage of same. So thanks for LastPass

My question is this:

I only use a laptop and if I should be so unlucky it got stolen, what would the best solution be for me to at least keep my passwords secure?

If the OTP for recovery is activated, 'the thief' would then be able to change my master password, right?

I'm thinking of disabling this option and instead using a recovery mail, a mail which password is secure and I don't forget, so I can access it at all times.

This way 'the thief' would not have any possibility of accessing my passwords, right?

[jpenny84]

1. First and foremost, on a laptop, it's important to sign out of your LastPass account when you're not using it. Set an automatic logout if you are worried about forgetting - https://lastpass.com/support.php?cmd=showfaq&id=153

2. Using a security email is a good idea, especially if you stay logged into the email account which use for your LastPass login. - https://lastpass.com/support.php?cmd=showfaq&id=2465 . A thief couldn't reset your password without access to that security email account.

3. You need both a password recovery email and the One Time Password to reset a master password. Disabling the recovery one time password in the browser extensions would eliminate your password recovery options. - https://helpdesk.lastpass.com/account-recovery/

[danishAce]

Ahh okay, wasn't sure about the process of OTP for recovery - but then without having a recovery mail, the OTP recovery wouldn't work?

Have added recovery mail now and OTP for recovery is activated.