LastPass lockout leaves users lashing out over lost logins

LastPass password manager in Android Phone
(Image credit: Future)

What you need to know

  • LastPass users have been locked out of their vaults after an authenticator app reset.
  • The reset was designed to implement planned security upgrades.
  • LastPass has highlighted the reset process in a support document.
  • Locked-out users can't raise tickets to the company's support team since they need access to their accounts first.

Several LastPass users have taken to social media platforms to express their frustrations over the inability to access their login credentials and usernames. The issue dates back to as early as May this year when users were requested to reset the application, as highlighted by BleepingComputer

LastPass indicated that the prompt to reset multifactor authentication (MFA) apps like the Microsoft Authenticator was in place to implement planned security upgrades scheduled for May 9. The company added that the upgrade was designed to "increase the password iterations and force a re-sync of all users' MFA."

While speaking to BleepingComputer about the said change, LastPass indicated:

Following the 2022 incidents, we sent email and in-product communications to our customer base recommending that they reset their MFA secrets with their preferred Authenticator App as a precautionary measure. This recommendation was also included in the Security Bulletins that we sent to our B2C and B2B customers in early March and a second email communication in early April.

LastPass spokesperson

After the change was implemented, several users indicated they could not access their vaults and had been locked out of their accounts. An aggrieved user indicated they couldn't receive verification emails, often used to gain access to LastPass vaults. The user also indicated that it was impossible for them to raise a ticket raising the issue to the support team since they needed to have access first.

As highlighted by affected users, attempts to access LastPass have rendered their efforts futile. Instead, they keep on getting a prompt to reset their MFA authenticator.

Over at LastPass' community forums, the issue seems more widespread. For instance, in the thread, a concerned user has highlighted an instance where they were able to use their master password and even update their MFA, but still, they were still denied access.

On June 27, 2023, LastPass shared a support document on its website under the FAQs section. It's designed to help users navigate the reset process and highlight its importance. The company further highlighted that it had sent in-app messages to its users "several weeks" before implementing the change. As such, if you don't use the app and have also unsubscribed from emails, you might have missed the notification highlighting the change.

Consequently, failure to follow the reset process, as highlighted in the support document, could be the main reason why most users can't access their information via the app.

The company spokesman cited that despite lobbying early campaigns highlighting this change, many users still haven't made the reset. To this end, it's unclear what extra steps LastPass will take to remedy this situation. However, in an advisory, the company indicated that:

"You must log in to the LastPass website in your browser and re-enroll your MFA application before you can access LastPass on your mobile device again. You cannot re-enroll using the LastPass browser extension or the LastPass Password Manager app."

Kevin Okemwa

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.