We Can Help

If my information is encrypted with my Master Password, how can it be that my One Time Passwords are allowed to decrypt it?

How the OTP process works,

  • Creates a completely random 256-bit number
  • Make the random key out of the username and the random password as a hash
  • Make a random hash from your username and random password, send this to the server. This will be how we can tell you entered the right 32 digits of hex to allow you to download your encrypted data later.
  • Encrypt your actual key with the new random_key, so we can retrieve it when random password is entered later, send this to the server.

Basically we recursed our entire process using a 256-bit key that's randomly created.

The safety of this is very high, especially if you turn over your OTPs -- a full 256-bit key to encrypted data which gets wiped once you use it.

For more information about our encryption process, please see this link: https://lastpass.com/whylastpass_technology.php

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.


View your account information and view the status of previously submitted support tickets.


Submit a support ticket and we'll get back to you as soon as we can!

One Time Passwords, Master Password

Enter a few words explaining what you need help with

Please type your question in English

Please review these answers to your question:

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.


View your account information and view the status of previously submitted support tickets.


Submit a support ticket and we'll get back to you as soon as we can!


Browse through our FAQs:

Do you have any Heartbleed questions?