The technique is simple.
The problem is that the technique is time-consuming and ponderous.
Let’s review that technique, and what you can do to avoid this situation in the future.
Losing your passwords
I’m a strong believer in using password vaults like LastPass, primarily because they enable greater security.
Using a password vault, you can easily use longer, more secure passwords, and easily use different passwords for every site. These two actions together increase your overall online security tremendously.
If there’s a downside to using a password vault it’s that, used properly, you don’t know your own passwords. This is a good thing, since strong passwords are, essentially, unknowable. But it’s also a bad thing, in that should you lose access to your password vault, you lose access to all the information stored therein.
In the case of LastPass specifically, if you forget your LastPass master password, there is no recovery.1 LastPass can’t tell you your password because they don’t know your password. LastPass knows if you type in the right password, but it doesn’t know what it is. As a result, if you forget it, they can’t recover it for you.
There’s really only one recourse
If you’ve lost all your passwords, there’s really only one thing to do: one at a time, set new passwords on each account, using its “I forgot my password” or equivalent account recovery link.
One at a time.
It’s painful. It’s ponderous. But it’ll work.
It’ll just take some time.
Before you start
Before you start, however, I’d recommend you set up a new account with your password vault so that as you reset all those passwords, you can:
- make them long and strong
- use a different password on each site
- let the password vault remember it for you
There’s no requirement that you do it all immediately.
As you go about your day and attempt to log in to an account for which you haven’t reset a password, do so. Over time, you’ll rebuild the database of passwords stored in your password vault.
It’s easy to say, “Don’t forget your vault password” and leave it at that. But I realize that’s oversimplistic. It also doesn’t account for other things that can go wrong.
So, instead, fall back on my other most common recommendation: back up.
Specifically, back up the contents of your password vault. Ideally, back it up in an unencrypted form which you then save in some different, yet secure, way. For example, I regularly back up my LastPass vault, unencrypted, and save it in a different, secure location. Should I ever lose access to my LastPass account, I’ll always have that backup from which to start over.
- Reset your passwords, one at a time.
- Remember those new passwords using a password vault.
- Back up the contents of your password vault regularly.
That way, you’ll never be in this position again.