How to recover a password manager account
If you can’t access your password manager, the recovery path depends on the provider, your account setup, and whether you enabled emergency access or backup methods.
This guide explains the practical steps to regain access while protecting your vault from unauthorized recovery attempts.
Password managers such as 1Password, Bitwarden, LastPass, Dashlane, and Keeper use different recovery models, but the same core principles apply: verify your identity, use approved recovery channels, and avoid risky shortcuts that can permanently weaken security.
First, identify what kind of lockout you have
Before trying recovery, determine whether you are dealing with an account login problem, a master password problem, or a device-specific sync issue.
Each case has a different fix.
- Account email inaccessible: You may need to restore access to the email address tied to the password manager first.
- Master password forgotten: Recovery may be limited or impossible if the provider uses zero-knowledge encryption.
- 2FA lost: You may need backup codes, an authenticator recovery process, or manual identity verification.
- App or browser issue: You might still have access on another device, extension, or signed-in session.
Check whether you are already signed in somewhere
The easiest recovery path is often an active session on a phone, tablet, browser extension, or desktop app.
If you are still signed in on any trusted device, you may be able to change your master password, export a vault backup, or reset account settings from inside the app.
Look for:
- Signed-in mobile apps on iOS or Android
- Browser extensions in Chrome, Firefox, Safari, or Edge
- Desktop apps on Windows or macOS
- Trusted devices where biometric unlock still works
If you have access to one device, act quickly.
Many password managers let you create recovery codes, reset two-factor authentication, or re-authorize new devices once you are inside the vault.
Use the provider’s official recovery process
The safest way to recover a password manager account is through the provider’s documented support flow.
Search the company’s help center for account recovery, lost master password, or two-factor recovery instructions.
Common recovery methods
- Email verification: A reset link is sent to your registered email address.
- Backup codes: One-time codes generated when 2FA was enabled.
- Recovery key or secret key: Required by some providers in addition to the master password.
- Emergency access: A trusted contact can request access after a waiting period.
- Identity verification: Support may ask for proof of ownership before helping.
Be aware that many password managers cannot reset a forgotten master password without also deleting encrypted data, because the service cannot decrypt your vault.
That is a security feature, not a limitation of support willingness.
What if you forgot your master password?
If the master password is the problem, check whether your provider supports a true reset.
Some services allow a password reset only if you can prove possession of a recovery key, signed-in device, or backup code.
Others require creating a completely new vault.
Try these steps in order:
- Review saved notes, emails, or secure documents for the master password or recovery key.
- Check whether password autofill on trusted devices still unlocks the app.
- Use a backup code or recovery phrase if you saved one during setup.
- Open the provider’s account recovery page and follow the exact instructions.
- Contact support only through official channels listed on the provider’s website.
If the service uses end-to-end encryption and no recovery data is available, your only option may be to create a new account and rebuild the vault from remembered logins, browser-saved passwords, and exported data from signed-in devices.
How to recover from lost two-factor authentication
Losing access to an authenticator app, phone number, or security key does not always mean you are locked out forever.
Many platforms build in backup methods specifically for this scenario.
- Backup codes: Use one of the one-time recovery codes generated when 2FA was enabled.
- Alternate device: If you approved a login on another trusted device, you may be able to reconfigure 2FA.
- SMS fallback: Some providers support text-message codes, though this is less secure.
- Recovery key: A separate secret can sometimes bypass the missing second factor.
- Support-assisted recovery: Identity checks may restore access after verification.
Once you regain access, replace any lost factor immediately.
For example, re-enroll a new authenticator app, generate fresh backup codes, and revoke old sessions from the security settings page.
How to verify official support and avoid scams
Account recovery is a common target for phishing, social engineering, and fake support sites.
Because you are under stress, attackers often try to exploit urgency.
Use these safety checks:
- Type the provider’s official domain directly into your browser.
- Never share a master password, recovery key, or backup code by email or chat unless the company explicitly instructs you through a verified channel.
- Check for HTTPS and the correct company domain before signing in.
- Avoid “account recovery services” from random search ads or social media posts.
- Ignore unsolicited calls claiming to be support; most reputable providers do not cold-call users about vault access.
If support asks for identity documents, submit them only through a secure portal on the official website.
Keep a record of case numbers and timestamps for follow-up.
How to recover access if your email account is also compromised
If you lost both your password manager access and the email account tied to it, the email account becomes the priority.
Most password manager recovery flows rely on that mailbox for reset links and alerts.
Recover the email account first using the provider’s account recovery process, then immediately:
- Change the email password
- Enable two-factor authentication
- Review forwarding rules and recovery settings
- Check for unauthorized devices or app passwords
- Return to the password manager and reattempt recovery
If the email account cannot be recovered, support may require stronger proof of ownership before making any changes to the vault account.
What to do after you get back in
Once you regain access, secure the account before resuming normal use.
Recovery is the right time to clean up weak settings and reduce future risk.
- Change the master password to a strong, unique passphrase.
- Enable or re-enable two-factor authentication with an authenticator app or hardware security key.
- Download and store fresh backup codes in a secure offline location.
- Review active sessions and sign out of unknown devices.
- Check vault items for signs of tampering or unauthorized edits.
- Update emergency access or recovery contacts if your provider supports them.
Also update your password manager email address only if you have full control of the new mailbox and have verified its security settings.
How to prevent a future lockout
Good recovery planning matters more than luck.
A password manager is supposed to reduce risk, but it still needs a recovery strategy that matches your threat model.
Best practices for safer recovery
- Store backup codes in a separate secure location, such as a locked document or offline password-protected file.
- Keep a second trusted device signed in when possible.
- Document your master-password recovery plan in a secure note.
- Use a hardware security key if your provider supports FIDO2 or WebAuthn.
- Review emergency access settings annually.
- Make sure your email account and phone number are both secured with strong authentication.
For families or teams, choose a password manager that supports delegated recovery, admin controls, and auditable access policies.
Business users should also evaluate SSO integration, SCIM provisioning, and role-based access controls if account continuity is critical.
When to contact support directly
Contact support when the standard self-service tools do not work, when your 2FA device is gone, or when you suspect account takeover.
Provide only the information the provider requests, and expect that verification may take time.
Useful details to have ready include:
- The email address on the account
- The approximate date the account was created
- Devices previously used to sign in
- Recent purchase receipts or subscription details, if applicable
- The exact error message shown during login
Support can help with access questions, but they cannot override every encryption model.
Understanding that difference will save time and set realistic expectations while you work through how to recover a password manager account safely.