On the screen where it has me change the master password it says this: "Ideally, use a randomly generated master password." then gives an example of some password generated with random characters. Am I missing something? How is that practical?

Schmitz, Marshall

Just changed my master password in LastPass, and it gave me this advice:

"Ideally, use a randomly generated master password. A good example is: r50$K28vaIFYxaY"

I get that from a security standpoint, this is solid advice. But let's be real—how practical is that? Am I really supposed to memorize a completely random string of letters, numbers, and symbols that looks like a CAPTCHA gone rogue?

It seems counterintuitive for the one password I actually have to remember. Writing it down kind of defeats the purpose. And if I forget it, I'm locked out of everything.

Wouldn't a long, memorable passphrase like MyDog$HatesMondaysButLovesSteak be a better balance between security and usability?

Curious what others are doing. Are people really using randomly generated master passwords, or are you going the passphrase route?

Am I missing something here?

LastPass Support

Hi @Schmitz, Marshall​

Thanks for the discussion topic.

LastPass has the ability to generate a secure password for users when needed, so this would be the first option for those who can remember it or write down the random sequent.

I would agree that it's easier to remember a phrase + special characters placed within, but this can sometimes make the update process confusing to users.