LastPass introduces passwordless Vault access
LastPass, maker of the password management service, introduced support for accessing a customer's Vault using passwordless technology in June 2022.
Passwordless account systems use other means of authentication to provide users with access to services and accounts. Instead of requiring account passwords, passwordless systems use mobile applications, biometric identification technologies, hardware security keys, or other technologies for identification.
LastPass users who set up passwordless access need the LastPass Authenticator application to do so currently. Support for other passwordless authentication systems will be added in the future according to LastPass, but for now, only the Authenticator application offers this functionality.
LastPass users verify login requests in the LastPass Authenticator application to sign-in to their accounts; it is no longer necessary to type or paste the main password of the account to gain access once passwordless has been enabled for the account.
LastPass notes that passwordless sign-in is offering advantages over traditional password-based logins: according to the company, passwordless takes the stress out of having to pick and remember passwords, and it blocks data breaches and hacks that use stolen passwords. Passwordless authentication requires access to the LastPass Authenticator application on the other hand. In the future, customers may sign-in using biometric authentication or hardware security keys.
The main account password is still needed for certain operations. Passwordless sign-in to LastPass requires access to the LastPass Authenticator application; if the app is not available, e.g., when the phone is lost, stolen or damaged, then it is necessary to use the main password to gain access to the account.
The master password is required to add new devices to the list of trusted devices. Anyone with access to the LastPass application could otherwise sign-in to a user's vault.
LastPass customers need to download the Authenticator application to their mobile devices and set up passwordless in their Vault to switch to the new authentication method.
Microsoft introduced support for passwordless access to Microsoft Accounts in 2021, and Google, Microsoft and Apple committed in 2022 to a passwordless sign-in standard.
Closing Words
Passwords are a major attack vector, especially if two-factor authentication is not used or supported. Passwordless authentication takes the password out of the equation to just use the second factor of authentication to verify logins.
Now You: do you use passwordless authentication already, or plan to?
No need to pay for such services. KeePass and sync within your own services.
You can forget your password but don’t get loose of your 2fa application/device
Sorry but this initiative is quite counter productive.
It can also be stolen, destroyed (e.g. by water), malfunction, etc.
This idea that passwords are bad because a lot of people choose idiotic or easily guessable ones is flawed. Passwords are secure. They want you to ditch them so they can access everything once they get your phone or your fingerprint, which goverments can do. Now breaking a long password is not so easy so it is inconvenient for them.
Exactly as @Steve mentioned!
Incidentally, the company I work for (an international company with more than several hundred thousand employees) has come to the conclusion that password authentication is the best solution as in the past, because “the leak or leakage of biometric data, the ultimate personal information that cannot be changed, would lead to a catastrophe, and there is no perfect measure to prevent it”.
https://www.ghacks.net/2022/05/06/google-microsoft-and-apple-commit-to-passwordless-sign-ins-standard/#comment-4520940
Yeah, that’s my concern, if someone gets ahold of your phone that’s not screen-locked, they’ve basically got access to your whole life – bank accounts, credit cards, etc etc
Ditched LP after using them for like a decade because of all the shady crap they started pulling last year.
Now I’m on the premium plan for Bitwarden and I’m not looking back!
Plus, with Apple leading the way on their new Passkeys feature, passwordless logins will eventually become the standard everywhere, not just for LP.
LastPass became an independent company recently: https://www.ghacks.net/2021/12/14/lastpass-is-becoming-an-independent-company/