LastPass introduces passwordless Vault access

Martin Brinkmann
Jun 8, 2022
Security
|
7

LastPass, maker of the password management service, introduced support for accessing a customer's Vault using passwordless technology in June 2022.

image credit: LastPass

Passwordless account systems use other means of authentication to provide users with access to services and accounts. Instead of requiring account passwords, passwordless systems use mobile applications, biometric identification technologies, hardware security keys, or other technologies for identification.

LastPass users who set up passwordless access need the LastPass Authenticator application to do so currently. Support for other passwordless authentication systems will be added in the future according to LastPass, but for now, only the Authenticator application offers this functionality.

LastPass users verify login requests in the LastPass Authenticator application to sign-in to their accounts; it is no longer necessary to type or paste the main password of the account to gain access once passwordless has been enabled for the account.

ADVERTISEMENT

LastPass notes that passwordless sign-in is offering advantages over traditional password-based logins: according to the company, passwordless takes the stress out of having to pick and remember passwords, and it blocks data breaches and hacks that use stolen passwords. Passwordless authentication requires access to the LastPass Authenticator application on the other hand. In the future, customers may sign-in using biometric authentication or hardware security keys.

The main account password is still needed for certain operations. Passwordless sign-in to LastPass requires access to the LastPass Authenticator application; if the app is not available, e.g., when the phone is lost, stolen or damaged, then it is necessary to use the main password to gain access to the account.

The master password is required to add new devices to the list of trusted devices. Anyone with access to the LastPass application could otherwise sign-in to a user's vault.

LastPass customers need to download the Authenticator application to their mobile devices and set up passwordless in their Vault to switch to the new authentication method.

Microsoft introduced support for passwordless access to Microsoft Accounts in 2021, and Google, Microsoft and Apple committed in 2022 to a passwordless sign-in standard.

Closing Words

Passwords are a major attack vector, especially if two-factor authentication is not used or supported. Passwordless authentication takes the password out of the equation to just use the second factor of authentication to verify logins.

Now You: do you use passwordless authentication already, or plan to?

Summary
LastPass introduces passwordless Vault access
Article Name
LastPass introduces passwordless Vault access
Description
LastPass, maker of the password management service, introduced support for accessing a customer's Vault using passwordless technology. 
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Anonee said on June 8, 2022 at 9:12 am
    Reply

    Ditched LP after using them for like a decade because of all the shady crap they started pulling last year.
    Now I’m on the premium plan for Bitwarden and I’m not looking back!

    Plus, with Apple leading the way on their new Passkeys feature, passwordless logins will eventually become the standard everywhere, not just for LP.

    1. Martin Brinkmann said on June 8, 2022 at 11:52 am
      Reply
  2. Piotr Kustal said on June 8, 2022 at 11:06 am
    Reply

    You can forget your password but don’t get loose of your 2fa application/device

    Sorry but this initiative is quite counter productive.

    1. Andy Prough said on June 8, 2022 at 2:44 pm
      Reply

      Yeah, that’s my concern, if someone gets ahold of your phone that’s not screen-locked, they’ve basically got access to your whole life – bank accounts, credit cards, etc etc

    2. Steve said on June 11, 2022 at 11:05 am
      Reply

      It can also be stolen, destroyed (e.g. by water), malfunction, etc.

      This idea that passwords are bad because a lot of people choose idiotic or easily guessable ones is flawed. Passwords are secure. They want you to ditch them so they can access everything once they get your phone or your fingerprint, which goverments can do. Now breaking a long password is not so easy so it is inconvenient for them.

      1. owl said on June 12, 2022 at 3:26 pm
        Reply

        Exactly as @Steve mentioned!

        Incidentally, the company I work for (an international company with more than several hundred thousand employees) has come to the conclusion that password authentication is the best solution as in the past, because “the leak or leakage of biometric data, the ultimate personal information that cannot be changed, would lead to a catastrophe, and there is no perfect measure to prevent it”.
        https://www.ghacks.net/2022/05/06/google-microsoft-and-apple-commit-to-passwordless-sign-ins-standard/#comment-4520940

  3. Anonymous said on June 8, 2022 at 2:35 pm
    Reply

    No need to pay for such services. KeePass and sync within your own services.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.