LastPass introduces passwordless Vault access
LastPass, maker of the password management service, introduced support for accessing a customer's Vault using passwordless technology in June 2022.
Passwordless account systems use other means of authentication to provide users with access to services and accounts. Instead of requiring account passwords, passwordless systems use mobile applications, biometric identification technologies, hardware security keys, or other technologies for identification.
LastPass users who set up passwordless access need the LastPass Authenticator application to do so currently. Support for other passwordless authentication systems will be added in the future according to LastPass, but for now, only the Authenticator application offers this functionality.
LastPass users verify login requests in the LastPass Authenticator application to sign-in to their accounts; it is no longer necessary to type or paste the main password of the account to gain access once passwordless has been enabled for the account.
LastPass notes that passwordless sign-in is offering advantages over traditional password-based logins: according to the company, passwordless takes the stress out of having to pick and remember passwords, and it blocks data breaches and hacks that use stolen passwords. Passwordless authentication requires access to the LastPass Authenticator application on the other hand. In the future, customers may sign-in using biometric authentication or hardware security keys.
The main account password is still needed for certain operations. Passwordless sign-in to LastPass requires access to the LastPass Authenticator application; if the app is not available, e.g., when the phone is lost, stolen or damaged, then it is necessary to use the main password to gain access to the account.
The master password is required to add new devices to the list of trusted devices. Anyone with access to the LastPass application could otherwise sign-in to a user's vault.
LastPass customers need to download the Authenticator application to their mobile devices and set up passwordless in their Vault to switch to the new authentication method.
Microsoft introduced support for passwordless access to Microsoft Accounts in 2021, and Google, Microsoft and Apple committed in 2022 to a passwordless sign-in standard.
Passwords are a major attack vector, especially if two-factor authentication is not used or supported. Passwordless authentication takes the password out of the equation to just use the second factor of authentication to verify logins.
Now You: do you use passwordless authentication already, or plan to?Advertisement