Undetectable Humanizer: Lifetime Subscription
Transform AI-Generated Text into Human-Like, High-Ranking Content & Bypass Even the Most Sophisticated AI Detectors
Get 95% Deal

LastPass improves passwordless logins with FIDO2 authenticator support for desktops

Martin Brinkmann
Aug 14, 2023
Security
|
4

Lastpass, maker of the password management service of the same name, announced today that customers may now use FIDO2 compatible authenticators on desktop devices for passwordless logins to their vaults.

The new feature is available for all customers, including free users, premium users, families and also business customers.

Up until now, LastPass customers had to use the LastPass Authenticator application on desktop devices for passwordless sign-ins. The company launched biometric authentication support for passwordless logins on mobile, but not on desktop; this changes with today's announcement that FIDO2 compatible authenticators may now be used on desktop devices.

Customers who use the LastPass Authenticator application to sign-in to their vaults may continue using so, as nothing changes on that front. There is the possibility to switch to using a different authenticator now, and customers who never enabled passwordless login support for their account may select either of the available options, if they want to set up passwordless authentication for their account.

FIDO2 compatible authenticators include biometric sign-in options provided by the operating system, e.g., Windows Hello on Windows devices, and also compatible hardware keys, such as Yubikey.  How users authenticate the sign-in depends on the selected method. It may happen via a scan of their face or fingerprint, approving a push notification, or verifying the login via a hardware key.

Passwordless is a new form of authentication that is designed to replace passwords entirely in the future. The main idea behind the authentication standard is create secure keys locally on devices and use these for authentication. Instead of having to type passwords to submit their hashes to sites, which need to have the hashes stored to verify login attempts, nothing critical needs to be stored by the sites. While some data needs to be stored, this data alone is worthless. Passwordless eliminates phishing threats, certain network spying attempts and more.

LastPass has created and published a short introductory video:

Closing Words

LastPass customers have three options now when it comes to passwordless sign-ins: use the LastPass Authenticator app, use a FIDO2 compatible system that uses biometrics, or use a FIDO2 compatible hardware key.

Some of the company's applications and extensions may not support FIDO2 yet, judging from this paragraph of the announcement: "With FIDO2 Authenticators, LastPass Free, Premium, Families, Teams and Business customers will have more options when it comes to setting up passwordless login to the vault on desktop browsers and Chrome and Firefox extensions, Safari browser extension and desktop application support is coming soon."

Existing users may check out the following support page for guidelines on enabling passwordless authentication for their account.

LastPass has had a rough time in the previous years. The company disclosed a security breach in 2022 and a follow-up breach in which customer data was among the data the attacker copied.

Now You: does your password manager support passwordless authentication??

Summary
LastPass improves passwordless logins with FIDO2 authenticator support for desktops
Article Name
LastPass improves passwordless logins with FIDO2 authenticator support for desktops
Description
Lastpass announced today that customers may now use FIDO2 compatible authenticators on desktop devices for passwordless authentication.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. zircon said on August 15, 2023 at 11:00 pm
    Reply

    I used LP for years; I wouldn’t touch it now. They’ve had well-publicized security issues, they’ve steadily deprecated features from the free version, and they have a habit of ignoring Firefox users.

    There are free, proven, open-source alternatives (KeePass, both regular and XC, and Bitwarden are the first 2 that spring to mind).

  2. Harro Glööckler said on August 15, 2023 at 9:33 am
    Reply

    Such a lovely implementation…at least with the desktop Firefox extension.

    Before enabling passwordless logins:
    1. enter master password into the extension
    2. enter Google Authenticator OTP and click remember for 30 days
    3. until the browser is updated to a new major version, just the master password is needed

    After enabling passwordless logins:
    1. enter master password into the extension
    2. a new website opens where you need to re-enter your email and master password
    3. enter Windows Hello PIN
    4. repeat the whole thing each time the browser gets restarted

    I was promised something that works almost instantly and doesn’t need the master password at all, but now it takes thrice as long as the normal login method and even requires two master password entries…it would be nice if they at least copied Microsoft and their “tap the same number on your phone that is shown on the computer screen” or Valve’s “scan the QR code to login”.

  3. owl said on August 15, 2023 at 5:16 am
    Reply

    “Biometric authentication” is the unique for one and only ultimate authentication method, but that is why it is the ultimate risk.
    The data (fingerprints, irises, voiceprints, etc.) is desired by the state wants it in the name of security, and is likely to be a popular target for trading on the black market.

    The lesson of all ages and countries is that good intentions are destined to be defeated by malice, and that the cycle of cat-and-mouse is never-ending.
    “Antibiotic penicillin”, which was touted as the ultimate prescription drug, eventually “resistant bacteria” appeared, and streptomycin and vancomycin were the same, furthermore a never-ending (in addition, nosocomial infections with strong resistant bacteria are expanding) struggle continues.
    It was touted as “eternal peace under the nuclear umbrella”, but the reality is a truism.

    The large international company I worked for “concluded never to introduce a biometric system”.
    Because it is the ultimate, “biometrics” should be avoided.

    1. owl said on August 15, 2023 at 5:26 am
      Reply

      > The large international company I worked for “concluded never to introduce a biometric system”.

      The reason for this is that “it is ideal as an authentication system, but its data management (leakage countermeasures and maintenance management) is absolutely impossible”.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.