LastPass, maker of the password management service, introduced support for accessing a customer’s vault using passwordless technology in June 2022.
Passwordless account systems use other means of authentication to provide users with access to services and accounts. Instead of requiring account passwords, passwordless systems use mobile apps, biometric identification technologies, hardware security keys, or other identification technologies.
LastPass users setting up passwordless access currently require the LastPass Authenticator app to do so. Support for other passwordless authentication systems will be added in the future according to LastPass, but currently only the Authenticator app offers this functionality.
LastPass users verify login requests in the LastPass Authenticator app to log in to their accounts; you no longer need to type or paste the master password for the account to access it once no password is enabled for the account.
LastPass notes that passwordless login offers advantages over traditional password-based logins: according to the company, passwordless eliminates the stress of having to choose and remember passwords, and it blocks data breaches and hacks that use stolen passwords. Passwordless authentication, on the other hand, requires access to the LastPass Authenticator app. In the future, customers will be able to log in using biometric authentication or hardware security keys.
The master account password is still required for some operations. Passwordless login to LastPass requires access to the LastPass Authenticator app; if the application is not available, for example when the phone is lost, stolen or damaged, then it is necessary to use the master password to access the account.
The master password is required to add new devices to the list of trusted devices. Anyone with access to the LastPass app could otherwise log into a user’s vault.
LastPass customers must download the Authenticator app on their mobile devices and set up passwordless in their vault to switch to the new authentication method.
Microsoft introduced support for passwordless access to Microsoft accounts in 2021, and Google, Microsoft, and Apple committed in 2022 to a passwordless sign-in standard.
Passwords are a major attack vector, especially if two-factor authentication is not used or supported. Passwordless authentication takes the password out of the equation and simply uses second factor authentication to verify logins.
Now you: Do you already use passwordless authentication or do you plan to do so?