Alternative backup methods for passwordless authentication

Showing results for 
Search instead for 
Did you mean: 

Alternative backup methods for passwordless authentication

0 Kudos

Alternative backup methods for passwordless authentication



I've just tried out passwordless authentication for the lastpass vault.


During setup I had to provide a phone number as what appeared to be the only backup method in case I'm unable to use passwordless login via the lastpass app.


I tried out the phone based backup authentication method, and was sent an SMS with a 6 digit code, which was then all I needed to access the vault. As SMS is generally considered an insecure authentication method, I try to avoid using it, and it is a potential security bypass to passwordless.


Also, during passwordless setup I had an error message until I disabled my existing google authenticator app. Can this error message be removed ? I've since found I can anyway re-enable google authenticator after passwordless setup is complete, although I have to go through disable / re-enable google auth each time I add passwordless on a new device.


I found a phone number in my account settings as a "recovery phone". I deleted that phone number, but it didn't disable the SMS backup method. Is there some other way I can disable the SMS backup method ?


So I currently now have passwordless with both google authenticator and SMS (unwanted) as backup options. I think passwordless, plus any of the  existing multifactor methods as a backup option, would be better for most users than SMS. This would need a  change to the passwordless setup steps.

1 Comment
New Member

Also is Lastpass passwordless going to use bluetooth to ensure the phone is nearby, like Googles FIDO2 security key. Currently the lastpass passwordless system seems to still work when bluetooth is disabled.