Great new development. Thank you! BUT.....
similar to the issue of for leaving your phone at home: not sure if this recovery feature would have helped me this week, as my phone got submerged and went "dead". So had quite some difficulties to get to accounts with a similar verification process through an app/smartphone.
Until I have not some across a response how to tackle the issue of not able to go back to the "old" verification process, I am staying away from this new passwordless feature.
I think there is confusion around what passwordless is. At my company, we've been passwordless for four years now using the same authentication standard that LastPass is using. We still have our master password, and it is occasionally still required to access internal resources on our corpnet. But for the most part, when I access a site instead of having to enter a user name and password, I have multiple other factors I can use, all of which are generally more secure than password alone. For example, I may need to select (on my PC this is the primary way) select my certificate I want to use and enter a PIN). Or I may enter my domain credentials and have my authenticator ask me to enter a factor from the login screen (it will pop up a box with a map location of where the request is coming from and ask for the number, so I get to see all the hack attempts on my account live). This sounds like it will be much like this latter example with LastPass: you will click on the icon to have LastPass fill the credentials for you, but instead of having to enter a master password you will get a notification from the LastPass Authenticator app asking you to validate the login.
Hopefully the LastPass folks will correct me if my assumptions are wrong, but I think there is a lot of consternation about losing phones that really aren't that scary once you've used passwordless
I have followed the directions to set up password list using Authenticator. But as a consequence, I have been totally locked out from my account. I am not receiving SMS messages when requested. When I put in the code provided by authenticator I am told that the multi factor authentication has failed. I’ve gone to every device that I have and even my computer where I have not set up Authenticator does not let me log into my account using my master password. I cannot contact customer service because I can’t log into my account. When I tried to contact customer support using my email and call me feature, nobody seems to receive it or follow up with a call. This is extremely frustrating. How to I get back into my account. Please help. I am a premium subscriber.
@mojomarc Once LastPass authenticates your device you should not have to enter the account password again unless there's a disconnect. So the formfill functionality will work without having to authenticate unless that connection is broken somehow.
The authentication process clearly did not work in my case because although I did everything correctly and Lastpass Authenticator seemed to have accepted my lastpass account, i was given no passwordless login option was not able to log on using my master password. after much frustration, I was finally able to get a call back from lastpass customer service which has disabled the multifactor authentication on my account so I can now access it with my master password. the new passwordless feature is not ready for prime time. Really frustrating.
So the website where you will be using passwordless login will be able to connect you back to your authentication device, probably your phone?
Why is no one concerned about the huge privacy implications of this?
Who thought this was a good idea or an improvement in any way?
This is a huge step backwards, and will completely eliminate anonymity on the internet.
But some information has to get sent back to the website, so that it says this is "ok". So there is an audit trail that can be used to trace a login back to a specific device, likely a phone. This is a huge privacy violation and makes it impossible to be anonymous on the internet.
If you're going to tell me that information can't be connected, I'm going to remind you how multiple governments lied and abused access to Covid 19 contact tracing and location data. If you don't think it will happen here, you aren't paying attention...