Does anyone know if the LastPass folks even monitor this community thread for questions/concerns that are raised or is this community page just  paying customers and no involvement from LastPass support/product management/etc?

I don't think I said anything different than that, really. I think maybe my comment about "domain credentials" was misconstrued to mean password, when I was really meaning "domain username". I haven't had to enter a password on my work PC in three years.

I tried to follow the direction to set up passwordless. However, after I clicked "LOG IN WITH AUTHENTICATOR" the push notice won't appear. I checked the notifications settings on my iPhone and all settings were fine. The "Allow Notification" was ON in the Authenticator app settings. I'm not sure if I missed anything. Please help. TIA!

" It makes it substantially harder to be hacked, "

I fear it's the opposite. The app will make things far more insecure for many users.
The reason is simple; most users have one phone and both the Lastpass and authenticator are on the same phone. Once the attacker has your phone he has complete access to everything.

Once the authenticator app gets mandatory I cancel my subscription.
Far, far better would be giving the user (a combination) of options.
fingerprint, pin, masterpass and authenticator.

This new feature sounds nothing more than a marketing gimmick.

It's impossible to know they read this rather long thread.

But as you noticed they never answer any questions. I think that's a bad thing both for us and them.

We don't get our answers. Potential new customers look and conclude "This is one of those companies that turns silent once they have my money".

Many questions could have been answered by writing a decent press release.  I don't want to be rude but what I received is simply extremely bad. No explanation whatsoever.  A company based on security must know in advance at least half of the questions asked in this thread. If they don't, they don't care or don't really know what they are doing.

Hopefully the LastPass folks will correct me if my assumptions are wrong, but I think there is a lot of consternation about losing phones that really aren't that scary once you've used passwordless 

 

They should have answered that in their initial press release.

a- If my phone gets stolen, can the thief access my passwords using the authenticator app?

b- If my phone dies, can I set up a new authenticator on my new phone?

Right now the answer to question b is yes because you still can do all sorts of things in you account using your masterpassword. But in their press release they wrote that 'soon' the masterpassword is totally gone.

Those two questions keep returning in many shapes and forms in this thread. They should have been answered in the initial press release.

Hello, I was able to set up passwordless on a single device (call it 1) with the LP Authenticator. So far so good. But I have another device (call it 2), which is my backup in case anything goes wrong, and I would like to set up LPA on that one too. I was able to set up passwordless on device 2, but I still need to approve from device 1. Useless if device 1 gets lost. If it was Google Auth I would just display the QR code again and add it on device 2, but now there's no option to display it anymore for LPA. How can I add my account to LPA on device 2?
Thanks.

"I fear it's the opposite. The app will make things far more insecure for many users.
The reason is simple; most users have one phone and both the Lastpass and authenticator are on the same phone. Once the attacker has your phone he has complete access to everything."

This isn't the right way to look at it. First, your phone should be secured. I know I use face ID on mine, so if someone gets a hold of my phone it is difficult to get in for them. Second, your vault is still secured by password and (if you're smart) a second factor. Third, the way passwordless works is that is passes the public key to the website you're logging into, not your vault. And typically (not sure how LastPass well implement, but this is how it works for my work) the tokens typically last only one session, and to get access to the Microsoft Authenticator I have a second biometric factor in FaceID. So if someone gets a hold of my phone I am not all that worried, assuming this is how LastPass does it as well. I mean if this works for Windows Hello with a half billion PCs daily....

And it really isn't a new marketing gimmick. It basically makes phishing attacks impossible, and phishing is the most common attack vector and the most successful. Any MFA is better than straight username/password, but when there is essentially no password to enter them it makes it much harder to trick someone into giving it up.

I had this same experience, a few minutes ago. Odd. However, I *was* able to open my vault, in kind-of the old-fashioned way.

My laptop's screen had a place where you can enter a passcode from the LP Authenticator. I opened that app on my phone, found the numbers for the passcode, and typed them into the field on my laptop. LastPass came right up.

So it turned out to be a little klunkier than promised. But it didn't prevent me from getting to my vault on my laptop.