What is Passwordless?
Passwordless login is a new way to access your LastPass Vault without having to enter your master password. Once set up, you will simply authenticate, rather than having to type a password to access your vault. Here’s how to set it up.
So, do I need my master password?
Yes, for now. There are three scenarios where you'll need your master password: 1) to set up passwordless login, 2) in case of a failed authentication attempt, or 3) to make security changes to your account. Eventually, LastPass will remove the master password altogether, but that takes time. This is just the first step in LastPass' passwordless journey.
Is the Authenticator app the only way to use Passwordless?
The LastPass Authenticator app is the first authentication method to be released. Over the next few months, LastPass will be introducing additional methods to log into your vault including biometrics and security keys like Yubikey.
I really did try and set this up today (the instructions are not very clear) as it looks like a useful feature, however, it went horribly wrong for me.
I received a warning message on my Last Pass iOS Authentication App: "Backup requires multifactor authentication" — I really do not want to turn off backups — who would?
Anyway I pressed on as I wanted to see how Oasswordless would work, and all looked good as I got to the Passwordless login to my vault on my iMac, but nothing was ever sent to the iOS Authenticator for me to confirm. I had to use SMS as a backup method to gain access. I did try a couple of times, but SMS was needed each time.
I had to switch back the Account Settings to use good old Password and MFA.
Does anyone have any ideas on both the Backup compatibility issue and what might have stopped Passwordless from working, or where to get help on these issues?
@Glimmie Feel free to give us a call if you're still experiencing trouble linking the LastPass Authenticator to your account.
@ColinW Did you previously have multiple MFA options set up for your account? (At the moment only the LastPass Authenticator is compatible)
I've been using Lastpass for over 7 years. I tested passwordless. It is a nice feature, but because it only works with the LP Authenticator and that forces you to use SMS backup, in my mind it's less secure than the other authenticator apps, so I won't use it. Kind of defeats the purpose of having an app at all. You seem to be pushing through a lot of improvements, which is nice...but 1Password offers support for Yubikey U2F instead of just OTP and has a Secret Key built-in, which in my mind may or may not make them more secure from a server side attack. I've been testing 1P, and their UI may be slightly more responsive as well. I have to manage not just my own account but others' as well you understand. I'm not a fan of LP SMS account recovery either. 1Password does not use this at all but offers an "Emergency Kit." Seems more secure. I'm probably missing something here, just not sure what? Please let me know. Thanks.
I have just tried enabling LP Passwordless and was also prompted for my phone number to use as a backup to login. I called their support team about this as I don't want to introduce a less-secure mechanism as a backup. I was told they haven't been contacted by anyone with concerns before, and best just to use a fake phone number if worried ?!?
Unfortunately I will be going back to my TOTP login until this can be fixed
Feedback on Passwordless....
I used Passwordless, and seemed to worked fine. But decided to stop using it mainly because if I was on PC and didn't have my phone handy it was a minor hassle to login to LastPass.
The work around was, as the Passwordless option seems to be browser specific, I could start a different browser and login to LastPass using my master password on the second browser (so tip - don't set up Passwordless on all your browsers, or you could be in trouble!).
What is the reason there isn't a option to put in the master password OR use the Authenticator when using Passwordless? (maybe there is an option, but I couldn't worked it out).