This is great! Thank you!
I set it up and it works perfectly.
After (a hacker) unsuccessfully attempted to login to my account sometime ago, I changed my master password to be very long and cryptic. I also have always used the "Remember my email" and "Remember my password" options in the Browser extension. An issue with "Remember my password" is that although the password is hidden when you login, the "show" icon on the far right displays it so, if someone gained access to my PC in an unlocked state, they could easily launch the Browser, click LasPass login, then "show" to display my master password.
With passwordless login, that issue is no more! Hooray!
Long term, Passwordless is bad for free LastPass users. If our active device type is "Computer" and we want to do a cloud backup of our Authenticator accounts without switching our active device type to mobile devices, it is not possible, because we must be logged in to the LastPass Password Manager on our phones.
Ah ok - I must have missed that aspect. In that case it's a no-go for me until other authenticator apps are supported. I use the MS one extensively for a wide variety of accounts including LP, and I'm obliged to use a couple of others. I'm not looking to build up a collection of disparate authenticator apps, each for an individual program.
I completely agree with the sentiment that it makes zero sense to have multiple auth apps. I can't switch to just LastPass Authenticator as work requires Microsoft Authenticator for passwordless. Can we please make it so that we can do passwordless through other one-time code authentication apps like Microsoft Authenticator?
Is passwordless somehow using cookies or cache on the local computer? I set it up using Chrome Version 102.0.5005.63 (Official Build) (64-bit) on my Windows 10 machine. Logged out of LastPass, entered my email address again and the red box came up to use LastPass Authenticator. Then I completely closed the Chrome browser, cleared browsing history, cache, cookies, etc. Restarted Chrome, went https://lastpass.com/?ac=1, entered my email address again and now no red LastPass Authenticator box came up and I had to enter my master password again.
The computer is still showing under "Passwordless enabled devices" (see below screenshot ) but doesn't seem to be working anymore after I cleared browsing history, cache, cookies, etc. The "Enable passwordless" option comes up again even though the computer is showing under the "Passwordless enabled devices" list.
How is this supposed to work (if master password is totally gone)?
I can install the app on my phone to authenticate for example a login using my PC. That much is clear.
But how do I authenticate when I login somewhere using my phone?
I mean it sounds terribly unsafe to have the authenticator on the same phone as the LastPass app that stores all the passwords. Usually that obvious no problem, until my phone gets stolen.
Am I missing a vital point on how passwordless works?
This is great.
It could be greatly improved by allowing it to also be used for the "require master password reprompt" option, or a new equivalent option on each password.
I have all my important/financial passwords set this way and that's the most frequent reason for me to type the long master password.