cancel
Showing results for 
Search instead for 
Did you mean: 
GlennD
GoTo Manager

Passwordless is possible - today!

What is Passwordless? 

Passwordless login is a new way to access your LastPass Vault without having to enter your master password. Once set up, you will simply authenticate, rather than having to type a password to access your vault.  Here’s how to set it up. 

 

So, do I need my master password? 

Yes, for now. There are three scenarios where you'll need your master password: 1) to set up passwordless login, 2) in case of a failed authentication attempt, or 3) to make security changes to your account. Eventually, LastPass will remove the master password altogether, but that takes time. This is just the first step in LastPass' passwordless journey. 

 

Is the Authenticator app the only way to use Passwordless? 

The LastPass Authenticator app is the first authentication method to be released. Over the next few months, LastPass will be introducing additional methods to log into your vault including biometrics and security keys like Yubikey. 

 

Glenn is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
57 REPLIES 57
Bosty
New Contributor

It just replaces your master password, not the individual passwords.
Bosty
New Contributor

Authenticator is optional, not required.
Nusaram
Active Contributor

This is great!  Thank you!

 

I set it up and it works perfectly.

 

After (a hacker) unsuccessfully attempted to login to my account sometime ago, I changed my master password to be very long and cryptic.  I also have always used the "Remember my email" and "Remember my password" options in the Browser extension.  An issue with "Remember my password" is that although the password is hidden when you login, the "show" icon on the far right displays it so, if someone gained access to my PC in an unlocked state, they could easily launch the Browser, click LasPass login, then "show" to display my master password.

 

With passwordless login, that issue is no more!  Hooray!

BenjiBoy
New Contributor

Long term, Passwordless is bad for free LastPass users. If our active device type is "Computer" and we want to do a cloud backup of our Authenticator accounts without switching our active device type to mobile devices,  it is not possible, because we must be logged in to the LastPass Password Manager on our phones.

inkymortar
Active Contributor

Ah ok - I must have missed that aspect. In that case it's a no-go for me until other authenticator apps are supported. I use the MS one extensively for a wide variety of accounts including LP, and I'm obliged to use a couple of others. I'm not looking to build up a collection of disparate authenticator apps, each for an individual program.

mojomarc
New Contributor

I completely agree with the sentiment that it makes zero sense to have multiple auth apps.  I can't switch to just LastPass Authenticator as work requires Microsoft Authenticator for passwordless.  Can we please make it so that we can do passwordless through other one-time code authentication apps like Microsoft Authenticator?

Kevin67
New Contributor

Is passwordless somehow using cookies or cache on the local computer? I set it up using Chrome Version 102.0.5005.63 (Official Build) (64-bit) on my Windows 10 machine. Logged out of LastPass, entered my email address again and the red box came up to use LastPass Authenticator. Then I completely closed the Chrome browser, cleared browsing history, cache, cookies, etc. Restarted Chrome, went https://lastpass.com/?ac=1, entered my email address again and now no red LastPass Authenticator box came up and I had to enter my master password again. 

The computer is still showing under "Passwordless enabled devices" (see below screenshot ) but doesn't seem to be working anymore after I cleared browsing history, cache, cookies, etc. The "Enable passwordless" option comes up again even though the computer is showing under the "Passwordless enabled devices" list.

 Passwordless_Page.JPG
Passwordless_Page.JPG

Tags (1)
Zoox
Active Contributor

How is this supposed to work (if master password is totally gone)?

 

I can install the app on my phone to authenticate for example a login using my PC. That much is clear.

But how do I authenticate when I login somewhere using my phone?


I mean it sounds terribly unsafe to have the authenticator on the same phone as the LastPass app that stores all the passwords. Usually that obvious no problem, until my phone gets stolen.

Am I missing a vital point on how passwordless works?

seanw18
New Contributor

This is great.

It could be greatly improved by allowing it to also be used for the "require master password reprompt" option, or a new equivalent option on each password.

I have all my  important/financial passwords set this way and that's the most frequent reason for me to type the long master password. 

RonWeasley
Active Contributor

@nunya_business Passwordless access to LastPass. Not passwordless access to all your accounts in Lastpass.