cancel
Showing results for 
Search instead for 
Did you mean: 
GlennD
GoTo Manager

Passwordless is possible - today!

What is Passwordless? 

Passwordless login is a new way to access your LastPass Vault without having to enter your master password. Once set up, you will simply authenticate, rather than having to type a password to access your vault.  Here’s how to set it up. 

 

So, do I need my master password? 

Yes, for now. There are three scenarios where you'll need your master password: 1) to set up passwordless login, 2) in case of a failed authentication attempt, or 3) to make security changes to your account. Eventually, LastPass will remove the master password altogether, but that takes time. This is just the first step in LastPass' passwordless journey. 

 

Is the Authenticator app the only way to use Passwordless? 

The LastPass Authenticator app is the first authentication method to be released. Over the next few months, LastPass will be introducing additional methods to log into your vault including biometrics and security keys like Yubikey. 

 

Glenn is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
57 REPLIES 57
SunFuLai
New Contributor

Great new development. Thank you! BUT.....

similar to the issue of for leaving your phone at home: not sure if this recovery feature would have helped me this week, as my phone got submerged and went "dead". So had quite some difficulties to get to accounts with a similar verification process through an app/smartphone.

Until I have not some across a response how to tackle the issue of not able to go back to the "old" verification process, I am staying away from this new passwordless feature.

Zoox
Active Contributor

The way I understand it, you can still use your master password if your phone is at home.
But later the master password will be totally gone.

mojomarc
New Contributor

I think there is confusion around what passwordless is.  At my company, we've been passwordless for four years now using the same authentication standard that LastPass is using.  We still have our master password, and it is occasionally still required to access internal resources on our corpnet.  But for the most part, when I access a site instead of having to enter a user name and password, I have multiple other factors I can use, all of which are generally more secure than password alone.  For example, I may need to select (on my PC this is the primary way) select my certificate I want to use and enter a PIN).  Or I may enter my domain credentials and have my authenticator ask me to enter a factor from the login screen (it will pop up a box with a map location of where the request is coming from and ask for the number, so I get to see all the hack attempts on my account live).  This sounds like it will be much like this latter example with LastPass:  you will click on the icon to have LastPass fill the credentials for you, but instead of having to enter a master password you will get a notification from the LastPass Authenticator app asking you to validate the login.

Hopefully the LastPass folks will correct me if my assumptions are wrong, but I think there is a lot of consternation about losing phones that really aren't that scary once you've used passwordless 

JimL1
New Contributor

I’m using devices that recognize my thumbprint and log into LastPass that way. How is this different than passwordless access?
mbrodoff
New Contributor

I have followed the directions to set up password list using Authenticator. But as a consequence, I have been totally locked out from my account. I am not receiving SMS messages when requested. When I put in the code provided by authenticator I am told that the multi factor authentication has failed. I’ve gone to every device that I have and even my computer where I have not set up Authenticator does not let me log into my account using my master password. I cannot contact customer service because I can’t log into my account. When I tried to contact customer support using my email and call me feature, nobody seems to receive it or follow up with a call. This is extremely frustrating. How to I get back into my account. Please help. I am a premium subscriber.

AshC
GoTo Moderator

@mojomarc  Once LastPass authenticates your device you should not have to enter the account password again unless there's a disconnect.  So the formfill functionality will work without having to authenticate unless that connection is broken somehow. 


Ash is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
mbrodoff
New Contributor

The authentication process clearly did not work in my case because although I did everything correctly and Lastpass Authenticator seemed to have accepted my lastpass account, i was given no passwordless login option was not able to log on using my master password.  after much frustration, I was finally able to get a call back from lastpass customer service which has disabled the multifactor authentication on my account so I can now access it with my master password.  the new passwordless feature is not ready for prime time.  Really frustrating.

nunya_business
New Contributor

So the website where you will be using passwordless login will be able to connect you back to your authentication device, probably your phone?

Why is no one concerned about the huge privacy implications of this?

Who thought this was a good idea or an improvement in any way?

This is a huge step backwards, and will completely eliminate anonymity on the internet.

Zoox
Active Contributor

Lastpass contacts the authenticator app. (not the website)
nunya_business
New Contributor

But some information has to get sent back to the website, so that it says this is "ok". So there is an audit trail that can be used to trace a login back to a specific device, likely a phone. This is a huge privacy violation and makes it impossible to be anonymous on the internet.

 

If you're going to tell me that information can't be connected, I'm going to remind you how multiple governments lied and abused access to Covid 19 contact tracing and location data. If you don't think it will happen here, you aren't paying attention...