What is Passwordless?
Passwordless login is a new way to access your LastPass Vault without having to enter your master password. Once set up, you will simply authenticate, rather than having to type a password to access your vault. Here’s how to set it up.
So, do I need my master password?
Yes, for now. There are three scenarios where you'll need your master password: 1) to set up passwordless login, 2) in case of a failed authentication attempt, or 3) to make security changes to your account. Eventually, LastPass will remove the master password altogether, but that takes time. This is just the first step in LastPass' passwordless journey.
Is the Authenticator app the only way to use Passwordless?
The LastPass Authenticator app is the first authentication method to be released. Over the next few months, LastPass will be introducing additional methods to log into your vault including biometrics and security keys like Yubikey.
Does anyone know if the LastPass folks even monitor this community thread for questions/concerns that are raised or is this community page just paying customers and no involvement from LastPass support/product management/etc?
I tried to follow the direction to set up passwordless. However, after I clicked "LOG IN WITH AUTHENTICATOR" the push notice won't appear. I checked the notifications settings on my iPhone and all settings were fine. The "Allow Notification" was ON in the Authenticator app settings. I'm not sure if I missed anything. Please help. TIA!
" It makes it substantially harder to be hacked, "
I fear it's the opposite. The app will make things far more insecure for many users.
The reason is simple; most users have one phone and both the Lastpass and authenticator are on the same phone. Once the attacker has your phone he has complete access to everything.
Once the authenticator app gets mandatory I cancel my subscription.
Far, far better would be giving the user (a combination) of options.
fingerprint, pin, masterpass and authenticator.
This new feature sounds nothing more than a marketing gimmick.
It's impossible to know they read this rather long thread.
But as you noticed they never answer any questions. I think that's a bad thing both for us and them.
We don't get our answers. Potential new customers look and conclude "This is one of those companies that turns silent once they have my money".
Many questions could have been answered by writing a decent press release. I don't want to be rude but what I received is simply extremely bad. No explanation whatsoever. A company based on security must know in advance at least half of the questions asked in this thread. If they don't, they don't care or don't really know what they are doing.
Hopefully the LastPass folks will correct me if my assumptions are wrong, but I think there is a lot of consternation about losing phones that really aren't that scary once you've used passwordless
They should have answered that in their initial press release.
a- If my phone gets stolen, can the thief access my passwords using the authenticator app?
b- If my phone dies, can I set up a new authenticator on my new phone?
Right now the answer to question b is yes because you still can do all sorts of things in you account using your masterpassword. But in their press release they wrote that 'soon' the masterpassword is totally gone.
Those two questions keep returning in many shapes and forms in this thread. They should have been answered in the initial press release.
Hello, I was able to set up passwordless on a single device (call it 1) with the LP Authenticator. So far so good. But I have another device (call it 2), which is my backup in case anything goes wrong, and I would like to set up LPA on that one too. I was able to set up passwordless on device 2, but I still need to approve from device 1. Useless if device 1 gets lost. If it was Google Auth I would just display the QR code again and add it on device 2, but now there's no option to display it anymore for LPA. How can I add my account to LPA on device 2?