What is Passwordless?
Passwordless login is a new way to access your LastPass Vault without having to enter your master password. Once set up, you will simply authenticate, rather than having to type a password to access your vault. Here’s how to set it up.
So, do I need my master password?
Yes, for now. There are three scenarios where you'll need your master password: 1) to set up passwordless login, 2) in case of a failed authentication attempt, or 3) to make security changes to your account. Eventually, LastPass will remove the master password altogether, but that takes time. This is just the first step in LastPass' passwordless journey.
Is the Authenticator app the only way to use Passwordless?
The LastPass Authenticator app is the first authentication method to be released. Over the next few months, LastPass will be introducing additional methods to log into your vault including biometrics and security keys like Yubikey.
I was using LastPass Authenticator for a while. Then it stopped working and I couldn't figure out how to obtain a barcode to reconnect. Then, recently, LastPass displayed a barcode: but when I scanned it I simply got an error message.
Please don't push this authenticator until you've got it working.
Hi all, thanks for your early feedback. We're always interested to hear what customers are experiencing.
I wanted to address some concerns regarding the LastPass Authenticator and Passwordless functionality:
I enabled it and discovered 2 things:
1) push notifications do not show up to my android phone - the lastpass authenticator app never wakes up on its own, I never see anything. If I go into the authenticator app and then enter the number, I can log in. But this totally defeats the purpose of convenience!
2) when I enable passwordless login, I no longer have the option to enter my password, apparently I HAVE to use the authenticator app. I don't want that -- is there a way to use the authenticator app, but if your phone is not around enter the password?
Any help is appreciated. I'd like to use this cool new feature, but as it is it doesn't work.
@nope123 If your phone is not accessible, you can still use passwordless login to log in to SSO apps and/or workstations by pairing another device with the LastPass Authenticator or contacting your LastPass admin.
I enabled the passwordless login today and it seems to work well.
Can this be used for master password reprompts too? I hate typing passwords and want to simply tap approve or use my Mac fingerprint reader for that.
Also looking forward to optionality. Would like to be able to use a YubiKey and fingerprint as well to log in. I really only want to type in the master password when all other options are unavailable to me.
Is there a technical writeup that explains how this feature works? I'm just trying to understand on a high level how encryption is maintained in an offline environment since LastPass Authenticatior is the only thing needed for subsequent logins on that machine.
@BoJackHorseman Passwordless login does not completely remove the need for your actual password, and additional 2-factor authentication methods will be available in the future.
@jpenny84 Re-encryption only occurs when the Authenticator confirms your identity, which is automatically required when LastPass is not in use for 24 hours.
I have extension version 18.104.22.168 on Firefox and I don't see the Passwordless Options tab.
So a no go for me. Must say i'm on a trail (lastpass business)
But when i send a invite for setup passwordless authentication I recieve a mail.
LP Authenticator installed and working. In the recieved mail clicking the button Activate Lastpass MFA
It opens a site and I see a button to link my phone. Clicking button. LP Authenticator app opens and then nothing.
My user status of passwordless auth still on invited.