Security Feature
Passwordless Vault Login
Set your master password aside and go passwordless, removing the obstacles between you and your digital life.
Free trial for all plans. No credit card required.
Free yourself from password pains and risks with passwordless vault login
Seamless access is here
Verify your device with your master password just once, then access your vault using the passwordless authentication method you prefer.
Fewer password resets
Remove password barriers by instantly accessing the applications and credentials you need most. No more forgetting and resetting passwords.
Lower risk of hacks
Passwordless access adds additional protection layers: the device you trust, your biometrics, or any FIDO2-certified authenticators.
Enable passwordless for more secure, friction-free logins to your LastPass vault on desktop. Choose how you want to go passwordless:
- Use the LastPass Authenticator mobile app to log in via a push notification.
- Log in with a FIDO2-certified authenticator, including device biometrics (like Touch ID or Windows Hello) or hardware keys (YubiKey or Feitian).
Use face or fingerprint ID to go passwordless in the LastPass iOS or Android mobile app. To enable it, open the security settings menu and select the biometrics login option.
Once set up, you can log in to your vault using your face or fingerprint instead of manually entering your master password.
Want to go passwordless at work?
- Simplified employee login experience
- Increased IT admin productivity
- Secure authentication
- FIDO2 server certified
Learn more about passwordless
Frequently asked questions
How does passwordless login work?
- From a user’s perspective:
Your master password, which you previously typed in manually to log in to your LastPass vault, is replaced with the passwordless authentication method of your choice. Desktop users can choose from the LastPass Authenticator app, fingerprint or face ID, or a hardware key like YubiKey. In contrast, mobile users can only use their smartphone’s integrated biometrics feature.
- From a technical perspective:
LastPass now allows for passwordless login with FIDO2 authenticators. FIDO2 authentication uses W3C’s Web Authentication (WebAuthn) specification and FIDO Client to Authenticator Protocol (CTAP), industry-leading authentication standards which reduce the risk of phishing and all forms of password theft.
FIDO2 authentication replaces the master password with a secure and fast login experience supported by possession-based credentials. Only you possess these credentials either through your device (LastPass Authenticator app), your unique physical attributes (fingerprint or face ID), or a hardware key (YubiKey or Feitian key).
How do I enable passwordless in my LastPass account?
The process of enabling passwordless login will depend on the device you’re using to access LastPass:
- Desktops:
Log in to your vault, open “Account Settings” and find the “Passwordless Options” tab: LastPass Authenticator, FIDO2-certified biometrics, or FIDO2-certified hardware keys. Click the option you prefer and follow the instructions. The next time you want to access your vault from your trusted device, you’ll be able to do so through passwordless login – without entering your master password.
How to enable LastPass Authenticator app for passwordless login
- Mobile phones:
Log in to the LastPass app using your email address and master password. Tap Settings and then Security. Enable passwordless login: Android users will turn on logging in with biometrics, while iOS users can log in with either Face ID or Touch ID (fingerprint). The next time you want to access your vault from your trusted mobile device, you can do so through passwordless login.
Will I still need a master password?
Yes. If you’re having trouble logging in with your passwordless authentication method, you may be asked to reinput your master password. This will verify your identity and allow access to your account. You must also input your master password to make any security-related account changes, including adding new trusted devices.
How do I recover my account if I lose my device or forget my master password?
Whenever you establish a new method of authentication, make sure you’ve enabled the backup options available to that authentication method. By enabling backup, you’ll be able to establish your identity on a new device so you don’t lose access to your LastPass vault. Most all authentication methods will rely on an SMS code for you to verify your identity and then complete the backup restore.
What is FIDO2?
FIDO2 (Fast Identity Online 2) authentication is an open authentication standard developed by the FIDO Alliance that provides a more secure and convenient way to log in to online services, including the LastPass password manager vault. LastPass, as a FIDO2 Alliance board-level member, helps to develop specifications and raise awareness of this technology.
FIDO2 relies on public-key cryptography, which is much more secure than traditional password-based authentication. Instead of using a password that can be easily compromised or forgotten, FIDO2 uses a private key stored securely on the user's device and a public key registered with the online service. This ensures the user's credentials remain protected even if the service's database is breached. Like the LastPass zero-knowledge model, private keys never leave the user’s device and are never stored to the server.
Does LastPass support passkeys?
Coming soon, LastPass will support creating, saving, storing, and accessing passkeys, across all platforms and devices, right in the vault.
Typically, passkeys are accessed from the browser and device they were created on. With LastPass, it doesn’t matter what device or browser you’re on when you create a passkey. By storing your passkey with LastPass, you’ll have access to your passkey whenever and wherever you need them.