SOLUTION
Passwordless authentication
Prioritize the user experience while protecting yourself against human-error data breaches with FIDO2-certified passwordless login to the LastPass vault.
No credit card required for trial. After the trial, LastPass Business is $7 per user/month.
Going passwordless is a no brainer
of people forget and reset a password at least 1-2 times per month.
of businesses have passwordless technology on their roadmap.
of businesses experienced a password-related breach in the past 2 years.
Master passwords may be the private key to a user’s password vault, but every IT help desk knows that lockouts and password resets still happen. Passwordless login removes password memorization altogether.
LastPass Authenticator app
Enable passwordless login to your vault on desktop using the LastPass Authenticator app for mobile devices. Approve a push notification or certify a one-time password and you’re logged in. Available for download on iOS and Android.
FIDO2-certified biometrics
With biometric multifactor authentication (MFA), a user’s identity becomes their security key. Users can use facial recognition or fingerprint scanning to log in.
FIDO2-certified hardware keys
Protect yourself against brute force attacks with a FIDO2/WebAuthn hardware token like YubiKey or Feitian keys.
Simplify the user login experience
Avoid password reuse, remove password-related friction, and make it easier for employees to log in to their LastPass vault.
Protect employee access everywhere
Enhance access management by giving users immediate and consistent access to all the credential-based logins they need, not just those covered by single sign-on (SSO).
Increase user adoption rates
A simplified user experience translates to higher adoption rates, which can help your business improve password practices and significantly reduce the risk of data breaches.
Secure every workstation
Enable workstation MFA passwordless access to allow user’s access to their work-specific computers free from passwords.
Passkeys in the LastPass vault
Create, store, and access passkeys – cryptographic key pairs built on phishing-resistant FIDO and WebAuthn standards that replace passwords – right in your vault to provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices.
Remove master passwords completely
Experience a seamless, end-to-end passwordless experience where the master password is truly no longer required.
Built on a foundation of security expertise
Millions
Customers secure their passwords with LastPass
100,000+
Businesses choose LastPass
Learn more about passwordless
Frequently asked questions
What is passwordless authentication?
Passwordless authentication is a set of solutions which secure user logins. This is a solution of passwordless access to the LastPass vault, save and autofill, single sign-on (SSO), and federated login.
Passwordless vault access allows a user to log in to their LastPass vault without having to type in their master password, protecting users and businesses against brute-force attacks, credential stuffing, and phishing. Instead of their master password, they log in with the LastPass Authenticator app, FIDO2-certified biometrics, or a FIDO2-certified hardware key.
How does passwordless authentication work?
Passwordless authentication works by verifying a user’s identity not with a master password, but a user’s attributes, whether that be a hardware key, a user’s physical identity, or a one-time password (OTP) sent to their mobile device.
A user logs in using a possession factor: something they own (a smartphone or hardware key) or their physical characteristics (face or fingerprint scan).
A user will be prompted to complete their preferred method of passwordless login when attempting to log in to their LastPass password vault. Once completed, in addition to any other MFA methods, a user is granted access.
Is passwordless safer than MFA?
Passwordless login is technically safer than multifactor authentication (MFA), but how?
MFA still involves passwords: with MFA, you enter your username and password and then complete steps of MFA, whether it’s a two-factor authentication process like a one-time password (OTP) or MFA like an OTP plus a fingerprint scan.
So while MFA is a secure access management solution, passwordless authentication is technically safer because it doesn’t involve a password at all. Instead, a user logs in using their identity, whether it’s a device they own or their physical attributes.
How do I implement passwordless vault login?
LastPass Business admins can enable and implement passwordless authentication from their LastPass Admin Console.
To enable passwordless authentication, admins have to first add the policy. They can do this from the Policies > General Policies section of their Admin Console. Select a New Policy then search for and select Allow passwordless login. Once set, the admin must choose to enable the policy.
Once enabled, admins can Edit policy users to manage, add, or remove users regarding the policy. How you go about implementing passwordless authentication is up to you and your business’s needs, whether you want certain users to complete additional contextual methods before they gain access or whether you want adaptive MFA in place for all users.
Can biometric authentication be used for passwordless login?
Yes, LastPass supports biometric authentication for a passwordless vault or workstation login. Users can use any FIDO2-certified authenticator, including Windows Hello and Apple’s Touch ID for desktop computers, as well as Face ID, Touch ID, or biometrics for mobile – Android only supports fingerprint scans at this time).
What are magic links
Magic links are a form of passwordless authentication. Magic links allow a user to log in by entering their email address after login, wherein the system server will send them an email with a magic link which, when clicked, grants them access to their account. While passwordless, magic links are not as safe as the methods supported by LastPass’ passwordless authentication.
Will LastPass users still need their master passwords?
Yes, users still need their master password. Passwordless technology is rapidly evolving, and while the goal is to remove the master password altogether, this must be accomplished in phases. For now, the master password will exist to validate security-related changes to account settings and in the case of a declined authentication attempt. Users will need their master password less frequently, so be sure to set up account recovery options so they’ll always have a backup way into their account.
Is LastPass passwordless FIDO2 certified
Yes. LastPass has obtained FIDO2 Server Certification, meaning it is certified by FIDO2 – after undergoing meticulous security and performance testing – to be ready for scalable deployment to market. This means LastPass provides a true passwordless login experience for customers, attained through passwordless mechanisms that include biometrics – face and fingerprint ID – and hardware security keys, like YubiKey and Feitian.