LastPass customers now have passwordless access to their vault and sites through the LastPass Authenticator. LastPass claims to be the first password manager solution to offer this option. It will be interesting to see how quickly its competitors respond.
Chris Hoff, Chief Secure Technology Officer at LastPass, said, “On the heels of tech giants and identity providers unveiling their plans to enable passwordless across their operating systems, web browsers, devices and applications, LastPass is excited to be the first solution and only password manager to allow users to securely and effortlessly login, manage their account credentials and get instant access to the accounts used every day – without ever having to enter a password.
“While broad implementation and adoption of passwordless is the industry’s ultimate goal, it will likely take years before people experience an end-to-end passwordless login across all applications, but LastPass helps get you there sooner.”
The advantage of going passwordless?
Despite making its money in password vaulting, LastPass is looking to accelerate the trend toward passwordless. It’s been a member of the FIDO Alliance for some time. It is now getting more closely involved with the aims of FIDO.
Its press release states: “The company is actively building FIDO2 compliant components and supporting authentication mechanisms, such as biometric face and fingerprint ID, and the addition of hardware security keys which are expected to be added to the passwordless offering later this year.”
For its users, this is good news. As the big players, Microsoft, Google and Apple, transition to a passwordless world, LastPass will be there. There will be no need for users to look for a new solution. It also shows that the company is playing the long game, which will again appeal to existing customers.
This announcement is a move down that path. The weakness of password vaults is that they still rely on a master password to access everything. Have that compromised, and an attacker can gain access to your data. This does not remove the master password. What it does is allow for much more complex master password rules. Once implemented, users will not need to remember that password, so added complexity should not be an issue.
There are also some platform issues. For example, the LastPass authenticator is available for iOS, Android and Windows but not Mac or Linux. It means using an alternative authenticator on those platforms. For some users, this will be an issue. After all, who wants multiple authenticators across their devices or a mix of master password and authenticator. From an IT support perspective, it just adds more work.
What does the LastPass Authenticator offer?
The press release also gives a view of where LastPass sees passwordless going. It talks about the gains to be had from going passwordless. However, it also warns that any solution must be frictionless. The lack of the LastPass Authenticator on all platforms does not seem to be frictionless. It seems the company still has work to do.
The release also calls out five things that LastPass is offering with this announcement:
- Fill Gaps Left by other Identity Providers: Just like SSO and MFA do not secure all passwords in use across your workforce, neither does the passwordless functionality that was announced in May of this year. With LastPass, you can now offer immediate and consistent passwordless access to all credential-based logins used by employees.
- Increased Productivity: When passwords are removed from the login equation, users no longer waste time having to reset and input their passwords, and IT teams no longer spend hours helping employees regain access and resolve mundane issues.
- Simplicity, Unlocked: By using the LastPass Authenticator, users can access and manage important account credentials in their LastPass vault without ever having to enter a password. This grants users instant and seamless access while maintaining security and greatly reducing password-related friction.
- Less Friction Means Higher Adoption: A reduction in password-related friction means increased access to the LastPass vault, driving adoption across your organisation for business accounts. This higher rate of adoption improves overall employee password hygiene and helps significantly reduce the organisation’s cyber risk as a result.
- Stronger Security Standards: Now users can set an even stronger master password since they won’t need to use it as often. Reducing the frequency of entering your master password helps protect your account from bad actors.
Enterprise Times: What does this mean?
Being the first password vault to offer a passwordless option gives LastPass an edge over its competition. It is a move that customers are likely to welcome if only because of the simplicity and extra security it adds. But how quickly can it migrate its user base to using the LastPass Authenticator? A quick uptake will show that the market is ready for this move. However, a slow uptake will show how much more work is needed to convince people of the benefits of passwordless.