Password Manager LastPass today introduces a new “passwordless” method to access its desktop vault.
Previously, users had to enter their master password to unlock the company’s desktop vault (and its stored passwords). Now they can verify access through the company’s mobile app. Presumably this includes the option to use your phone’s biometric login features such as face and fingerprint unlock, although LastPass isn’t entirely clear on how this will work in practice.
LastPass characterizes this as a “passwordless” login, but it’s important to note that your master password isn’t going anywhere anytime soon. LastPass Chief Secure Technology Officer Chris Hoff says master passwords are still required to register a LastPass account, add new trusted devices, make changes to an account, or enter if a passwordless login attempt fails . But the hope is that this new authentication approach can be a first step towards the complete elimination of the master password as the industry moves towards passwordless authentication using standards such as FIDO.
“LastPass is pleased to be the first solution and only password manager that allows users to securely and effortlessly log in, manage their account information and instantly access the accounts used every day – without ever entering a password,” said Hoff of LastPass. †
Today’s announcement is aimed at desktop LastPass users, who are currently not offered biometric login options as an alternative to typing their master password. Meanwhile, the company’s apps on mobile already offer biometric login options, including fingerprint and face unlock.
The changes come a little over a year after LastPass made significant changes to its pricing structure, which severely limited the usability of the free tier. Last March, it restricted free users to only access their passwords on mobile or desktop – not both. The company behind the service has also undergone changes after previous owner GoTo (then known as LogMeIn) announced plans to turn LastPass into an independent company late last year.
LastPass’ press release does not say whether the new passwordless feature will be limited to paid users or whether it will also be available through the free tier. We have contacted the company for clarification.