Frequently asked questions
Will users still need their master password?
Yes, users still need their master password. The master password is needed to register a LastPass account and verify new trusted devices. It will also be requested upon failed passwordless login attempts as well as any security-related account changes.
Which LastPass plans support going passwordless?
How does my business enable passwordless for employees’ password vaults?
Once employees log in, they will be prompted to add passwordless login. Just enable passwordless login – in this case, the LastPass Authenticator – from within the Account Settings. It’s as simple as that!
Admins can also choose whether they want their organization to opt in or out of passwordless login from within the admin console policy center.
What other endpoints can I use passwordless login to access?
Businesses with the Advanced Multifactor Authentication add-on can enable passwordless login for single sign-on apps and workstations.
How does my business enable passwordless for single sign-on (SSO) apps and workstations?
To enable passwordless for SSO apps, admins must enable "Step-up authentication" during the SSO app setup process, which will require users to use passwordless authentication when accessing the SSO app or website.
To enable passwordless for workstations, admins must first enable and assign users & groups to the "passwordless authentication" policy. Then they must set up Workstation Login for Windows or Mac to allow users to log in to their workstation using passwordless authentication (the LastPass Authenticator app) instead of entering a password.
Is LastPass passwordless FIDO2 compliant?
LastPass is actively building FIDO2 compliant components and supporting authentication mechanisms for mobile, web, extensions, and desktop, such as biometric – face and fingerprint ID – and hardware security keys. LastPass will be adding these offerings to the passwordless solution later this year.