One of the biggest reasons someone decides to use a password manager is to avoid having to remember every single password they have for websites, apps, and other services.
By using a password manager, all they need is to remember one strong password, and leave the rest to the password manager. When time passes, people began to realize that they also want to avoid typing the password out every time they want to sign in.
And later, people also began to realize that they don't want a master password at all.
LastPass is a popular password manager, and this time, it has become the first password manager that offers its service without requiring users to even have a master password.
By providing users with passwordless login options, LastPass is aiming to support enterprises in implementing zero-trust strategy to provide users with user-friendly sign-on options.
This happens as LastPass joins Fast IDentity Online (FIDO).
To make passwordless login initially possible, LastPass allows users to unlock their vault using the LastPass Authenticator app. The app will allow users to unlock their vault using a random code through the app, skipping the need of having to enter a password.
Of course, this isn’t the perfect solution as it still requires you to enter something.
By joining forces with FIDO, the company is making use of FIDO2 compliance, meaning that users should be able to use their fingerprint or other biometric identity, as well as specific security keys like the YubiKey products.
This feature is introduced after 18 months of advocation for passwordless logins, after LastPass was given a seat at FIDO’s Board of Directors, business and individual customers will now be able to access accounts solely through using the LastPass Authenticator.
For a company whose business is to protect passwords, going passwordless might seem a bit self-defeating.
But in the era where things are moving very fast and people demand more speed than functionality, LastPass must do something that no other password managers have done.
While being passwordless is like defeating its purpose as a "password" manager, LastPass' goal is to bring both individuals and businesses instant access to the applications and credentials they need in a seamless, simple and secure way.
In its argument, the introduction of the passwordless feature eliminates password as a potential point of failure, and prevents threat actors from targeting users with credential-based attacks and phishing scams.
With over 15 billion stolen passwords on the dark web and 97% of senior security executives reporting an increase in credential theft last year, it’s clear that password-based authentication isn’t doing a good job of preventing unauthorized users from accessing sensitive information.
"As passwordless technology continues to be developed and adopted across the industry, true passwordless access to every site, across every device, application and browser through the FIDO2 standard will take years to achieve,” said Chris Hoff, chief secure technology officer at LastPass.
"Passwordless is a complex journey that requires support and development efforts across device manufacturers, operating system vendors, web browser providers, and web application developers in order to provide a seamless experience for users."
"On the heels of tech giants and identity providers unveiling their plans to enable passwordless across their operating systems, web browsers, devices and applications, LastPass is excited to be the first solution and only password manager to allow users to securely and effortlessly login, manage their account credentials and get instant access to the accounts used every day -- without ever having to enter a password," added Hoff.
"While broad implementation and adoption of passwordless is the industry’s ultimate goal, it will likely take years before people experience an end-to-end passwordless login across all applications, but LastPass helps get you there sooner."
"Authentication is a critical component of any zero-trust architecture and bringing that to users at scale is how businesses can enable greater security and enhanced user experience. We applaud LastPass for continuing to evolve their offerings to bring a passwordless login experience to users around the world, helping to break the dependence on passwords and usher in a safer way to interact online," added Andrew Shikiar, executive director and CMO of the FIDO Alliance.
LastPass isn’t the only password manager that partners with FIDO
1Password, for example, announced that it has joined the FIDO Alliance, and is also working towards enabling a passwordless sign in feature.
Another provider that’s implementing passwordless authentication, is the open-source password manager and also a member of the FIDO Alliance, Bitwarden, which has announced biometric login, passwordless SSO integration, and security key support for users to login.
Bitwarden offers a passwordless authentication solution that’s compatible with TouchID, FaceID, Windows Hello, and Android Login.
However, Hoff argues that LastPass stands out from competitors.
"LastPass is currently the only password manager with passwordless login to the vault," he said in a blog post, adding that LastPass is "the first – and only – password manager with its own Authenticator which is the method of allowing passwordless login," and the only tool to provide universal passwordless access to all sites whether through a password vault or single sign-on.