Password manager LastPass is rolling out a new “passwordless” method to access its desktop vault today.
Previously, users had to type in their master password to unlock the company’s desktop vault (and its stored passwords). Now, they’ll be able to authenticate access via the company’s mobile app. Presumably, this will include the option to use your phone’s biometric login features, like face and fingerprint unlock, though LastPass has not been completely clear how this will work in practice.
LastPass is characterizing this as a “passwordless” login, but it’s important to note that your master password isn’t going anywhere anytime soon. LastPass’ chief secure technology officer Chris Hoff says master passwords will still be necessary to register a LastPass account, add new trusted devices, make changes to an account, or type in if a passwordless login attempt fails. But the hope is that this new authentication approach can be a first step toward phasing out the master password entirely, as the industry moves toward passwordless authentication using standards such as FIDO.
“LastPass is excited to be the first solution and only password manager to allow users to securely and effortlessly login, manage their account credentials and get instant access to the accounts used every day — without ever having to enter a password,” said LastPass’ Hoff.
Today’s announcement is focused on desktop LastPass users, who currently aren’t offered any biometric login options as an alternative to typing in their master password. Meanwhile, on mobile, the company’s apps already offer biometric login options including fingerprint and face unlock.
The changes come a little over a year after LastPass made significant changes to its pricing structure, which vastly restricted the usability of its free tier. Last March, it restricted free users to only being able to access their passwords on mobile or desktop — not both. The company behind the service has also gone through changes after previous owner GoTo (then known as LogMeIn) announced plans to spin LastPass out into an independent company late last year.
LastPass’ press release doesn’t say whether its new passwordless feature will be limited to paid users or whether it’ll also be available via its free tier. We’ve followed up with the company for clarification.