LastPass removes the master password from customers’ login with FIDO2 authenticators

LastPass announced the availability of FIDO2 authenticators, including biometrics, such as finger print or face ID, and hardware keys, for its Passwordless Login solution.

This innovation allows LastPass customers to experience a seamless passwordless login to their vaults with the added security of FIDO2’s open authentication standard hosted by the FIDO Alliance, which is the widely adopted standard for many authentication and passwordless technologies.

LastPass has been leading the movement towards a future without passwords since 2022, when it became the first password manager to provide a passwordless login experience with the LastPass Authenticator App.

The availability of FIDO2 authenticators is the latest evolution in LastPass’ passwordless solution. It removes the master password from customers’ login experience by allowing them to authenticate from their choice of biometrics or hardware keys. All three passwordless options are available for all existing and new LastPass customers at no additional charge.

“LastPass is proud to continue leading the charge towards a passwordless future, first by eliminating most passwords from daily life and today by offering even greater security and authority in our passwordless solution,” said Karim Toubba, CEO of LastPass. “Not only does meeting the FIDO2 compliance standard provide our customers with the industry standard for security and a simplified login experience, but it also promises them greater authentication choices, seamlessly – contributing to better password hygiene, higher adoption, less time and money wasted on resolving lockouts, and a stronger overall security posture.”

LastPass’ Passwordless Login solution prompts users to select a primary authentication method: the LastPass Authenticator, biometrics (face and fingerprint ID), or a hardware key (USB key) to log into their LastPass vault, removing the need to enter their master password.

“The imperative to reduce reliance on passwords has become abundantly clear to everyone and is a core tenet of the FIDO Alliance’s mission, which LastPass has actively supported as a long-standing participant on our Board of Directors,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “By eliminating the requirement for a knowledge-based credential in favor of unphishable FIDO2 authenticators, LastPass has taken an important step to provide simpler and more secure access to LastPass vaults – accelerating their customers’ journey towards a password-independent future.”

With FIDO2 authenticators, LastPass Free, Premium, Families, Teams, and Business customers will have more options when it comes to setting up passwordless login to their vault. The FIDO2 authenticators are currently supported on desktop browsers and Chrome and Firefox extensions, with Safari browser extension and desktop application support coming soon.

In addition, for LastPass Teams and Business customers, admins can enable or disable passwordless login to the vault for their end-users and can also dictate which FIDO2 authenticators can be used for passwordless login.

LastPass also supports FIDO2 attestation validations, meaning users can further validate the FIDO2 authenticator data during security key registration. These developments have initiated the process of LastPass obtaining FIDO2 certification for its servers, further signaling LastPass’ commitment to reducing the world’s reliance on passwords.

LastPass’ current and future passwordless login options replace the need for the master password as the primary method of authenticating a user upon logging in to a LastPass vault, thereby giving simple passwordless access to the dozens or hundreds of sites stored within.