HELP FILE

What are the differences between Workstation Login and Workstation MFA in LastPass Business?

    Both Workstation Login and Workstation MFA allow users to securely log in to their Windows or Mac workstations. However, there are several key differences between these two features of the LastPass Business + Advanced MFA add-on, each providing their own security benefits.

    Note: These features are available with the LastPass Business + Advanced MFA add-on. Learn more about plans & pricing.
    Important: Both Workstation Login and Workstation MFA cannot both be deployed within the same environment; LastPass Business can only choose to deploy one or the other.

    Key differences

    Please review the table below to learn about the differences between these two features.

    Workstation Login (Passwordless Workstation) Workstation MFA
    Allows users to log in to their workstation with only passwordless login via the LastPass Authenticator app app Allows users to log in to their workstation with their Windows or Mac account password and multifactor authentication via the LastPass Authenticator app app
    Supports local logins only Supports both local and remote (RDP) logins to workstations
    Located in the new Admin Console under Applications > Passwordless Apps > Workstation Login Located in the new Admin Console under Applications > MFA Apps
    Requires administrator installation & end user configuration to set up Requires only administrator installation to set up
    Users can choose a different login method Admins can configure sign-in options to only allow this login method
    Only one user can log in and authenticate per workstation Multiple users can log in and authenticate per workstation
    Available authentication methods via the LastPass Authenticator app (depending on the policies enforced):
    • Push notification – Tap or select Accept when prompted on the LastPass Authenticator app
    • Push notification using biometric authentication – Verify your identity using face or fingerprint
    Available authentication methods via the LastPass Authenticator app (depending on the policies enforced):
    • Push notification – Tap Accept when prompted on the LastPass Authenticator app
    • Push notification via biometric authentication – Verify your identity using face or fingerprint
    • Rotating time-based, one-time passcode (TOTP) – Enter the 6-digit passcode
    • Phone call ("Call Me") – Receive a phone call at the phone number the user registers when enrolling the LastPass Authenticator app as their multifactor option
      Remember: The phone number you set in your vault's Account Settings is not the phone number used for the Call Me feature. Learn more about the Call Me feature.
    • YubiKey(via the LastPass Authenticator app only) – Depending on the YubiKey device you are using, take the applicable action:
      • Insert your YubiKey device into the USB port of your computer, then wait until your YubiKey touch-button shines with a steady light and hold your fingertip on the touch-button for one (1) second to authenticate
      • Tap Plug it in (if applicable), then plug in your YubiKey (using either the USB-C side for Android or the Lightning side for iOS)
      • Hold your YubiKey up to the NFC reader on the back of your mobile device