HELP FILE

What is passwordless login in LastPass?

    Learn all about passwordless login and review frequently asked questions.

    What is passwordless login?

    Passwordless login allows you to log in to LastPass (or a feature of LastPass) using the LastPass Authenticator instead of entering your master password. You can authenticate via the LastPass Authenticator using a push notification + stored biometrics (face or fingerprint), TOTP code, SMS passcode, or a phone call. You can leverage passwordless login when logging in to your LastPass vault, SSO apps, and/or workstations.

    Remember: Passwordless login for SSO apps only supports authentication using stored biometrics (face or fingerprint) via push notification in the LastPass Authenticator.
    Current limitations about passwordless login for vault only:
    • Can only be used when logging in to LastPass from a desktop. You can use either the LastPass browser extension (requiring version 4.96 or later) or LastPass website – Support for mobile access is coming soon!
    • Currently only the LastPass Authenticator can be used for passwordless loginSupport for using Touch ID and USB security keys coming soon!
    • All multifactor authentication options must be disabled except for the LastPass Authenticator.

    Who can use passwordless login for vault?

    Passwordless login for vault is a completely free feature that is available for all account types! Every user from LastPass Free to LastPass Business can use it. Passwordless login for your vault does not require activation steps in order to use.

    Who can use passwordless login for SSO apps and workstations?

    Passwordless login for SSO apps and workstations is only available for LastPass Business + Advanced MFA add-on accounts, and users are required to complete activation steps before passwordless login can be used.

    How does passwordless login work?

    Passwordless login allows you to sync the LastPass Authenticator with your master password, so you can use any of the available authentication options in the LastPass Authenticator (push notification + face or fingerprint, TOTP code, SMS passcode, or phone call) in place of entering your master password.

    Remember: If you have a LastPass Teams or LastPass Business account, authentication methods will vary depending on how your account is set up and/or policies that are enforced by your LastPass admin.

    How is passwordless login used?

    Once enabled, you can access your vault, SSO apps, and/or workstations from your desktop by leveraging any of the available authentication options in the LastPass Authenticator instead of entering your master password. View the table below for additional details.

    Remember: Passwordless login for SSO apps only supports authentication using stored biometrics (face or fingerprint) via push notification in the LastPass Authenticator.

    What if I can't use my device or I can't access the LastPass Authenticator? Am I locked out?

    No – your master password will always be available for you to use instead of using passwordless login via the LastPass Authenticator.

    I see an "account settings conflict" when trying to enable passwordless login for my vault, what should I do?

    You will encounter this message if you already have another multifactor authentication option enabled to protect your vault.

    Account settings conflict
    To fix this, do the following:
    1. Disable all other multifactor options in your vault except for the LastPass Authenticator.
      Restriction: If you have a LastPass Business or LastPass Teams account, the ability to perform these actions may be limited or prohibited due to policies enabled by your LastPass admin. To proceed, contact your LastPass admin and reference the instructions for LastPass Business or LastPass Teams.
    2. Try to enable passwordless login for your vault again (which will enable the LastPass Authenticator as your multifactor authentication option to protect your vault).

    What are the feature differences for passwordless login?

    There are key differences in how the passwordless login feature is used, as shown below.

    Table 1.
    LastPass account type Where you log in Setup instructions for LastPass users Login instructions for LastPass users Setup instructions for LastPass admins
    All account types Your LastPass vault (currently on desktop only)
    1. Disable all multifactor authentication options except for the LastPass Authenticator
    2. Enable passwordless login for your vault (using the LastPass Authenticator) – Support for using Touch ID and USB security keys is coming soon!
    Log in to your vault from your desktop using passwordless login (via the LastPass Authenticator) – Support for using Touch ID and USB security keys is coming soon!
    1. Disable all multifactor authentication options for your users except for the LastPass Authenticator – Instructions for LastPass Business and LastPass Teams admins
    2. Enable the "Allow passwordless login" policy
    LastPass Business + Advanced MFA add-on SSO apps & websites Set up passwordless login for your users' SSO apps
    1. Activate passwordless login
    2. Sign in to SSO apps using passwordless login
    Set up an SSO app and enable "Step-up authentication"
    LastPass Business + Advanced MFA add-on Windows or Mac workstation Set up passwordless login for your users' Windows or Mac workstations
    1. Activate passwordless login
    2. Log in to your Windows or Mac workstation using passwordless login
    1. Enable the "passwordless login" policy
    2. Enable the "passwordless login access" policy (optional)
    3. Set up Workstation Login for Windows or Mac