HELP FILE
What is passwordless login in LastPass?
What is passwordless login?
Passwordless login allows you to log in to LastPass (or a feature of LastPass) using the LastPass Authenticator instead of entering your master password. You can authenticate via the LastPass Authenticator using a push notification + stored biometrics (face or fingerprint), TOTP code, SMS passcode, or a phone call. You can leverage passwordless login when logging in to your LastPass vault, SSO apps, and/or workstations.
Remember: Passwordless login for SSO apps only supports authentication using stored biometrics (face or fingerprint) via push notification in the LastPass Authenticator.
- Can only be used when logging in to LastPass from a desktop. You can use either the LastPass browser extension (requiring version 4.96 or later) or LastPass website – Support for mobile access is coming soon!
- Currently only the LastPass Authenticator can be used for passwordless login – Support for using Touch ID and USB security keys coming soon!
- All multifactor authentication options must be disabled except for the LastPass Authenticator.
Who can use passwordless login for vault?
Passwordless login for vault is a completely free feature that is available for all account types! Every user from LastPass Free to LastPass Business can use it. Passwordless login for your vault does not require activation steps in order to use.
- Users with personal accounts (Free, Premium, Families) can immediately enable passwordless login for their vault.
- Users with business accounts (Teams, Business) must have their LastPass admin enable the "Allow passwordless login" policy in order make the feature available. Once the policy is enabled, business users can enable passwordless login for their vault.
Important: LastPass Business accounts that have enabled federated login with a third-party identity provider cannot simultaneously enable passwordless login for the vault.
Who can use passwordless login for SSO apps and workstations?
- For SSO apps, LastPass Business admins will need to enable passwordless login for the SSO app. Once configured, users assigned to the SSO app will need to activate passwordless login, then they can sign in to their SSO app using passwordless login.
Remember: Passwordless login for SSO apps only supports authentication using stored biometrics (face or fingerprint) via push notification in the LastPass Authenticator.
- For workstations, LastPass Business admins will need to set up passwordless login for their users' Windows or Mac workstations. Once set up, users will need to activate passwordless login, then they can log in to their Windows or Mac workstation using passwordless login.
How does passwordless login work?
Passwordless login allows you to sync the LastPass Authenticator with your master password, so you can use any of the available authentication options in the LastPass Authenticator (push notification + face or fingerprint, TOTP code, SMS passcode, or phone call) in place of entering your master password.
Remember: If you have a LastPass Teams or LastPass Business account, authentication methods will vary depending on how your account is set up and/or policies that are enforced by your LastPass admin.
How is passwordless login used?
Once enabled, you can access your vault, SSO apps, and/or workstations from your desktop by leveraging any of the available authentication options in the LastPass Authenticator instead of entering your master password. View the table below for additional details.
Remember: Passwordless login for SSO apps only supports authentication using stored biometrics (face or fingerprint) via push notification in the LastPass Authenticator.
What if I can't use my device or I can't access the LastPass Authenticator? Am I locked out?
No – your master password will always be available for you to use instead of using passwordless login via the LastPass Authenticator.
I see an "account settings conflict" when trying to enable passwordless login for my vault, what should I do?
You will encounter this message if you already have another multifactor authentication option enabled to protect your vault.
- Disable all other multifactor options in your vault except for the LastPass Authenticator.
Restriction: If you have a LastPass Business or LastPass Teams account, the ability to perform these actions may be limited or prohibited due to policies enabled by your LastPass admin. To proceed, contact your LastPass admin and reference the instructions for LastPass Business or LastPass Teams.
- Try to enable passwordless login for your vault again (which will enable the LastPass Authenticator as your multifactor authentication option to protect your vault).
What are the feature differences for passwordless login?
There are key differences in how the passwordless login feature is used, as shown below.
| LastPass account type | Where you log in | Setup instructions for LastPass users | Login instructions for LastPass users | Setup instructions for LastPass admins |
|---|---|---|---|---|
| All account types | Your LastPass vault (currently on desktop only) |
|
Log in to your vault from your desktop using passwordless login (via the LastPass Authenticator) – Support for using Touch ID and USB security keys is coming soon! |
|
| LastPass Business + Advanced MFA add-on | SSO apps & websites | Set up passwordless login for your users' SSO apps | Set up an SSO app and enable "Step-up authentication" | |
| LastPass Business + Advanced MFA add-on | Windows or Mac workstation | Set up passwordless login for your users' Windows or Mac workstations |
|
|