HELP FILE

What is passwordless login in LastPass?

    Learn all about passwordless login and review frequently asked questions.

    What is passwordless login?

    Passwordless login allows you to log in to LastPass (or a feature of LastPass) using the LastPass Authenticator app instead of entering your master password. You can authenticate via the LastPass Authenticator app using a push notification + stored biometrics (face or fingerprint), TOTP code, SMS passcode, or a phone call. You can leverage passwordless login when logging in to your LastPass vault, SSO apps, and/or workstations.

    Additionally, passwordless login for mobile allows you to log in your LastPass vault via the LastPass app for iOS or Android using your device's stored biometrics (face or fingerprint) instead of manually entering your master password.

    Learn more about the technology behind passwordless login in the LastPass Technical Whitepaper.

    Remember: Passwordless login for SSO apps only supports authentication using stored biometrics (face or fingerprint) via push notification in the LastPass Authenticator app.
    Current limitations about passwordless login for vault only:
    • When logging in to LastPass from a desktop, you can use either the LastPass browser extension (requiring version 4.96 or later) or the login page of the LastPass website. Learn how to enable and use.
    • Currently only the LastPass Authenticator app can be used for passwordless login from a desktop – Support for using Touch ID and USB security keys coming soon!
    • All multifactor authentication options must be disabled except for the LastPass Authenticator app.
    • When logging in to LastPass from a mobile device, you will only use the LastPass app for iOS or Android and the supported biometrics of your mobile device – the LastPass Authenticator app is not involved. Learn how to enable and use on your device.

    Who can use passwordless login for vault?

    Everyone! Passwordless login for vault is available for all account types. Passwordless login for your vault does not require activation steps in order to use.

    • Users with personal accounts (Free, Premium, Families) can immediately enable passwordless login for their vault on a desktop or on mobile.
    • Users with business accounts (Teams, Business) must have their LastPass admin enable the "Allow passwordless login" policy in order make the feature available. Once the policy is enabled, business users can enable passwordless login for their vault.
      Restriction: LastPass Business accounts that have enabled federated login with a third-party identity provider cannot simultaneously enable passwordless login for the vault.

    Who can use passwordless login for SSO apps and workstations?

    Passwordless login for SSO apps and workstations is only available for LastPass Business + Advanced MFA add-on accounts, and users are required to complete activation steps before passwordless login can be used.

    How does passwordless login work?

    Passwordless login allows you to sync the LastPass Authenticator app with your master password, so you can use any of the available authentication options in the LastPass Authenticator app (push notification + face or fingerprint, TOTP code, SMS passcode, or phone call) in place of entering your master password.

    Remember: If you have a LastPass Teams or LastPass Business account, authentication methods will vary depending on how your account is set up and/or policies that are enforced by your LastPass admin.

    How is passwordless login used?

    Once enabled, you can access your vault, SSO apps, and/or workstations from your desktop by leveraging any of the available authentication options in the LastPass Authenticator app instead of entering your master password. View the table below for additional details.

    Remember: Passwordless login for SSO apps only supports authentication using stored biometrics (face or fingerprint) via push notification in the LastPass Authenticator app.

    What if I can't use my device or I can't access the LastPass Authenticator app? Am I locked out?

    No – your master password will always be available for you to use instead of using passwordless login via the LastPass Authenticator app.

    I see an "account settings conflict" when trying to enable passwordless login for my vault, what should I do?

    You will encounter this message if you already have another multifactor authentication option enabled to protect your vault.

    Account settings conflict
    To fix this, do the following:
    1. Disable all other multifactor options in your vault except for the LastPass Authenticator app.
      Restriction: If you have a LastPass Business or LastPass Teams account, the ability to perform these actions may be limited or prohibited due to policies enabled by your LastPass admin. To proceed, contact your LastPass admin and reference the instructions for LastPass Business or LastPass Teams.
    2. Try to enable passwordless login for your vault again (which will enable the LastPass Authenticator app as your multifactor authentication option to protect your vault).

    What are the feature differences for passwordless login?

    There are key differences in how the passwordless login feature is used, as shown below.

    Table 1.
    LastPass account type Where you log in Setup instructions for LastPass users Login instructions for LastPass users Setup instructions for LastPass admins
    All account types Your LastPass vault on a desktop
    1. Disable all multifactor authentication options except for the LastPass Authenticator app
    2. Enable passwordless login for your vault (using the LastPass Authenticator app) – Support for using Touch ID and USB security keys is coming soon!
    Log in to your vault from your desktop using passwordless login (via the LastPass Authenticator app) – Support for using Touch ID and USB security keys is coming soon!
    1. Disable all multifactor authentication options for your users except for the LastPass Authenticator app – Instructions for LastPass Business and LastPass Teams admins
    2. Enable the "Allow passwordless login" policy
    All account types Your LastPass vault on a mobile device Enable passwordless login for your vault on mobile (using the LastPass app) Log in to your vault from mobile using passwordless login (via the LastPass app) Enable the "Enable biometric login on mobile app policy
    LastPass Business + Advanced MFA add-on SSO apps & websites Set up passwordless login for your users' SSO apps
    1. Activate passwordless login
    2. Sign in to SSO apps using passwordless login
    Set up an SSO app and enable "Step-up authentication"
    LastPass Business + Advanced MFA add-on Windows or Mac workstation Set up passwordless login for your users' Windows or Mac workstations
    1. Activate passwordless login
    2. Log in to your Windows or Mac workstation using passwordless login
    1. Enable the "passwordless login" policy
    2. Enable the "passwordless login access" policy (optional)
    3. Set up Workstation Login for Windows or Mac