LastPass recently added FIDO2 authenticators, giving users new passwordless login functionality. This is an addition to previously presented passwordless login capabilities for the password manager.
With FIDO2 authentication now available, users will have more options for logging into their vault of login credentials without a master password. The FIDO2 authenticators let users choose how they want to authenticate passwordless and remove their master password from the login process.
The LastPass FIDO2 functionality uses compatible biometrics, such as Windows Hello, among others, for this purpose. But a FIDO2-compatible hardware key is also possible, including the Yubi-Key or Fetian keys.
The new passwordless functionality is an addition to the existing LastPass Authenticator App introduced last year. LastPass became the first password manager to support passwordless login through this app.
More comprehensive support
The authentication process uses FIDO2-compatible mechanisms based on the WebAuthN protocol. LastPass also supports FIDO2 “attestation validations” that allow users to further validate FIDO2 authenticator data during security key registration. For this purpose, LastPass has now also provided its servers with FIDO2 certification.
The functionality is available to all end users of LastPass: Free, Premium, Families, Teams and Business. With the latter two subscriptions, administrators can decide which FIDO2 authenticators to require for their end users.
The FIDO2 authenticators are now available as Chrome and Firefox extensions. A Safari and desktop extension will also be available later.