Password Manager Goes Passwordless

John Lister's picture

Password manager LastPass will let users prove their identity with a biometric login rather than a master password. It could overcome one of the off-putting points for some users.

Like most password managers, LastPass lets users store passwords for other websites in a secure vault that's encrypted in a way that means even LastPass itself can't access the information. It's protected with a master password that gives the service its name, the logic being it's the last password a user will ever need to remember.

That does mean the master password needs a bit of a Goldilocks quality. It needs to be secure enough that nobody else can discover or guess it. However, it needs to be memorable enough that there's no risk of the user forgetting it, else they'd lose access to their password vault and have to reset every site they use.

Users also need to choose between the security of repeatedly typing their master password (though this would make it easier to remember) or the convenience of storing it in their browser settings and relying on the security of their computer to avoid anyone taking advantage.

Fingerprint Or Face Login

LastPass does already allow mobile app users to login biometrically with the same fingerprint or face unlock they use to secure their phone. Now it's added support for desktop users, including those on the free tier.

The desktop version will work through the same FIDO Alliance standards recently adopted by the likes of Google, Apple and Microsoft. (Source: venturebeat.com)

Users who want to login on their desktop won't have to type in their master password (or store it in their browser settings). Instead they'll be able to click the option to "unlock" on their phone through the biometric verification.

With both the desktop and mobile versions, users will still need to have a master password. The biometric login is simply an alternative login method rather than a replacement.

Mobile App Still Limited For Some

The next question is how long the feature remains free to use. LastPass previously disappointed users by restricting some features to paid accounts only, for example saying free users could only access the service on desktop or mobile, but not both.

That isn't changing now: desktop users will only be able to use their mobile device for authentication and will still need to pay to access the full mobile app and auto-fill passwords on their phone. (Source: theverge.com)

What's Your Opinion?

Do you use a password manager? Would LastPass's announcement make you more likely to use it? If you don't use one, what deters you?

Rate this article: 
Average: 4.6 (8 votes)

Comments

Dennis Faas's picture

Roboform has offered biometric sign-on for years, and if that doesn't work, the default master password will take its place. The desktop version is still free, even though it will nag you that it's expired. You can infinitely cancel the request that pops up every 30 days or so. As for the mobile version, you'd have to pay for that.

kitekrazy's picture

I use desktops and don't have the hardware unless you can use your phone.It does help for us that can't always remember. Next up urine or stool sample.

Chuckster's picture

Passwords will always be with us, biometrics aside. Therein lies the crux. With dozens, if not hundreds of sites you interact, more are requiring you to sign up if you want to partake of the site or member benefits.

Lastpass was good, bailed when the free for both went the SAAS route. The browser pw managers are fairly good, but I don't keep sensitive pw info there, just the many routine sites. So at some point, we do need a secure pw manager for sensitive data.

Roboform as Dennis suggested, Thanks, I'll check it out. Any other suggestions?