We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, password management provider LastPass announced that it has added passwordless login capabilities to its flagship product, LastPass Vault. The new sign-in mechanism will enable users to log in to their password manager account with the LastPass Authenticator app for iOS and Android.
The organization claims that the announcement makes LastPass the first password manager with its own authenticator.
For enterprises, the introduction of this new feature eliminates the password as a potential point of failure, and prevents threat actors from targeting users with credential-based attacks and phishing scams.
The FIDO-Alliance passwordless movement
The launch of LastPass’s new passwordless login authentication functionality comes amid a passwordless revolution across the tech industry, with Google, Microsoft and Apple all recently committing to developing passwordless authentication options as part of the FIDO Alliance.
While it will be years before FIDO’s passwordless vision is finally realized; for enterprises, it couldn’t come sooner.
With over 15 billion stolen passwords on the dark web and 97% of senior security executives reporting an increase in credential theft last year, it’s clear that password-based authentication isn’t doing a good job of preventing unauthorized users from accessing sensitive information.
“As passwordless technology continues to be developed and adopted across the industry, true passwordless access to every site, across every device, application and browser through the FIDO2 standard will take years to achieve,” said chief secure technology officer, Chris Hoff.
“Passwordless is a complex journey that requires support and development efforts across device manufacturers, operating system vendors, web browser providers and web application developers in order to provide a seamless experience for users,” Hoff said.
By providing users with passwordless login options and an authentication app, LastPass is aiming to support enterprises in implementing a zero-trust strategy to provide users with user-friendly sign-on options.
A rundown of the passwordless authentication market
LastPass’s release is well-timed, given the global passwordless authentication market was valued at $12.79 billion in 2021, and is predicted to grow rapidly to a valuation of $53.64 billion by 2030 as more organizations look to move away from password-based authentication and improve their security posture.
Of course, LastPass isn’t the only password manager that’s recognized the importance of moving toward the FIDO Alliance’s passwordless vision.
Just a few days ago, 1Password announced it has joined the FIDO Alliance, and is working on a feature to enable users to use their 1Password desktop application as a WebAuthn device, so they can log in to their account without a password. 1Password is currently valued at $6.8 billion after raising $620 million at the start of this year.
Another provider that’s implementing passwordless authentication is open-source password manager and member of the FIDO Alliance, Bitwarden, which last year announced biometric login, passwordless SSO integration and security-key support for users to log in.
Bitwarden now offers a passwordless authentication solution that’s compatible with TouchID, FaceID, Windows Hello and Android Login.
However, Hoff argues that LastPass stands out from competitors as “the first — and only — password manager with its own authenticator [as] the method of allowing passwordless login,” and the only tool to provide universal passwordless access to all sites, whether through a password vault or single sign-on.