Highlights –
- There’s a long way to go for FIDO’s passwordless vision to become a reality, but it couldn’t come sooner for enterprises.
- LastPass aims to support enterprises in implementing a zero-trust strategy to provide users with user-friendly sign-in options.
LastPass, the password management provider, recently announced that it had added passwordless login capabilities to its flagship product – LastPass Vault. The latest sign-in module will allow users to log in to their password manager account with the LastPass Authenticator app for iOS and Android.
According to the organization, LastPass will be the first password manager with its own authenticator.
As for organizations, the introduction of this new feature will eliminate the password as a potential point of failure. It will also prevent threat actors from targeting users with phishing scams and credential-based attacks.
The FIDO-Alliance passwordless movement
LastPass’s new passwordless login authentication functionality has come at a time when the tech industry is undergoing a passwordless revolution, with companies like Google, Microsoft, and Apple giving their commitment to developing passwordless authentication options as part of the FIDO Alliance.
There’s a long way to go for FIDO’s passwordless vision to become a reality, but it couldn’t come sooner for enterprises.
Latest reports show over 15 billion stolen passwords on the dark web and a soaring 97% of senior security executives reporting a rise in credential theft in 2021. This has raised concerns about the reliability of password-based authentication as it has failed to prevent unauthorized users from accessing sensitive information.
“As passwordless technology continues to be developed and adopted across the industry, true passwordless access to every site, across every device, application, and browser through the FIDO2 standard will take years to achieve,” said chief secure technology officer Chris Hoff.
“Passwordless is a complex journey that requires support and development efforts across device manufacturers, operating system vendors, web browser providers, and web application developers to provide a seamless experience for users,” Hoff said.
By providing its users with passwordless login options and an authentication app, LastPass aims to support enterprises in implementing a zero-trust strategy to provide users with user-friendly sign-in options.
An overview of the passwordless authentication market
LastPass’ announcement comes at the finest hour, with the global passwordless authentication market being valued at USD 12.79 billion in 2021 and is predicted to grow rapidly to a massive USD 53.64 billion by 2030 as more organizations are on the lookout for a more secure alternative than password-based authentication.
LastPass is not the only password manager who understands the importance of moving toward the FIDO Alliance’s passwordless vision. Other players very much exist.
For example, 1Passoword had recently announced that it had joined the FIDO Alliance and is currently on an objective to enable users to use its desktop application as a WebAuthn device to enable them to log in without a password. 1Password is currently valued at USD 6.8 billion after it raised USD 620 million at the start of 2022.
Similarly, another provider implementing passwordless authentication is Bitwarden, an open-source password manager and a member of the FIDO Alliance. Last year, it announced biometric login, passwordless SSO integration, and security-key for its users.
In recent years, Bitwarden has offered passwordless authentication compatible with Android Login, FaceID, TouchID, and Windows Hello.
However, Hoff strongly believes that LastPass stands out from competitors as “the first — and only — password manager with its authenticator [as] the method of allowing passwordless login,” and is the only tool that provides universal passwordless access to all sites irrespective of a password vault or single sign-on.