Passwordless Vault Access for Employees

With the addition of FIDO2 passwordless login options, accessing work apps in your LastPass vault has never been so easy and secure.

Available free for LastPass personal and business plans.

Reducing the use of passwords is a no brainer


of people forget and reset a password at least 1-2 times per month.


of businesses have passwordless technology on their roadmap.


of businesses experienced a password-related breach in the past 2 years.


Put master passwords on cruise control

By removing the master password from your vault login experience on desktop, your IT team can set more stringent minimum strength requirements while saving countless hours on lockouts and password resets. 

Choose how you want to go passwordless:


LastPass Authenticator app

Enable passwordless login to your vault on desktop using the LastPass Authenticator app. Available for download on iOS and Android.


FIDO2-certified biometrics

Use your unique physical characteristics (face and fingerprint ID) to access your desktop vault, using features like Windows Hello or Touch ID.


FIDO2-certified hardware keys

Go passwordless with hardware keys like YubiKey or Feitian keys. Available on major browsers.


Set stronger security standards with less friction


Simplify user login experience

Simplify your employee’s login experience to their LastPass vault by removing password-related friction.


Protect employee access everywhere

With passwordless login, your employees gain immediate and consistent access to all the credential-based logins they need, not just those covered by single sign-on (SSO).


Less friction for higher adoption

An easier login experience to the LastPass vault makes for higher adoption rates, which improves overall password hygiene and reduces cyber risks.


What’s next?


Workstation MFA passwordless access

Admins will be able to enable end-users to access their workstations (work-specific computer) by using passwordless login.


Passkeys in the LastPass vault

Create, store, and access passkeys – cryptographic key pairs built on phishing-resistant FIDO standards that replace passwords – right in your vault to provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices.​


Remove master passwords completely

Experience a seamless, end-to-end passwordless experience where the master password is truly no longer required.

Learn more about passwordless

Leading the charge to pervasive password[less] protection


Customers secure their passwords with LastPass


Best Software Awards for Best Security Product



2023 Fortress Cyber Security Award

Authentication and identity


Leader in Password Management

Based on 1,305 reviews


Businesses choose LastPass

Reduce reliance on passwords for your business and improve password security

Free 14-day LastPass Business trial. No credit card required.

Frequently asked questions

Will LastPass users still need their master passwords?

Yes, users still need their master password. Passwordless technology is rapidly evolving, and while the goal is to remove the master password altogether, this must be accomplished in phases. For now, the master password will exist to validate security-related changes to account settings and in the case of a declined authentication attempt. Users will need their master password less frequently, so be sure to set up account recovery options so they’ll always have a backup way into their account.

Which LastPass plans support going passwordless?

  • Passwordless login for the LastPass vault is available to all LastPass Business and Teams customers.
  • Personal users can also go passwordless with LastPass Free, Premium, and Families plans.

How does my business enable passwordless for employees’ password vaults? 

  1. Enable passwordless login for your users through the LastPass policy center in the Admin Console.
  2. Employees set up passwordless login to their vault by registering their trusted device.
  3. Employees choose how they want to go passwordless: via the LastPass Authenticator, FIDO2-certified biometric authentication, or FIDO2-certified hardware keys.
  4. The next time they log in from their trusted device, employees will respond to the LastPass Authenticator push notification, enter their biometrics, or insert their hardware key to access their LastPass vault.

Admins can also choose whether they want to turn on or off the option for passwordless login for their organization, as well as which passwordless options are available to employees from within the admin console policy center.

How to manage passwordless vault login policy for users

Can I select which FIDO2 certified authenticators can be used by employees? 

Yes, through an additional policy, you can select which FIDO2-certified authenticators are available to employees for passwordless login to the vault.

View the list of supported FIDO2 certified authenticators

Is LastPass passwordless FIDO2 compatible? 

Yes. LastPass has obtained FIDO2 Server Certification, meaning it is certified by FIDO2 – after undergoing meticulous security and performance testing – to be ready for scalable deployment to market. This means LastPass provides a true passwordless login experience for customers, attained through passwordless mechanisms that include biometrics – face and fingerprint ID – and hardware security keys, like YubiKey and Feitian.

What is FIDO2?

FIDO2 (Fast Identity Online 2) authentication is an open authentication standard developed by the FIDO Alliance that provides a more secure and convenient way to log in to online services, including the LastPass password manager vault. LastPass, as a FIDO2 Alliance board-level member, helps to develop specifications and raise awareness of this technology.

FIDO2 relies on public-key cryptography, which is much more secure than traditional password-based authentication. Instead of using a password that can be easily compromised or forgotten, FIDO2 uses a private key stored securely on the user's device and a public key registered with the online service. This ensures the user's credentials remain protected even if the service's database is breached. Like the LastPass zero-knowledge model, private keys never leave the user’s device and are never stored to the server.

Learn more about FIDO2

Does LastPass support passkeys?

Coming soon, LastPass will support creating, saving, storing, and accessing passkeys, across all platforms and devices, right in the vault.

Typically, passkeys are accessed from the browser and device they were created on. With LastPass, it doesn’t matter what device or browser you’re on when you create a passkey. By storing your passkey with LastPass, you’ll have access to your passkey whenever and wherever you need them.

Don't see your questions here? Visit Support Center.