Identity
BrandView

LastPass and the journey to passwordless

LastPass CEO Karim Toubba has had a challenging year, to say the least. He was still settling into his new job when the company reported detecting “unusual activity” within a third-party cloud service shared by LastPass and its GoTo affiliate — its second reported breach in three months.

Since then, LastPass has been on a journey to rid itself of passwords. Toubba speaks with Security Weekly co-host Jeff Man about it during Black Hat 2023.

“We’ve released and built some capabilities to shore up our defenses and start to make investments toward passwordless,” Toubba tells Man.

LastPass used Black Hat as the backdrop to announce availability of FIDO2 authenticators, including biometrics such as finger print or face ID and hardware keys, for its passwordless login solution.

Toubba says this move allows LastPass customers to experience a seamless passwordless login to their vaults with the added security of FIDO2’s open authentication standard hosted by the FIDO Alliance, which is a widely adopted standard for many authentication and passwordless technologies.

LastPass’ passwordless login solution prompts users to select a primary authentication method: the LastPass Authenticator, biometrics (face and fingerprint ID), or a hardware key (USB key) to log into their LastPass vault, removing the need to enter a master password.

“With passwordless, we have our face and fingerprints,” he says. “Through personal devices, you can use biometrics as authentication instead of using a password.”

LastPass’ transition to passwordless will take years, he acknowledges, but “the question for us became whether we could create a passwordless experience to the user.” FIDO 2 compatibility enables that experience, he says.

This segment is sponsored by LastPass. Visit https://securityweekly.com/lastpassbh to learn more about them!

The full interview is above. Notable points along the way:

00:00 - Black Hat 2023 keynote with LastPass CEO Kareem Tuber

00:31 - Cyber: interesting, dynamic, and timing

01:02 - LastPass: Passwordless, evolving industry

03:34 - Traditional authentication paradigm benefits evolve over time

 05:24 - Technology behind password lists protects against attacks

10:07 - Transitions to passwordless environments take years

13:40 - Organizations need to think about passwordless via multiple lenses

14:51 - Ease passwordless experience in applications

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Related

Phishing attack compromises LA County Health Services data

Individuals receiving healthcare across Los Angeles had their personal and health data compromised following a successful phishing attack against Los Angeles County Department of Health Services, which is the second largest U.S. public healthcare system, in February, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.