LastPass is First Password Manager to Achieve FIDO2 Server Certification

BOSTON--(BUSINESS WIRE)--LastPass, a leader in password and identity management solutions, today announced it has achieved FIDO2 certification of its servers, making it the first password manager to achieve this certification. FIDO’s certification process, conducted by FIDO auditors, reviewed, validated, and officially confirmed that LastPass’ servers meet the FIDO2 standards. Customers can have peace of mind knowing that using FIDO2 authenticators for their login to LastPass provides for a more secure and accredited authentication to their vault.

FIDO2 certification sets the industry standard for cryptographic logins through best-of-breed authentication specifications to leverage common devices like hardware keys, software keys, biometrics, and passkeys to authenticate into online services, ultimately creating an identity proof solution that is proven to adhere to globally recognized requirements.

FIDO2 certification is the latest milestone in LastPass’ passwordless journey:

• LastPass has been embracing a future without passwords since 2022, when it became the first password manager to provide a passwordless login experience to the vault with the LastPass Authenticator App.
• In August 2023, LastPass expanded passwordless login options to include FIDO2 authenticators, including biometrics, such as fingerprint or face ID, and hardware keys to passwordless login to the vault.

Flexibility in choosing secure passwordless authenticators
Though the master password still exists in the background as it will still be needed for certain account actions, customers who enable passwordless login can now access their LastPass vault on trusted devices without having to type in their master password. Customers can choose to authenticate and login using the LastPass Authenticator app or FIDO2 authenticators, including biometrics (e.g., Touch ID or Windows Hello) or hardware keys (e.g., YubiKey or Fietian Key). Depending which option is chosen, logging into the LastPass vault becomes as simple as approving a push notification, scanning your face or fingerprint, or inserting a hardware key.

“Our customers will realize a more simplified login experience with greater authentication choices – contributing to better password hygiene, higher adoption, less time and money wasted on resolving lockouts, and a stronger overall security posture,” said Don MacLennan, chief product officer at LastPass. “Meeting the FIDO2 certification standard means customers can confidently trust that LastPass provides strict and secure authentication options to access their vault, as validated and certified by the FIDO Alliance. LastPass is proud to continue leading the charge towards a passwordless future, offering even greater security and authority in our passwordless offering.”

“Reducing reliance on passwords has become crucial and is a core tenet of the FIDO Alliance’s mission,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “By eliminating the requirement for a knowledge-based credential in favor of phishing-resistant FIDO2 authenticators, LastPass has taken an important step to provide simpler and more secure access to LastPass vaults – accelerating their customers’ journey towards a password-independent future.”

Visit here to learn more about passwordless authentication with LastPass.

Additional Resources:
LastPass FIDO2 Authenticators Video
Passwordless is Possible data sheet
Understanding the FIDO Alliance and its Role in our Password[less] Future
LastPass if First Password Manager Committed to a FIDO-Supported Passwordless Future

About LastPass
LastPass is an award-winning password manager which helps millions of registered users organize and protect their online lives. For more than 100,000 businesses of all sizes, LastPass provides password and identity management solutions that are convenient, easy to manage and effortless to use. From enterprise password management and single sign-on to adaptive multi-factor authentication, LastPass for Business gives superior control to IT and frictionless access to users. For more information, visit https://lastpass.com. LastPass is trademarked in the U.S. and other countries.