Blog
Recent
Industry News

Webinar Roundup: How to Move Beyond Passwords

John McTigueJune 28, 2022
Let’s face it. We’ve been living with passwords for too long. They control our access to the apps we use for business, binge-watching, shopping, and nearly everything else we do online. They are hard to remember and even harder to manage. But did you know how we got here and where we are going to make passwords easier to use while protecting us from cyber criminals? Is it possible to do away with passwords altogether while remaining secure?  We covered these questions (and a lot more!) in our webinar, “How to Move beyond Passwords” on June 23, 2022. Our host, Katie Petrillo, LastPass Director of Product Marketing, led our discussion with a couple of real experts, Christofer Hoff (a.k.a., “Hoff”), our Chief Secure Technology Officer, and Lou DeLillo, our Staff Solutions Consultant. Hoff kicked things off by describing the evolution of password security since the 1990s. Since then, we have developed and leveraged technologies like Security Assertion Markup Language (SAML), multi-factor authentication (MFA), single sign on (SSO), OpenID, and OAuth. Now, we’re working on trusted devices, biometrics, security keys, hardware keys, and FIDO2 standards to implement simple security across all of the devices we use. The problem has always been the friction between security technology solutions and the people forced to use them. It’s hard to implement real password security at the individual level, let alone across an entire company of users. People don’t want to remember and manage myriads of complex passwords for the many apps they use every day. In fact, only 45% of users even try to remember passwords, and another 41% find it inconvenient to use them. This not only leads to frustration and security lapses but also reduces productivity as users wrestle with resetting forgotten passwords or updating them to meet company security policies. As Hoff says, there’s a balancing act between security and user adoption. With data breaches going up 35% in the past two years, and 80% of those breaches being due to a “human element” like shared or reused passwords, we can’t stay with the status quo much longer. The answer is passwordless security. Passwordless security bridges the gap between simplicity (for users) and security requirements in the face of escalating cyber security threats. If users (and companies) can deploy a simple device or built-in technology (like passkeys or biometrics) to authenticate access to the devices and apps they use, they won’t need to worry about passwords anymore. 57% of IT professionals want passwordless too because it’s secure and much more likely to be adopted by users. No more friction. The only problem with passwordless is that it will likely take years to implement in a universal way. Every browser, app, and device will need to be updated to fully accommodate passwordless security. We are, however, well on our way towards a passwordless future. LastPass is implementing passwordless security in three phases, starting now!  Phase 1 (available now):
  • Passwordless access to your LastPass password vault through the LastPass Authenticator app
  • No more master passwords to remember
  • Can still use your master password if and when necessary
Phase 2 (later in 2022):
  • FIDO2 support for security keys and biometrics
  • Additional authenticators to be announced
Phase 3 (2023 and beyond):
  • Create and store passkeys in addition to passwords
  • All apps, websites, and other passwordless solutions
  • A non-proprietary solution to help make passwordless universal
Finally, Lou DeLillo gave us a demonstration of our Phase 1 passwordless solution, showing us just how easy it is to set up passwordless access to a LastPass vault using multiple devices and browsers.  We’ve all been waiting for passwordless security. Now it’s starting to become a reality!  Watch the entire panel discussion here