LastPass, Acceptto replace passwords with biometric authentication
LogMeIn has introduced passwordless login for LastPass Identity business users, the company announced, after recently expanding the password manager’s features to give small and medium sized businesses (SMBs) biometrics-based adaptive LastPass MFA.
By going passwordless, companies and their employees will have easy access across applications, VPNs, mobile devices, PCs, and Macs though device-native biometric authentication, single sign-on, and federated identity integrations.
As part of the company’s strategy to reinvent cloud identity and turn LastPass for Business into an identity product, the company is introducing two updates. Workstation Login lets users access PCs and Macs through biometric authentication for a more seamless and secure login. The feature can be used even when traveling or when there is no internet connection. Okta and Azure AD Federation support is the other feature, which lets companies integrate LastPass into existing IT ecosystems. The features are available for all LastPass Identity customers.
Repeating Verizon’s warning that 80 percent of breaches are caused by passwords and IT teams waste an average of four hours per week on password management, LogMeIn says going passwordless eliminates password-related risks.
“For over a decade, LastPass has made it easier for thousands of businesses and millions of users to improve their password security and safeguard their digital assets. The truth of the matter is, passwords aren’t fully going away; there are still some use cases where you have to manage passwords behind the scenes in order to provide that passwordless login experience for the user,” said John Bennett, SVP and GM of Identity & Access Management at LogMeIn.
“As a leader in managing passwords, we believe we are uniquely positioned to help businesses provide the best balance of strong security and user experience. Our LastPass Identity solution does that by enabling IT to manage every password behind the scenes while also giving employees a simple, truly passwordless experience. We are committed to continuing to build on our identity and access management capabilities designed to enable businesses to simply and securely address current and emerging access and authentication challenges,” he added.
At World Economic Forum Cybersecurity Summit in Geneva Andrew Shikiar, executive director of FIDO Alliance, and Daniel Dubowski, vice president of cybersecurity at Equifax agreed going passwordless and biometric authentication could prevent data breaches and are critical in a security strategy.
In related news, Acceptto is now providing Central Authentication Service (CAS) Single Sign-On (SSO) integration with multifactor authentication and QR code passwordless authentication support at login and post-authorization to phase out usernames and passwords. Under the integration, users provide credentials and go thorough multi-factor authentication once and can then access different applications. Users can be authenticated in web applications without allowing access to their security credentials.
“Most CAS solutions remain reliant on binary authentication such as passwords, 2FA, MFA and Biometric,” said Shahrokh Shahidzadeh, CEO at Acceptto. “Acceptto is the first to offer a no-password authentication process through behavioral continuous authentication solution, detecting anomalies – even post-authorization – and allowing organizations to track and monitor application behavior at runtime.”
CAS support prevents account takeovers, dismisses the need for binary authentication, improves the customer’s existing authentication solution with Acceptto’s No-Password Behavioral Continuous Authentication across workstations, mobile, web and IoT, and makes integration with Acceptto MFA easier for customers already using the CAS open source project, the company says.