NordPass to offer biometric passwordless authentication, Yubico expands program

Password manager firm NordPass has confirmed it will start storing passkeys and offer biometric passwordless authentication to access them.

The move will enable users to store a passkey for any website or app in NordPass, then use it on a separate device, regardless of the operating system. Passwordless log-ins will work via biometrics on the user side.

“Passkeys technology is currently considered the most promising and secure alternative to passwords, and we are proud to share that our new passwordless functionalities are already in the final testing stage,” comments NordPass CEO Jonas Karklys.

“However, this is only one milestone for us because later this year, we will also offer passwordless solutions to our business users.”

The new features come months after NordPass joined the FIDO Alliance. Thanks to the move, the company’s technology now supports hardware keys for multi-factor authentication (MFA), as well as Google single sign-on for both Enterprise clients and small and medium businesses (SMB).

Yubico expands subscription program

Elsewhere in hardware keys, Yubico has announced an enhanced YubiEnterprise Subscription program, including expanding the Security Key Series and introducing a new pricing structure.

According to a company announcement, these updates will make hardware keys more accessible for enterprises by offering comprehensive options to utilize a YubiKey as a Service model.

The upgraded YubiEnterprise Subscription now includes a lower cost to entry, additional tiers, the provision of extra replacement keys, a faster rollout via 24x7x365 Priority Support, and improved distribution through the automated YubiEnterprise Delivery platform capabilities.

In the same announcement, Yubico also mentions it will soon release two novel enterprise, FIDO-only keys, to provide additional phishing-resistant MFA options to organizations.

The updates come months after Yubico announced, together with Microsoft, the release of three new sets of solutions in October 2022.

LastPass’ parent company confirms theft of encrypted backups

Meanwhile, LastPass’ parent company GoTo shed light earlier this week on details from the August 2022 data breach.

Writing in the company’s blog, GoTo’s CEO, Paddy Srinivasan, confirmed that a threat actor exfiltrated encrypted backups and related encryption keys from a third-party cloud storage service connected to several products.

These include the company’s Remotely Anywhere remote access tool, the business communications solution Central, the online meetings service Join.me, and Hamachi, a hosted VPN service.

Srinivasan also confirmed that the third-party cloud storage service in question “is currently shared by both GoTo and its affiliate, LastPass.”

Article Topics

biometric security key  |  biometrics  |  LastPass  |  passkeys  |  passwordless authentication  |  Yubico