HELP FILE

What are the differences between Workstation Login and Workstation MFA in LastPass Business?

Both Workstation Login and Workstation MFA allow users to securely log in to their Windows or Mac workstations. However, there are several key differences between these two features of the LastPass Business + Advanced MFA add-on, each providing their own security benefits.

Note: These features are available with the LastPass Business + Advanced MFA add-on. Learn more about plans & pricing.

Key differences

Please review the table below to learn about the differences between these two features.

Workstation Login (Passwordless Workstation) Workstation MFA
Allows users to log in to their workstation with only passwordless authentication via the LastPass Authenticator app Allows users to log in to their workstation with their Windows or Mac account password and multifactor authentication via the LastPass Authenticator app
Supports local logins only Supports both local and remote (RDP) logins to workstations
Located in the new Admin Console under Applications > Passwordless Apps > Workstation Login Located in the new Admin Console under Applications > MFA Apps
Requires administrator installation & end user configuration to set up Requires only administrator installation to set up
Users can choose a different login method Admins can configure sign-in options to only allow this login method
Only one user can log in and authenticate per workstation Multiple users can log in and authenticate per workstation
Available authentication methods (depending on the policies enforced):
  • Push notification – Tap or select Accept when prompted on the LastPass Authenticator app
  • Push notification using biometric authentication – Verify your identity using facial recognition or fingerprint identification
Available authentication methods (depending on the policies enforced):
  • Push notification – Tap or select Accept when prompted on the LastPass Authenticator app
  • Push notification via biometric authentication – Verify your identity using facial recognition or fingerprint identification
  • Rotating time-based, one-time passcode (TOTP) – Enter the 6-digit passcode
  • Call me – Receive a phone call at the phone number the user registers in their Account Settings
  • YubiKey – Depending on the YubiKey device you are using, take the applicable action:
    • Insert your YubiKey device into the USB port of your computer, then wait until your YubiKey touch-button shines with a steady light and hold your fingertip on the touch-button for one (1) second to authenticate
    • Tap Plug it in (if applicable), then plug in your YubiKey (using either the USB-C side for Android or the Lightning side for iOS)
    • Hold your YubiKey up to the NFC reader on the back of your mobile device