Building a Passwordless Future
Passwordless authentication is the future of logging in to websites and apps. It’s the most consequential security advancement for everyday users in decades because it impacts so much of our web experience. And it has broad benefits for consumers, businesses, and institutions. However, like any major technological or societal shift, the transition from the ubiquity of passwords to passwordless will take time.
The concept of passwordless has many interpretations and implementations, but at its most basic level, it refers to any login experience that doesn’t require a password. This broad definition can include solutions that may be easier to use but still depend on an underlying password as the foundation of the account. Thus, these solutions are exposed to the risks of passwords.
At Dashlane, we believe that a passwordless login experience needs to deliver on the promise of a more user-friendly experience and improved security. We’re the first credential manager to do this by eliminating the Master Password.
Want to know how Dashlane’s passwordless login works and who can use it? Check out what our Senior Product Manager has to say.
Dashlane’s approach to passwordless login
When developing our passwordless approach for Dashlane, we prioritized further streamlining the user experience, making it platform agnostic, and largely eliminating the risks inherent in passwords, also known as knowledge factors or “something you know.” Knowledge factors such as passwords are prone to being reused (upwards of 50% for the average user) and forgotten, and they’re susceptible to social engineering attacks such as phishing. Possession factors, categorized as “something you have,” such as a mobile phone, are considered more secure since they’re less susceptible to remote attacks than knowledge factors.
Dashlane’s passwordless login raises the security bar by shifting much of the attack surface away from the user and to the user’s device, which has strong built-in security controls.
Typically, increased security introduces more friction into a user’s path, not less. Our customers use Dashlane on multiple platforms, so we designed passwordless login to work seamlessly across platforms and deliver the same streamlined experience, regardless of device hardware and software. This is in addition to the simplified account creation and faster sign-in process that eliminates the Master Password entirely.
Passkeys as a passwordless solution
Passkeys are an emerging implementation of passwordless technology that allows end-users to access online services without the need for passwords. We’re proud to be the first credential manager to enable its users to create, save, and sign in to websites with passkeys and support them across all devices.
Authenticating in to the Dashlane app requires a different approach, as it’s not only about authentication but also about accessing your data by decrypting your vault. We leveraged our existing zero-knowledge security architecture, which ensures that sensitive data processing happens locally on the user's device without Dashlane or anyone else having access.
While passkeys can authenticate access to websites, they currently can’t be used to encrypt or decrypt vault data. Encryption remains crucial for maintaining our zero-knowledge architecture.
Protecting user data with passwordless login
Dashlane’s passwordless login simplifies authentication by eliminating the need for a Master Password. Instead, users access Dashlane with biometric sensors (such as fingerprints or facial recognition) or a local device PIN. Since these forms of authentication are local to your device, the attack surface is drastically reduced.
Our passwordless login employs robust encryption and security measures. During account creation, a unique, high-entropy machine-generated key is created and securely stored on the user's device. The key is never exposed to the user, eliminating the risk of inadvertent disclosure.
In tandem with passwordless login, we developed a patent-pending method for securely transferring the key, which is required when a user wants to use Dashlane on a new device. This platform-independent method allows the user to experience passwordless login for Dashlane on any device or platform.
Account recovery, a crucial yet often overlooked aspect of authentication, is addressed comprehensively by Dashlane. Passwordless login users will be able to regain access to their data if they lose a device through another device logged in to Dashlane. We’ve also introduced a recovery key feature that’s accessible to all users. This key, coupled with an identity verification process, serves as a safeguard in case you lose access to all your logged-in devices.
Please refer to our Security Principles & Architecture white paper for more information on our passwordless architecture.
Our passwordless journey has just begun
The release of passwordless login for Dashlane is just the beginning. In 2024, we plan to introduce further enhancements to our passwordless login capabilities, as well as expanded features in our passkey solution. Passwordless authentication heightens security and convenience, bringing us closer to a world where we can leave passwords behind for good.
Sign up to receive news and updates about Dashlane
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.