How Dashlane is Reinventing Credential Sharing for Consumers & Businesses
Sharing credentials with friends, family members, and co-workers is a key feature of Dashlane’s password manager. Dashlane allows you to share your Netflix account with your family, your company’s Twitter account credentials with a co-worker, and keeps shared credentials in sync on multiple computers, phones, and tablets.
I’ll explain how Dashlane safely shares your passwords and secure notes, without compromising your privacy and the security technology behind this pretty fascinating process.
How Dashlane Keeps Your Data Private & Secure
In 2014, we developed our first sharing feature, allowing users to share credentials with friends, family, and co-workers while keeping our world-class zero-knowledge architecture.
“Zero-knowledge” is the cornerstone of Dashlane’s security model. Our job is to keep your data, secure, private, and accessible to you–and only you. When we built the first version of Dashlane, we invested heavily to build this security architecture, which has earned a US patent from the USPTO.
How Dashlane is Reinventing Credential Sharing
Recently, we listened to feedback from Dashlane Business admins about how we can best improve data sharing, including adding the ability to share with a group of users and the ability for an administrator to manage those groups. In order to do so, we decided to redevelop our sharing feature from scratch.
On the Engineering front, we did our best to reduce our technical debt as much as possible, and re-writing this very complicated feature from scratch felt like the right move.
What has changed?
The main difference in the architecture of our new sharing feature is the way we deal with the life cycle of a shared credential. The first sharing implementation used an “event-based architecture”. In other words, in order to know how many people have access to a shared credential, the Dashlane application would ask Dashlane servers for all the events that impacted this shared credential and would re-process those events to determine the current state of the shared credential.
Our new sharing feature is using a “snapshot architecture”. At any point in time, Dashlane servers are able to describe the current state of a sharing credential, drastically improving the scalability of the feature.
The other differences are less visible but very important. Using our 3 years of experience debugging the sharing feature, we were able to rewrite a code naturally more robust, better tested, well documented, and mastered by a majority of our developers.
What we didn’t change fundamentally is the security of the feature and how we allow users to share and sync credentials with other users without Dashlane accessing them.
How we keep your shared credentials safe
Sharing credentials with Dashlane is based upon asymmetric encryption. Asymmetric encryption has been a major breakthrough in modern cryptography, even though the idea is rather simple.
Think about a simple lock that can be opened with a key, the type of lock you are using to secure your suitcase or your sports locker. Now imagine that you have only one key (a private key) and an infinite number of locks, all identical (the locks here are the public key).
You can send opened locks to anyone, including your friends, family members, and coworkers.
They can then put anything of value in a box, lock the box with the lock you give them (the public key), and send the box to you.
Only you have the key (the private key), so only you can open the box, and your friends can send you locked boxes through the Post Office without being concerned with the content being accessed by a malicious attacker.
Modern cryptography has provided mathematical ways of doing the exact same thing, with mathematical public and private keys. When you create your Dashlane account, your application locally creates a unique couple of public and private keys, sends the public key to Dashlane servers, and keeps the private key in your personal data. The public key is accessible on Dashlane servers, but the private key can never accessible by Dashlane servers or sent unsecured over the network.
To understand even better how asymmetric encryption works, watch this quick video!
A Closer Look at How Sharing a Dashlane Credential Works
Now that every user has a private/public key pair, any user can send passwords and secure notes to anyone through Dashlane’s servers without Dashlane being able to read this information. However, we still need to add another layer to make this work, for scalability reasons. Imagine that, within a big company, a credential is shared with 100,000 employees. Every time this credential changes, you can’t afford to use the public keys for all 100,000 users of the company to cipher a simple change to a credential 100,000 times. This is why we’re also using symmetric encryption with an additional symmetric key that we call an objectKey.
You can visualize symmetric encryption like a code lock. On a code lock, you use a code to lock and to unlock the lock, but the code and the lock cannot be dissociated from each other. Having only the code is useless as well as having only the lock; without the lock, you just have 4 useless digits, and without the code, you cannot lock or unlock your lock.
Creating and Sharing a Symmetric AES Encryption Key
Let’s say Bob want to share a credential with Alice. What happens is very simple: Bob creates a symmetric AES encryption key, called an objectKey, which is unique per credential shared, and stores it in his personal data.
Bob then asks Dashlane server to send him Alice’s public key.
He then uses Alice’s public key to encrypt the objectKey, and send the encrypted objectKey to Dashlane servers.
When Alice logs in, Dashlane’s server will send her Bob’s encrypted objectKey, which only Alice can decrypt with her private key.
Alice now has Bob’s objectKey and can store it in her personal data.
Sharing a credential
Now, both Alice and Bob have a shared secret: the objectKey. Bob can now encrypt his credential with the objectKey, and can securely send the encrypted credential to Dashlane’s servers.
When Alice logs in, Dashlane’s servers will send her the encrypted credential, which she can decrypt using the objectKey. That’s it!
If Alice or Bob edits the shared credential, it would re-encrypt the updated credential with the objectKey, and send it to Dashlane servers.
Alice and Bob can now share a credential, and keep it synced, through Dashlane servers, without this credential being compromised at any step.
Sharing a credential with a group of users works in a very similar way than the example described above. The only difference is the use of an additional intermediary symmetric encryption key called a groupKey.
We’re extremely proud of all of the hard work that went into rebuilding our sharing feature from the ground up, and we look forward to reinventing new ways to keep your data safe within Dashlane.