A Journey Toward a Phishing-Resistant  Future

As Dashlane’s Chief Technology Officer, I believe our mission is clear: To forge a future where our digital lives are free from the constant threat of credential theft.

Every step of our product roadmap is intentionally designed to safeguard our customers against the ever-evolving landscape of credential risks, particularly those stemming from weak authentication, poor password hygiene, and the pervasive menace of phishing attacks. This isn't just about building better software; it's about building a better, more secure world.

Passwords remain one of the most exploited weaknesses in today’s digital world, and phishing continues to be the primary attack vector used to compromise them. Our mission is to eliminate this vulnerability at its root.

Our commitment to both security and convenience has been the bedrock of our journey for years. We understand that true protection isn't about complexity; it's about seamless, intuitive experiences that keep you safe without getting in your way.

Our first steps toward forging a future without credential theft were grounded in reinforcing what's already there. Many years ago, we introduced support for multifactor authentication (MFA) to strengthen access to the Dashlane vault and the critical services our customers use every day.

But we didn't stop at adding security—we intended to make it effortless. Dashlane’s MFA autofill was one of the earliest innovations in making MFA not only usable, but convenient: Instead of having to type a code displayed on their phone, users can store the code inside their Dashlane vault and autofill it.

We’ve always believed that usability isn’t a “nice to have.” It’s a requirement for real security.

The benefit of MFA is that it protects you even if your password is compromised because an attacker would still need your second factor. And even if an MFA code is intercepted, it typically can't be reused.

But MFA isn’t foolproof: Those codes can still be phished and used once.

That’s where passkeys offer a major leap forward—they’re phishing-resistant by design, use secure architecture, and offer a seamless user experience.

We were the first password manager to support passkeys across all platforms. As a board member of the FIDO Alliance, we’ve not only implemented the standard, we’re helping shape new standards like the Credential Exchange Protocol that are crucial for the wider adoption of passkeys.

Passkeys represent a fundamental shift in authentication: They eliminate shared secrets, remove human error, and cannot be phished.

Recently, we innovated further with passkeys with advanced security, offering an additional layer of protection for private keys. This is akin to moving your most precious valuables from a secure safe to an impenetrable vault, ensuring even greater peace of mind.

In 2023, we became the first major password manager to offer a passwordless login experience for new customers. By removing the Master Password entirely, we eliminated one of the last remaining phishable secrets in the authentication chain—while still delivering zero-knowledge architecture and complete control to the user.

Today, we’re actively working on enabling migration paths so that every customer—individuals and businesses alike—can adopt this more secure, streamlined login method.

And we’re still going further.

In June 2025, we introduced early access support for FIDO2 security keys to unlock the Dashlane vault. This is the gold standard in phishing-resistant authentication—hardware-backed, unclonable, and user-verified.

We believe that giving customers a choice is part of giving them power. Whether it’s biometric access, passkeys, or hardware keys, we’re committed to supporting a range of secure authentication options.

For organizations, strong individual authentication is only part of the equation. Preventing phishing and credential compromise at scale requires visibility, proactive risk detection, and behavioral nudges that drive real change. That’s where Dashlane Omnix^™ comes in.

Omnix is our security intelligence platform for businesses. It comes with Credential Risk Detection, which surfaces reused, compromised, or weak passwords across the organization. It also includes Nudges that prompt employees to take action before risky behavior becomes an incident.

And it enables AI-powered anti-phishing that acts as a final layer of defense and warns users when they’re about to enter credentials on a suspicious site, even if they’re not logged into Dashlane.

Together, these features help organizations stay ahead of threats—not reactively, but by shaping safer behavior by design. This is how we’re bringing phishing resistance to the enterprise, turning identity protection into a shared responsibility for every employee.

Our relentless pursuit of security is not just front-facing; it's deeply embedded in our architecture. This vision is powerfully backed by our significant investment in confidential computing and our strategic use of cloud secure enclaves. This cutting-edge technology allows us to extend our foundational zero-knowledge architecture from your device directly to the cloud.

Thus, even as we embrace more scalable and more integrated solutions, we maintain one of our most important promises: Dashlane never has access to your data. This is privacy by design, built into the infrastructure itself.

This isn’t a short-term project; it’s a long-term mission. We envision a world where:

Credential security may seem like a narrow space, but it underpins everything we do online. When your credentials are protected, your identity, finances, communications, and even your organization are protected. That’s why this mission matters—not just for us, but for a better digital world.

And we’re proud to be leading the way.