Here at Dashlane, we build our product around total security for our users. We want to make the Internet a safe place without sacrificing convenience, and are consistently working to deliver the safest password manager and personal data vault product on the market.

Today we take Dashlane’s security one step further, with our online security breach alerts. These alerts will let you know as soon as we receive notice that one of your web accounts may have been compromised. The alerts will come directly to your phone or desktop, enabling you to easily change your password, which is your single-best defense in these situations.

Dashlane’s security breach alerts are live today, so please make sure to update! For desktop users, the V1.5 release (for both Macs and PCs) is now available; for mobile users, our V2.1 release for iPhone is ready for download at the App Store. (The security breach alerts will be available to Android users soon.)

And while we’re at it, we also want to let you know about other updates that come with our desktop and mobile releases today:

Desktop 1.5

  • Security breach alerts warn you if a web account may be compromised; you are then prompted to change your affected password(s)
  • Support for Firefox 15 and Firefox 16b
  • Many minor updates and improvements, as well as numerous bug fixes

iPhone 2.1

  • Security breach alerts warn you if a web account may be compromised
  • Account loading time improvements
  • Browser improvements and fixes
  • Data edit UI update (edit mode reveals all editable data)
  • Tap to copy any data and tap to reveal secured data
  • Return of the show password button (for web accounts, due to popular demand)
  • Fewer crashes due to memory issues
  • Many minor updates and improvements

As always, please let us know what you make of the updates. Thanks for using Dashlane!

About Daniela Perdomo

I'm Dashlane's Director of User Growth, charged with crafting the Dashlane story and driving organic adoption.
This entry was posted in Features, Mobile, Security, Updates, We Love Our Users. Bookmark the permalink.

13 Responses to Dashlane’s New Online Security Breach Alerts Keep You Safe

  1. I just discovered your product and I would like to raise one interrogation. How can you ensure you’re not stealing user’s main-password ?

    • We have no record of any of our users’ Master Passwords. The Master Password is not stored on our servers nor on your devices, so we have absolutely no access to it. In fact, if you forget your Master Password, we can’t recover it for you and have to entirely reset your account, as the only way to decrypt your data is with that Master Password. You can read more about our security measures here in our security white paper: https://www.dashlane.com/download/Security-Whitepaper-Final-Nov-2011.pdf

      • Yes I read it but how can I trust you ?
        Are you certified by some companies ?

        • Aurélien Lebrun says:

          I have this question in mind too.

          How can we be sure that the corruption of your infrastructure by a malicious third will never result in users’s keys theft ?

          For example, if a malicious update is pushed from your servers to clients applications, it can potentially “phish” keys. Am I wrong ?

          Thanks by advance and keep up the good work.

      • Jom Joney says:

        In fact if you dont trust dashlane you shouldn’t even if they’re “certified”.
        To be honest, why should they lie? If they do and it gets public (and most times it will become public) they will face many lawsuits.

        Anyway, i wont use dashlane until there is 2 factor Authentication (for free). There are many ways someone can get your password even though its not stored on the servers. The information stored is just too sensitive to rely on a single password

  2. Ryan says:

    How is DL prompted about security breaches? Is there an individual who just reads news releases all day, or is there a more structured process in place? Also then, i’m assuming that for those people who use the on-line synchronizing feature, all the sites we have accounts to are listed on a DL server somewhere, so that DL can push the notifications to us? What security is on the back end? DL offers a lot of great options for users, but not a lot of information on the back-end of things.

    • Alexis Fogel says:

      Hey Ryan,

      The sites you have accounts on are not listed on our server. Basically, you need to be logged in to Dashlane to get the alert. there is only the local application that can check your data when it has been decrypted locally with your master password.

      We currently handle the monitoring of security breaches in house.

      Thanks

  3. ThreatSec says:

    This seems pointless, since if a password breach has occurred, until the root cause is fixed, the new changed password could also be compromised with the same exploit.

    • Sometimes, the breach is secured very quickly in which case changing your password ASAP is indeed a good security measure to take. And in any case, it’s always a good idea to change your password on all accounts that may use the same password so you’re not affected elsewhere.

  4. Pingback: Remains of the Day: FBI Was Not the Source of Apple Device ID Leak [For What It's Worth] | Tips for the Unready

  5. Pingback: Remains of the Day: FBI Was Not the Source of Apple Device ID Leak [For What It's Worth]

  6. Lacedaemon says:

    Hi,

    I just logged in to Dashlane today and it says there’s a “security breach”. What exactly does this indicate, and should I seriously be worried?

    • Ashley Thurston says:

      Thanks for your comment! The security breach alerts let you know when the domain of a site that you have an account on has been compromised, so you can change the password for that account (and change any other other accounts that you may have reused that password on).