What If Dashlane Gets Hacked?
Originally published October 19, 2019. Last updated June 5, 2023.
“What if Dashlane gets hacked?” It’s the number one question we're asked. We get it—you want to know how storing all your passwords and personal information in one place is safe.
Here's how it works. Your Dashlane account can only be unlocked with your Master Password or secure single sign-on (SSO), and only one person knows your Master Password: you. We don't save your Master Password in any form and can’t access your Dashlane account using your SSO.
Everything you store in Dashlane is encrypted (converted to a scrambled code) using your Master Password or SSO as the key. Without them, your data remains safely indecipherable. This means that even in the unlikely event that Dashlane gets hacked, everything in your account will remain securely encrypted.
Dive deeper: How does Dashlane encrypt customer data?
- Dashlane relies on best-in-class cryptographic primitives to manage vault encryption.
- We use Argon2, the winner of the Password Hashing Competition, to generate an Advanced Encryption Standard (AES) 256-bit key for encryption and decryption of the user’s personal data on the user’s device.
- Unlike some other password managers, we encrypt all of our customers’ data, not just passwords. This includes Secure Notes, domains, and more.
- Access to a user’s data requires that user’s Master Password, which is only known by the user and never stored on Dashlane servers or transmitted over the internet. For organizations using single sign-on (SSO) with Dashlane, employees don’t need to create a Master Password. However, the end result is still the same: we protect all your data.
A strong Master Password ensures your data is only accessible to you
Dashlane's zero-knowledge security architecture stops a breach at the point of entry. Only you can decrypt your data on your own registered device. Since your Master Password is your key, it's crucial that it be complex and unique, never shared with anyone else, and never used on any other site.
A strong Master Password should be at least 12-15 characters long and exclude any personal information, like names or birthdates. It’s also critical to avoid any common password phrases, like “Password” or “123456,” as well as dictionary words and slang phrases. Strong Master Passwords also use a mix of upper and lowercase letters, numbers, and special characters throughout. And when we say unique, we mean it: repeating even a piece of your password in another password weakens them both. And these are great rules to follow for all your passwords—if your account passwords are complex, unique, and only known to you, should one of your accounts suffer a breach, no other accounts would be affected.
The best Master Passwords are those created by password generators to introduce as much randomness as possible. And while they might seem tricky to memorize at first, it’s easy to come up with mnemonic phrases to help you remember the string of letters, numbers, and special characters.
Let’s try it with this 13-character example adapted from Dashlane’s Password Generator tool:
iAaFoOH2O%iSc = I am a fish out of water in science class
Every other letter is uppercase, "water" is H2O, and a special character is added, which greatly raises the password complexity.
2FA gives you even more protection
2-factor authentication (or 2FA) provides an extra layer of security to your account beyond just a username and a password. 2FA is characterized by something you know, something you have, and something you are. This could be any combination of your password (something you know), a code sent to or generated by your mobile device (something you have), and your fingerprint or FaceID (something you are).
Dashlane makes 2FA a breeze for IT admins and employees alike by providing easy enforcement options and streamlined access to recovery codes when needed. Setting up 2FA with Dashlane has never been easier, and with 82% of breaches involving a human element, this simple security step can make a huge difference.
Since the average internet user has 240 online accounts requiring a password, remembering them all can feel impossible. The best way to ensure security is to store all those unique, complex passwords in a password manager. Dashlane's job is to remove the password burden while taking your risk as close to zero as possible. Our Autofill feature makes things even easier, populating your logins and info across the web and making the internet safer and simpler to use—every day, everywhere, on all your devices.
Want to learn just how easy it is to improve your organization’s password security? Try Dashlane now and see for yourself.
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.