Questions you should ask about the security of your password manager and questions we ask ourselves to make the best password manager available:
- Can Dashlane employees see my passwords?
No. We want to maximize your security, as well as ours, which is why we do not store your Master Password on our servers. Everything you store within Dashlane is encrypted into an indecipherable string of random letters, numbers and symbols. - How is it that Dashlane doesn't store even a derivative of my Master Password? Doesn't your app need it to work?
Dashlane doesn't need your Master Password. We authenticate you based on your machine (and not any password.) You use your Master Password to only decrypt your own data locally on your computer, and your data is successfully decrypted only if you provided the right one. - What if Dashlane gets hacked?
We take your security personally, which is why we proudly host on Amazon AWS; the most respected and secure server in the industry. In addition to Amazon’s 24-7-365 monitoring we also continually audit all of our software by hiring the best (friendly) hackers in the business to try and break into our system.
In the unlikely case that our system is penetrated you can feel secure knowing that your Master Password is never stored on our servers; which means the bad guys can’t get access to your Dashlane account. Additionally, any data that is passed through our cloud is encrypted with the strongest encryption in the industry – AES 256. - What is a "Master Password" and why is it important?
Your Master Password is the password you use to unlock Dashlane on all of your devices. Think of it as your first line of defense and the personal key to all of your data; i.e. you and only you should know what it is.
Dashlane requires all users to have a strong Master Password to ensure a maximum level of data protection. The shorter or easier your password, the easier it is for the bad guys to guess or hack. That’s the reason why we require your Master Password contain at least 8 characters, including mixed-case letters and numbers. - What happens if I forget my Master Password?
Because we never store even a derivative of your Master Password, we cannot recover your data if you forget it - you need to start over with Dashlane. Our users understand that this is the only way for us to ensure that their data is inaccessible to anyone but them. - Why don’t you store my Master Password or provide password hints?
If we had this information stored then it would leave your information vulnerable in the event a hacker was able to penetrate our security protocols. By not storing the password ANYWHERE we’re providing you the ultimate level of security.
The same goes for password hints. Password hints often give away actual passwords, something we never want to do. - What type of hosting and storage do you use?
We use Amazon’s AWS for our hosting; the most respected and most secure cloud hosting solution on the market. We chose AWS knowing that it would provide our users the peace of mind of Amazon’s 24-7-365 security monitoring. - How does Dashlane enable sharing passwords with others while still not being able to read my data?
When you share a password or other data via Dashlane, only the recipient has the ability to decrypt that data. Dashlane performs the encryption locally on your device, using a 1-way mechanism called public / private key encryption. Once encrypted with the public key of the recipient, the data can only be read with the private key of the recipient which Dashlane does not have. It is like a key that can only be used to lock but cannot be used to unlock. For more details on how encryption works for sharing, see here. - When I share my data, does the shared data have the same level of encryption as my regular data?
Yes - all the data that you store in Dashlane - whether it stays on your device only, is shared with other users, or is synced and backed up to the cloud - remains encrypted with AES-256 encryption and a unique key which is private to you. Learn more about encryption for sharing here. - If I give emergency access to someone, how is Dashlane not able to read my data?
Encryption for emergency functions in exactly the same way as it does for sharing your data. You and your emergency contact are the only ones that have the full set of encryption keys that enable you to read this data. For more details on how encryption works for emergency, see here. - Why is Password Changer secure?
Password Changer takes the same manual steps that you normally would when you change your passwords, only now you don’t have to! We follow best security practices while securing communications between Dashlane, our servers, and websites, and your data remains encrypted with AES-256 while within the app or being synced across your devices. Not to mention, you’ll have unique passwords on each site, which greatly increases your online security. For more technical details, see our Security Whitepaper. - What are some additional steps I can take to stay safe?
- Use Dashlane to generate hack-proof passwords for all of your accounts. One of the benefits of Dashlane is that our password generator will automatically create strong, un-hackable passwords for all of your accounts.
- It’s important to have a different and strong password for all of your online accounts. This is for your protection as reusing passwords for multiple accounts increases the likelihood you’ll fall victim to a breach or hacking incident. If a hacker gains access to one of your accounts they can easily access others if you’re reusing the same login credentials.
- Change your passwords frequently using our Password Changer. It’s important to change your passwords frequently as security breaches often go undetected for months at a time, so you never know when a specific account may be affected. We recommend changing passwords every 90 days to minimize your risk.
- Use 2-Factor Authentication for maximum protection. 2-Factor authentication is the ultimate security mechanism as it requires you to validate, or authenticate, your identity on a 2nd device before being granted account access.
- You can learn more about how to easily use 2-Factor on Dashlane in our help article.
