Secure and Encrypted Password Manager

Our security model in a nutshell:

AES-256
Encryption

Your
encryption
key is not
recorded

Local-only
or synced -
YOU choose

Two-factor
authentication

AES-256 encryption (the world's leading standard), with 10,000+ rounds of PBKDF2 salt. Open source, yet remains uncracked. Widely-accepted as the strongest encryption there is. See a sample encrypted file .

The key that encrypts your data is derived from your Master Password. There is by default NO RECORD of them anywhere in the universe – not on your device, never on our servers and never transmitted on the web.

You can choose to have your private, encrypted data never leave your device. Or, seamlessly sync your data (AES-256 encrypted, of course,) via our servers to multiple devices.

You can add two-factor authentication with Google Authenticator to bring yet another layer of security to access your data. Read more about Google Authenticator.

AES-256
Encryption

Your
encryption
key is not
recorded

Local-only
or synced -
YOU choose

Two-factor
authentication

KW_MISSING_TRANSLATION

You can choose to have your private, encrypted data never leave your device. Or, seamlessly sync your data (AES-256 encrypted, of course,) via our servers to multiple devices.

You can add two-factor authentication with Google Authenticator to bring yet another layer of security to access your data. Read more about Google Authenticator.

KW_MISSING_TRANSLATION

What this means for your data:

Your data is encrypted with the strongest algorithm there is, and we've chosen an incredibly stringent way to implement it as well - a hacker's nightmare

Because we don't record your Master Password or any hash/derivative of it on our servers (i.e. we literally "throw away the key"), your data can be decrypted ONLY BY YOU - not even Dashlane has access to your data

If you're worried about your "data in the cloud", you can choose to keep your encrypted data purely local - i.e. only on your device

To layer up even further, you can use two-factor authentication with Google Authenticator, which adds another independent lock and key to get to your data

FAQ:

How is it that Dashlane doesn't store even a derivative of my Master Password? Doesn't your app need it to work?
Dashlane doesn't need your Master Password. We authenticate you based on your machine (and not any password.) You use your Master Password to only decrypt your own data locally on your computer, and your data is successfully decrypted only if you provided the right one.
What if Dashlane gets hacked?
We take incredible care to keep our servers secure. However, the only thing that allows us to sleep at night is knowing that the data in our cloud is always encrypted with AES-256, with a unique key for each user that isn't recorded anywhere. Without these keys, this encrypted data is useless to anyone, including us.
Why is my data safe in the cloud?
For the same reason as above. Our cloud only has your encrypted data, which is useless without your unique Master Password-derived key (because of the super-strong AES-256 encryption algorithm.) And we don't have any record of these keys anywhere.
What happens if I forget my Master Password?
Because we never store even a derivative of your Master Password, we cannot recover your data if you forget it - you need to start over with Dashlane. Our users understand that this is the only way for us to ensure that their data is inaccessible to anyone but them.
How does Dashlane enable sharing passwords with others while still not being able to read my data?
When you share a password or other data via Dashlane, only the recipient has the ability to decrypt that data. Dashlane performs the encryption locally on your device, using a 1-way mechanism called public / private key encryption. Once encrypted with the public key of the recipient, the data can only be read with the private key of the recipient which Dashlane does not have. It is like a key that can only be used to lock but cannot be used to unlock. For more details on how encryption works for sharing, see here.
When I share my data, does the shared data have the same level of encryption as my regular data?
Yes - all the data that you store in Dashlane - whether it stays on your device only, is shared with other users, or is synced and backed up to the cloud - remains encrypted with AES-256 encryption and a unique key which is private to you. Learn more about encryption for sharing here.
If I give emergency access to someone, how is Dashlane not able to read my data?
Encryption for emergency functions in exactly the same way as it does for sharing your data. You and your emergency contact are the only ones that have the full set of encryption keys that enable you to read this data. For more details on how encryption works for emergency, see here.
Why is Password Changer secure?
Password Changer takes the same manual steps that you normally would when you change your passwords, only now you don’t have to! We follow best security practices while securing communications between Dashlane, our servers, and websites, and your data remains encrypted with AES-256 while within the app or being synced across your devices. Not to mention, you’ll have unique passwords on each site, which greatly increases your online security. For more technical details, see our Security Whitepaper.

Maximum security for your data.

Our security model in a nutshell:

What this means for your data:

FAQ: