By: Dashlane, Inc
Dashlane is a free password manager software provided by Dashlane Inc., a company founded in 2009 and based in New York, USA. It features automatic login, automatic password changes, AES-256 secure encryption, security dashboard, security notification, strong password generator, secure notes, password sharing, and more. The dashboard allows you to monitor all your password health.
Dashlane is often talked about when people discuss password managers. It is a well-known product, and there are a lot of people who are already using it.
The password manager promises the user secure and universal access to all his/her passwords. Even though it is just a password manager, the service allows the user to store a bunch of other information as well.
The manager also helps to keep the state of security up to date across the user’s accounts.
In this review, we will check how efficient is the password manager when it comes to keeping the user’s information safe and protected.
The review will involve some serious analysis of the security measures used on the manager, and it will be directly compared with the other password managers available in the market.
The features such as the sharing and emergency access are also under our radar. We will try to find the reasons behind the popularity of the product and will also try to see if there are issues which should worry the users.
The review can be considered as the one made for analytical as well as informational purpose. It will not be all about if you should buy the product or not but about what should an ideal VPN product compromise of.
Most of the password managers are efficient when it comes to saving passwords. They also do additional tasks such as generating strong passwords and auto-filling credentials when needed.
However, the ease of access varies a lot through the password managers. Some of them avail a client to the user while others provide only cloud services.
Some of them exhibit great synchronization for all your devices while you may end up pulling your hairs with some others trying to synchronize your data across all your devices.
Ease of accessibility is a significant hurdle between a password manager and success. All the popular password managers make it a walk in the park for the user to access, synchronize, and modify the data and passwords stored in the manager.
The password manager users seem torn between the only cloud services and the ones which provide a proprietary client to the user. Both the methods seem to have their own merits and demerits, but it all boils down to user preference in the end.
Dashlane took care of both these sects by coming up with a client as well as providing cloud service to users. You have the liberty to go with either of the two modes or keep switching between them on Dashlane.
They also provide browser extensions for Chrome, Firefox, and Internet Explorer. Not sure who is still using Internet Explorer though. You can also get the mobile applications for Android and iOS devices.
With Dashlane, it is super easy to collectively manage passwords and other sensitive data across all the user devices.
The autofill feature of the service also works just as expected from a top-notch service, and we will discuss more about it in the later sections.
The need for an avenue to securely store confidential password information and access it remotely whenever required, called for the need of password managers.
But the companies did not took too long to realize the possibilities associated with such a product. They started allowing the user to store a lot more of the sensitive information along with the passwords.
Bank details and Ids are among a few of those categories.
The customers also welcomed this enhancement in the password managers as they now have a more safe, functional, and reliable way to store the personal documents and details.
There are cloud storage services which allow the user to store information and access it remotely when required, but the added encryption cover on the password managers make them the best option to store delicate data.
Dashlane gives abundant storage options to the user. You can store various sorts of credentials, data, and personal information inside Dashlane’s Vault.
Let us have a look at the different categories of information which can be stored in the manager.
No points for guessing, it starts with the passwords. All the password items with names of the websites and respective icons are present in the ‘Passwords’ tab. You can play with the layout within this tab.
Dashlane allows different sorting options such as date, name, category, etc. You can also switch between the list and grid view. Even though these options seem trivial, they affect the user experience.
You can have custom made categories as well and employ some rules for different passwords collectively or separately.
The flexibility provided to the client by these options may go unnoticed during the use as customers generally prefer only one way of doing things. But it takes cares of preferences of all the users, and therefore, it is a precious asset to the service.
There are different ways to add passwords in Dashlane. One is adding the URL, username, and other credentials manually into the client. You can also make use of the autosave feature of the service.
A pop-up appears every time you login into a service, and Dashlane asks the user if he/she wants to save the credential for this website. All that the user needs to do is click on the appropriate option to save the details.
From the ‘Passwords’ tab, you can make some modifications also. The user gets the option to opt for autologin, share the password, and most importantly change the password.
The Password Changer of Dashlane can and should be used to replace the old passwords with new and strong passwords on regular occasions.
Dashalane generates strong passwords which are difficult to guess and remembers them from you.
You can access the vault and therefore the password from the browser extension as well. It is a convenient and effective way to login directly into your user accounts on various websites.
You can store any sort of files or data here. It can be anything ranging from your personal diary to Wi-Fi passwords and safe combinations.
Dashlane allows storage of not more than 1GB of files per user account. The individual file size is currently capped at 50 MB.
The Secure Notes section also comes with loads of customization options where you can categorize and sort files, color code them, make the password protected, etc.
Versatility seems to be the common theme across all the sections of Dashlane.
We were unable to find access to these notes directly from the browser extension. You may need to access the application or login into your Dashlane web account to go through these files.
This is the third compartment of the Vault where you can store personal information which can later be used by Dashlane to autofill forms and make the process of creating a new user account fast and easy.
It accepts information such as name, date of birth, phone number, email address, residential address, company address, etc. You can choose what information you want to provide and opt not to provide the rest of the details.
The autofill feature will fill in only the available details and leave the rest blank for you.
You can save more than one profile in this section with different credentials for all of them. This gives the user the ability to switch between his/her public and private profiles (if they exist) without any hassle.
In our opinion, such a feature can be advantageous for gamers and public figures.
Yet another feature of Dashlane which will allows you to dash through the process. This time it is enabling you to check out faster and keep your card and account details safe at the same time.
In the payments section, you can store your credit/debit card details, bank account details, and PayPal account information.
The color coding and categorization helps the user organize information and prevent any confusion from prevailing in case there are multiple cards or accounts.
Once you have saved in the details, the next time you are making an online payment, all you need to do is choose between you cards or accounts saved on Dashlane.
Dashlane will automatically fill in all the details, and you complete the whole payment process in no time.
This way you also avert the danger of keystroke loggers. As the name suggests, this software logs the keystroke information. This simple software is used by hackers across the globe to extract valuable data such as pin codes and card details.
Dashlane’s digital wallet helps you negate this danger by eliminating the need to type in all the credentials before making a payment.
You can also include details such as shipping address along with the payment method details.
Next comes the ID section. You can store ID card, passport, Social Security card, driver’s license and tax numbers in this section.
The vault not only acts as a safe backup option for all your essential identification documents, but it also informs you about their expiration three months beforehand.
It is handy to have an easy access point for all your identification documents in case you lose the original ones while traveling or forget to bring a few with you on a trip.
Dashlane throws a red band on top of the ID icon if it expires. This makes it easy for the user to notice any expired IDs in his/her collection. With Dashlane, all you need to do is scroll through your IDs before going out for a trip to make sure things are in order.
It gives you the option to login into the client and edit the details anytime.
This is the place where you can find receipts of your online transactions. It allows you to store the details of your purchases manually as well.
This last section of the vault also exhibits all the versatile traits showcased by the previous sections. You can sort the receipts under various categories, according to the price, etc.
It aids in managing your expenses as well. At the end of the month, you will have information about all your expenses neatly sorted at one place, and it will be easy to monitor the spending habits.
Dashlane is on a constant lookout for any sort of anomalies or loopholes in the safety of your user accounts or personal information.
The ‘Security’ section of Dashlane is dedicated solely to the upkeeping of safety standards across all your accounts. However, this section can be accessed using the Dashlane client on PC or mobile, and through the web account.
The ‘Security’ section is divided into two tabs namely Identity Dashboard and Password Health. Both these sections work in conjunction to monitor the state of security across the user accounts.
The whole process can be broadly divided into three sections which are
Let us try to understand all about these sections.
Dashlane assesses all the passwords saved by the user and then generates a Password Health Score which informs about the overall strength of the user’s accounts.
Higher the score, the better is the strength of the user’s passwords. It classifies the password under various categories such as safe, weak, compromised, and reused.
Dashlane takes various factors into considerations while generating the Password Health Score. It checks if the user is reusing the same password for every site, the last time a password was modified, etc.
The Password Health section has a Manage Accounts button which redirects the user to a module where all the passwords are present under different categories in accordance with the Password Health Score.
The client then suggests the rectifications to address the issues at hand. Dashlane allows the user to replace the password with a new and strong one to improve the score.
It takes just a few clicks from the user to get a new and strong password and replace the not-so-safe one. It is the features like this which add to the value of the product and make the life easy for the customer.
The previous section was all about making your password strong and beefy. But there are other ways of compromising a user’s account and one of them is from the service provider’s end.
Most of the big companies and groups have dedicated security teams which work day and night to keep any intruders away from the company’s systems.
However, there are some small organizations as well which do not follow very sound practices when it comes to cybersecurity. Hackers and other cybercriminals are sometimes able to get into the systems of such groups.
Sometimes it takes months before the user or the organization is able to realize that a breach has happened. In the case of small companies, the news about the breach does not reach a lot of people because of the relatively less media coverage.
Bad password practices such as the one of using the same password across all the accounts by a user make for the easiest preys for the cybercriminals. They are then able to utilize and manipulate the information gained from one service to gain access to the user’s account on other services.
Dashlane keeps track of all the big and small security breaches across all the organizations irrespective of their sizes. It then sends notifications to the user if there is anything about which he/she should be concerned.
The alerts will prompt the user to change the password immediately. If the user has employed the same password for some other service, then Dashlane will deem that password as weak as well.
However, the service will not act until the user commands it to do so. It will keep displaying the alert until when the user addresses it or turns off the warning.
Dashlane was monitoring as many organizations as possible in the previous section, but things get a little focused on the user in this section.
Under Dark Web Monitoring, the service scans for the leak of personal information of the user on the internet. Dark Web Monitoring is available with Dashlane Premium. However, it cannot be used on the Web app, and the user needs to download the client.
The user needs to provide the email address which he/she wants to be monitored. There is an email verification step as well to ensure that the service is not being used to monitor someone else’s account. The service then looks for any information related to that account on the internet.
If there is any personally identifiable information on the internet related to that account, the user will get an alert regarding the same. Dashlane allows the feature to be used for a maximum of five email addresses from one account.
The service keeps scanning the internet for any personally identifiable information related to that email address as long as it stays in the Dark Web Monitoring section of the client.
All the issues found after the Dark Web Monitoring scan will pop up in the security alerts section, and the user will get the same options to deal with the problems.
There are certain risks involved when you share sensitive information such as passwords over email or instant messaging services.
These services generally do not encrypt the data before transmitting it over the internet, and by the end of the process, there are so many prints of the data left on the internet as well as on your device.
Therefore, it is not a very bright idea to share passwords and other sensitive information over conventional modes.
Dashlane allows its users to share the Passwords and the Secure Notes with other users on the service. The information is encrypted before sharing, and it is made sure that it does not leave a lot of prints in the process.
Only the contents in the Passwords and the Secure Notes section of the vault can be shared using The Sharing Centre.
The manager allows you to grant either Limited Rights or Full Rights to the other user over the contents shared. With full rights, the recipient will able to modify the passwords and the notes in the same way as you can.
If the recipient has Limited Rights, all he/she can do is use the password to login into the services but cannot change it inside Dashlane. If the password is changed outside of Dashlane, it will automatically get updated in the manager as well.
The recipient is not able to see the password with the Limited Rights, but it will not be a tough challenge for a technically sound person to read it by using other means.
However, it is highly likely that you will be sharing such contents with only those people who you trust, and therefore, violation of rights should not be a huge concern.
You can always revoke the access from the recipient when you feel that there is no need to share the contents anymore.
The process to share the password is very simple, and there is a guide to do the same on the support page of Dashlane.
It is needless to say that you can use The Sharing Center to receive passwords and notes from other Dashlane users.
There can be some situations which demand someone else to access your accounts for you. The case can be anything ranging from a medical emergency to when you forget your Master Password.
You can add some emergency contacts in your Dashlane account just to be on the safer side. The feature is currently available on the desktop app and not the mobile applications.
All you need to do is add people you trust in your emergency contact list and wait for them to accept the request. It is worth mentioning that only the Passwords and The Secure Notes can be shared with the emergency contact person.
When one of your emergency contacts asks for permission to access your account, he/she will have to wait for a specified ‘waiting period.’
You can choose to have a waiting period between 0 to 2 months. You can also choose to allow access only when you accept the request of the emergency contact. In the latter case, the waiting period will be the time you take to confirm the request.
The waiting period is the time in which you will get notified about the request from Dashlane, and you will have an option to decline the request from your emergency contact.
The other user will not be allowed to modify the contents of your account, and he/she can only read it.
Once the access is granted, all the changes you make in the passwords and notes will be visible to the emergency contact as well.
You can go into the advanced settings to choose which of the passwords and the notes you want to be accessible by your emergency contact.
This feature can prove to be a lifesaver in the crunch moments, but it is the responsibility of the user to choose the emergency contacts sensibly.
Old habits die hard, and many people have the habit of using the same password for all their accounts. Some have the habit of using simple passwords such as ‘qwerty’ and ‘password.’
If you are also one of these people, we don’t blame you. We understand that it takes a lot of effort to come up with a complex password every time.
The password generator in Dashlane will do this tedious job for you every single time. It will churn out strong and complex passwords for you day in and out.
The ‘Generator’ can be easily accessed from both the client as well as the extension. All it needs is a click, and you will have a strong and complex password at your disposal.
You can use it as a password for a new website or just to get a random set of numbers and characters if you are into that sort of things.
There are a few settings to tweak such as to choose if you want to include/exclude digits, letters, symbols, and ambiguous characters in your password.
In our opinion, Dashlane could have served a few more customization options in the password generator. An option to control the length of the password can make things even more fun and functional.
The manager also tells about the strength of the password so that the user does not end up with a weak password after playing with the settings a bit too much.
Password Managers make use of Master Passwords to keep all the user’s passwords and other sensitive information safe and away from the reach of anti-social elements.
Master Password is the password that the user needs to login into the password manager. Master Password is also used to generate an encryption key which is then used to encrypt the rest of the user’s passwords and data stored on the client.
We will discuss more about Master Passwords and their importance in the next section.
What is important to understand right now is that Master Password determines the strength of security of user’s data to a large extent. It helps that the user must remember only one password and he/she can manage to remember a relatively complex one.
However, Master Passwords also make for a single point of failure for the entire system. The implications can be catastrophic if it gets into the wrong hands.
This calls for an additional layer of security which is not static in nature like the Master Password.
Dashlane allows Two-factor authentication to provide that additional layer of security to the user’s account.
Two-factor authentication in this case, makes use of a mobile device along with the Master Password to allow access to the user’s account.
It will not be enough for the hacker to know the Master Password anymore. He/she will need to gain access to the device as well.
There are various TOTP-based (Time-based One-Time Password) mobile authenticators which can be used to implement Two-factor authentication on Dashlane.
Google authenticator and Authy are among the popular ones.
Dashlane has provided a detailed guide on how to implement Two-Factor authentication on Dashlane. You can check it out here.
Even though Dashlane is available on so many platforms and in so many forms, it is a breeze to synchronize data and information across all these avenues.
Let us first discuss the different ways available to login into your Dashlane account.
First one is by using the desktop client. You can get the desktop application for both Windows and MacOS devices. The desktop clients showcase the whole array of options available on the service.
Some services which are not accessible through other portals such as the web app, can be accessed using the desktop client.
The availability of the application on Google Play as well as the App Store allows you to manage passwords on the go. The service provider proudly mentions of excellent ratings achieved by the applications on both the portals.
For those who don’t find the idea of switching between the browser and the client amusing, there are browser extensions available. You name it, and they have an extension for your browser.
Dashlane avails browser extensions for Chrome, Firefox, Internet Explorer, Safari, Edge, and Opera. There is a high probability that you use one of these web browsers on your desktop.
The manager automatically syncs data between all the user’s devices every five minutes. You can choose to turn off the sync if you want, and manually synchronize the data between the devices as per your convenience.
The option to enable/disable the sync is not available on the browser extensions. You will have to use the client or the web app to control the synchronization.
There is no need to emphasize the importance of security on a Password Manager. It is like a vault in which the keys for other vaults have been stashed.
Dashlane follows a ‘Trust No One’ approach to keep all of the user’s data safe. The approach implies that neither the company servers nor the users can be trusted.
It all begins with the generation of Master Password by the user. It is essential for the user to create a strong and complex Master Password since it can be used to gain access to the entire content stored in the manager.
Dashlane helps the user create a strong Master Password by enforcing guidelines for a strong password. The guidelines include the use of numbers, both upper- and lower-case characters, etc.
It is the Master Password based on which the deciphering key for the user’s content is also generated. All the data is secured with AES 256-bit encryption.
It is military grade encryption and the most robust one as well. Theoretically, it will take billions of years to break into this encryption using the current computation methods and standards.
Dashlane never stores the Master Password on any of its servers, and it is stored locally only when the user asks the client to do so.
All the traffic between the user’s device and the Dashlane servers moves under the HTTPS cover, and all the encryption/decryption at the user’s end is completed using OpenSSL.
Let us put away all these fancy terms aside for a moment and try to understand the security mechanism in simple words.
Dashlane generates a key from the user’s Master Password and uses it to encrypt all the information provided by the user and then stores the encrypted information on its servers.
This way none of the user’s information is accessible by anyone from the Dashlane as well. It will all be a bunch of random numbers and characters without the encryption key.
The Master Password is never transmitted over the internet and therefore, unsafe public networks such as an open Wi-Fi at a random restaurant can’t be used to gain access to the user’s Master Password.
Those who feel the need for more security can make use of Two-factor authentication feature as well. We have already dedicated one section to it in this review.
However, maybe there is an added downside to all these strengthened security features and strategies. If you happen to lose or forget your Master Password, Dashlane won’t be able to get it back for you as they don’t have any way to know it.
For those who shudder at the sight of such responsibilities, Dashlane has a ‘remember me’ feature available.
It will keep the user’s session active for 14 days, but we recommend using it only if the user is sure that no one else will be able to gain access to his/her device.
We are quite satisfied with the security mechanisms employed by Dashlane and find the policies and the architecture effective.
We seem to have discussed the customization options in every section of this review until now, and yet we had to come up with a separate heading for it altogether.
There are still so many features left to discuss that we felt the need for one more section to fit them all in.
There is an ‘Open sync preferences’ option in the ‘Sync’ menu of Dashlane. It opens up a wide variety of customization options for the user.
It is divided into various tabs. The first one is ‘General.’ This tab allows the user to change various settings related to auto-login, startup, browser extension, and data capture.
It is here that the user can control the extent to which he/she wants to allow the service to interfere in general.
The next tab is ‘View.’ You can use it to choose what category of notifications you would like to see pop up on the client.
The next two tabs are ‘Sync’ and ‘Account.’ The first one allows you to turn on the sync between various devices while the latter displays information about the account and status of description. You can change the Master Password, email address and phone number in the ‘Account’ tab.
The subsequent tab is ‘Security.’ You get to choose when you want the service to ask for the Master Password other than the login. The option to turn on Two-factor authentication is also present in this tab.
Dashlane serves the user with some advanced security setting options as well in this tab. You can choose to enable the verification for web browsers and change the key derivation function from the default one.
The last tab in this window is ‘Advanced,’ and it is not very advanced in our opinion. All it does is allow the user to change the language, change the country, and enable automatic proxy detection.
In the end, we have hardly got anything to complain about. Dashlane seemed to do it all right in all the sections.
Starting from the installation process, the client is available for all kinds of platforms. You can use it from the web or desktop or mobile or even the browser itself.
Then the clean vault design is impressive as well. If we are to be extremely critical of the service, then we can say that it lacks sections in the vault for things such as driver license and Wi-Fi passwords.
However, there is always an option to create a new section in the vault, so we are not much worried about that.
The manager has got all the robust security measures necessary to keep the user’s data and accounts safe. We are also impressed by the security monitoring by the password manager.
Two-Factor authentication enhances the security on the service. Sharing of information could not have been easier than this, and it is safe as well.
We won’t argue with anyone’s choice of going with this password manager.
Overall Visibility Score 62.75
Company Name: Dashlane, Inc
Founded In: 2009
Address: 156 5th Avenue, Suite 504, New York, NY, USA
