Dashlane is built on the principle of zero knowledge, meaning only you have access to the data in your Dashlane vault. Your logins and personal information are always “encrypted,” even when we store your data on our servers as a backup and to sync your data across devices. Encryption scrambles your data so that no one can read it—not even Dashlane.
When you enter your Master Password, your data is “decrypted” on your device and available only to you. No one but you knows your Master Password, not even Dashlane. So only you can access your data.
Our zero-knowledge approach also applies to passwordless, security key, and SSO Dashlane accounts. These login methods are highly secure and make accessing Dashlane easier than ever before. You no longer need to create and remember a complicated Master Password to safely manage your online life.
Interested in learning about the technical details of our zero-knowledge approach?
Download our “Security at a glance” one-pager
Explore Dashlane's Security Principles & Architecture
Learn more about security and passwordless login
Learn more about the publicly available Dashlane extension code
Find out how to know when to trust an email you received from Dashlane
How does Dashlane keep my data safe?
- Dashlane requires a strong Master Password. We encourage our customers to make their Master Passwords unique and as complex as possible while still being memorable.
More on Master Passwords - We don’t store your Master Password anywhere on our servers, and we never send your Master Password over the internet. No "reset link" is available for your Master Password.
- Dashlane doesn't use password hints or security questions for password reset. These processes are often bad for security, and we don't use them for that reason.
- When you log in to a new device, we add an extra layer of security by sending a code to a device or email account that we know belongs to you.
Other steps Dashlane takes
- We're the first major password manager to meet the updated 2022 ISO standards and become ISO 27001 certified.
Read more about ISO certification on our blog - We host our servers on Amazon AWS, one of the most respected and secure cloud hosting services.
- We audit our products to minimize the risks in our system.
- We regularly scan our servers and security systems for any traces of suspicious activity or vulnerability.
What can I do to make my data more secure?
You can take these steps to strengthen security while using Dashlane:
- Only install Dashlane from official sources, such as the Chrome Web Store, Firefox Add-ons page, Apple App Store, or Google Play Store.
- Create strong and unique passwords for all your logins. Use our Password Generator to create the strongest password possible. With our autofill feature, you won’t have to remember your passwords.
Dashlane Password Generator - Set up the recovery options available to you so that you can regain access to your account if you forget your Master Password.
Account recovery options for Dashlane - Keep track of your Password Health and update weak or compromised passwords.
Password Health score - Make sure to respond to security alerts by changing your passwords. We provide these alerts when your logins are affected by a breach.
More about security alerts - Protect your account with 2-factor authentication (2FA) for an extra layer of security.
Turn on 2FA - Dashlane Premium subscribers can use our virtual private network (VPN) for additional security on unsecure networks like public Wi-Fi.
More about VPN protection
Want to know more about security at Dashlane?
Explore Dashlane's Security Principles & Architecture
Want to learn other ways to keep your account secure?
Tips for keeping your Dashlane account secure
What if I lose a device with Dashlane data on it?
You can also add layers of security to block access in case someone gets access to your device:
- Turn on PIN unlock in Android or Use PIN in Apple, and no one can access your data without your 4-digit code
- Turn on Biometric unlock, and no one can access your data without your face or fingerprint
Unlock the iOS (Apple) app with biometrics or a PIN
Unlock the Android app with biometrics or a PIN
You can also unlock the Dashlane macOS using Touch ID. You can't use Touch ID with the Dashlane browser extension for Safari due to a limitation on Safari's side, so you need to use your Master Password.
Unlock the Dashlane macOS app with Touch ID
More about the Dashlane extension for Safari
You can also remotely remove any device from your Dashlane—a good idea if it's been lost or stolen.
Remove a device from your Dashlane account
After removing a device, the next time you access Dashlane on that device, we’ll ask you to enter a code sent to an email address or mobile device we know belongs to you.
What if Dashlane's servers are hacked?
Our technical design ensures only the user, not Dashlane or any third party, can decrypt their vault. Even if Dashlane’s infrastructure is compromised, attackers should not be able to access stored credentials or secrets. Dashlane’s security philosophy is grounded in the principle that data must remain secure under all circumstances.
Even if infrastructure, devices, or internal environments are compromised, our zero-knowledge architecture aims to ensure vault data stays protected. We continuously evaluate and refine our threat model to defend against the most relevant attack vectors: application vulnerabilities, compromised devices, server attacks, internal IT breaches, and insider threats.
Can Dashlane employees access my data?
No. Dashlane employees can't see your logins or personal information because of our “zero-knowledge” security approach. Anywhere we store your logins or personal information—including our servers—your data is encrypted using the strongest security available.
The only way to see the data you store in Dashlane is to log in to your account using your Master Password on a device you approve. We don’t know your Master Password. Only you know your Master Password, so only you can see your data.
I don't want my data saved in the cloud. Do I have that option?
No. We back up all of our customers' encrypted data on our servers. Remember, only you have the key to your data—your Master Password—so we can never read or decrypt your data.