Zero-Knowledge Account Recovery for Dashlane Business
Account Recovery provides Dashlane Business users with a simple and secure way to recover access to their Dashlane account should they forget their Master Password. Our patent-pending process preserves a zero-knowledge architecture while providing peace of mind. There is no need to reset all stored passwords in case of a forgotten Master Password.
Overview of Account Recovery
To use Account Recovery, you must have a Dashlane Business account. An admin on your account must also have enabled the feature (see Enabling Account Recovery, below).
Your Dashlane apps must also be upgraded to the following versions:
- Windows: 5.0 or higher
- Mac: 5.3 or higher
- iOS: 5.0 or higher
Account Recovery is currently unavailable on Android and the Web app.
Enabling Account Recovery
Admins can enable Account Recovery from within the Admin Console (Settings > Account Recovery). Admins will be prompted for their Master Password to confirm the setting.
Once Account Recovery is enabled, all users on the account will receive an in-app notification.
If you choose to setup Zero-Knowledge Account Recovery, you need to click Ok and log out of your Dashlane Desktop application and log back in on the same device. This last step is required to complete a future Account Recovery request.
Opting out of Account Recovery
Account Recovery is enabled by default for everyone. For privacy reasons, each user has the option to disable the feature for their account. Users can re-enable it at any time from their app Security settings.
Sending a recovery request
Once Account Recovery is enabled, users can request an admin’s approval to recover access to their account should they forget their Master Password.
A recovery request can be made by selecting “Forgot your password?” on the app login screen. Users are asked to verify their account – using two-factor authentication when available – and create a new Master Password as part of the request.
Once a request has been made, the business account admins will receive notification by email and on The Admin Console. The requestor will need to wait for an admin of their business account to respond.
Cancelling a recovery request
Users can cancel recovery requests at any time before an Admin responds.
Answering a recovery request
An email notification is sent to all Admins on an account when a team member sends a recovery request.
Notification badges are also displayed in the Admin Console on the Activity Log tab, where admins can review and approve or deny recovery requests.
We strongly recommend admins validate the authenticity of users’ requests in person where possible.
Recovering account access
Users receive an email notification once an admin has responded to their recovery request.
If approved, users can recover access to their account by logging into Dashlane using their new Master Password. Note that all devices using Dashlane will need to be re-registered following recovery.
If denied, users should contact their admin(s) to understand why before sending a new request.
A user's entire vault is recovered - Personal Space and Business Space data - Admins do not have access to users' personal information at any point in the recovery process.
Are emergency contacts or sharing through Dashlane affected by Account Recovery?
No. Any shares between users will be intact and emergency contacts remain in place.
Do Account Recovery requests expire?
Can an admin recover their own request?
No. We recommend having more than 1 admin on your account if admins would like to have the option to recover their accounts.
Can an admin disable Account Recovery when there is a pending request?
What happens if a request is made and then the user is revoked?
Revoked users do not have access to Account Recovery, which is currently only available for Dashlane Business users.
Why do users have to reauthenticate all their devices after recovering their account?
Account Recovery requires users to change their Master Password. Any time a user’s Master Password is changed, all previously authenticated devices must be re-authenticated for security reasons.
Why can users disable Account Recovery?
Account Recovery allows admins to help users recover their accounts. We understand some users may prefer to not have this option. For privacy reasons, we allow users to opt out for their account. Users can opt back in at a later time if they choose.
How can admins know which users have disabled Account Recovery?
We will provide this level of reporting in the Admin Console in the future.
How does Zero-Knowledge Account Recovery work?
We recommend reviewing our Security Whitepaper. Dashlane does not send nor store any users' Master Password on its servers, including during the Account Recovery process.