Account Recovery provides members of a Dashlane Team or Dashlane Business plan with a simple and secure way to recover access to their Dashlane account if they forget their Master Password.
Our patented process leverages the role of the Dashlane plan admin to guarantee the member’s identity, all while preserving our zero-knowledge architecture. Once enabled, if a member forgets their Master Password, they can rest assured that they can recover their data.
Account Recovery is not available to members of a Dashlane Business plan with SSO enabled.
Contents
Overview of Account Recovery
- A Dashlane Team or Dashlane Business plan admin turns on Account Recovery.
- A plan member selects Forgot your password? at login from a previously authenticated device, verifies their account, and creates a new Master Password. This action sends an Account Request to the admins.
- The request appears in the Admin Console on the Activity Log tab.
- An admin approves the request.
- The member regains access to their account using their new Master Password.
Prerequisites
To use Account Recovery:
- The plan member must belong to a Dashlane Team or Dashlane Business plan
- The Dashlane plan admin must have turned on Account Recovery
- The Dashlane plan member must have activated Account Recovery
- The member must be using the following versions of the Dashlane web app:
- Chrome extension: 6.2121.1 or later
- Firefox extension: 6.2121.1 or later
Account Recovery isn't available on mobile or in the Safari app.
Turn on Account Recovery
A plan admin can turn on the Account Recovery feature in the Dashlane Admin Console by selecting Settings and then Account Recovery. The admin is prompted for their Master Password to confirm the setting.
After an admin has turned on Account Recovery for the plan, all plan members receive an activation notification the next time they log in.
To activate Account Recovery for your account, select Activate Account Recovery.
Opt-out of Account Recovery
For privacy reasons, each plan member has the option to disable the Account Recovery feature for their account and can reactivate it at any time.
To disable Account Recovery for an account, the member selects Not now on the web app in the popup received after the plan admin has turned on Account Recovery for the plan.
If they've already activated it but change their mind later, the member can disable Account Recovery by going to My account, Settings, Security settings, and then Account Recovery.
Send a recovery request
After a plan admin has turned on the Account Recovery feature and a plan member has activated it, the member can request admin approval to recover access to their account.
Plan members make a recovery request by selecting Forgot your password? on the web app login screen or Forgot password? on the login screen from the extension popup.
Important: Members need to send a recovery request from a previously authenticated device. Each browser is considered a device and must be authenticated, so a member can't send a recovery request from a new browser that hasn’t been authenticated. Similarly, uninstalling and reinstalling the extension or clearing cookies removes the secret key established when they enabled Account Recovery, and the extension will be considered a new device.
The member is asked to verify their account—using two-factor authentication when available—and create a new Master Password as part of the request.
Important: The member needs to complete the recovery on the same device used to send the recovery request. If the member tries to use their new Master Password on a different device before completing the request, they'll receive an "invalid password" error message without any mention of the pending recovery attempt.
When a member sends a recovery request, Dashlane sends an email notification to all admins of that member's plan. The member must wait for an admin to respond.
Cancel a recovery request
Plan members can cancel recovery requests before a plan admin responds.
Answer a recovery request
When a plan member sends a recovery request, Dashlane sends an email notification to all admins of that member's plan.
Notification badges display in the Admin Console on the Activity Log tab where admins can review and approve or deny recovery requests.
Important: We strongly recommend that admins validate the authenticity of requests in person when possible.
Recover account access
The plan member receives an email notification when a plan admin responds to their recovery request.
If approved, the member can recover access to their account by clicking the Log in to Dashlane link in that email and entering their new Master Password.
All devices using Dashlane will need to be re-authenticated following recovery.
If denied, members must contact an admin to understand why before sending a new request.
The member can now recover their entire vault, including the data from both their personal and business spaces.
Note: Admins don't have access to members’ personal information at any point during the recovery process.
FAQs
Are shared items affected by Account Recovery?
No. Any items shared between plan members remain intact.
Do Account Recovery requests expire?
No.
Can a plan admin approve their own recovery request?
No. We recommend having more than one admin on your plan if admins would like to have the option to recover their accounts.
Can a plan admin disable Account Recovery when there is a pending request?
No.
Why are plan members required to re-authenticate all their devices after recovering their accounts?
Account Recovery requires a member to change their Master Password. Any time a member's Master Password changes, all previously authenticated devices must be re-authenticated for security reasons.
Why can plan members disable Account Recovery?
Account Recovery allows plan admins to help members recover their accounts. We understand that some members may prefer not to have this option available. For privacy reasons, we allow members to opt-out of their accounts. Members can always opt back in later.
How can plan admins know which plan members have disabled Account Recovery?
Dashlane will provide this level of reporting in the Admin Console in the future.
How does Zero-Knowledge Account Recovery work?
We recommend reviewing our Security Whitepaper. Dashlane doesn't send or store any members’ Master Passwords on its servers, including during the Account Recovery process.