What is Password Changer and how does it work?
The Password Changer feature allows you to change the passwords for many of your websites with one click, instead of having to change them manually.
It's currently available on Windows, Mac OS X and iOS. Note that Password Changer is neither available on Windows XP nor on Mac OS X Snow Leopard (10.6).
Contents
What is Password Changer and how does it work?
How it works
Password Changer can automatically change the passwords for many of your websites by directly logging in to a list of compatible websites, generating strong, unique passwords for you, then changing the passwords for those sites on your behalf.
Everything is done automatically by Dashlane. You will only see the Dashlane window showing the status of each password change and confirmations that your passwords were successfully changed.
Dashlane can also detect two-factor authentications and security questions and allow you to authenticate within Dashlane. If a site requires additional information to change your password, Password Changer will prompt you for it during the password-change process.
How we protect your data
When using the Password Changer, your passwords are always generated locally by the Dashlane application, then encrypted and transmitted securely to our servers.
Note that the Password Changer requires that your old and new passwords be briefly unencrypted on our servers. This process uses a secure, dedicated server infrastructure, and the information is immediately removed once the process is complete. We have worked to protect the security of your data. See below for more detail.
On which sites it works
Dashlane's Password Changer works on hundreds of websites. The current full list is available here.
When hovering over one of your credentials for a website, click on the More icon on the right and then choose Auto-change password.
If you have websites on which Dashlane doesn't offer to use Password Changer, you can click here and check on this page if that site is supported. If a site is not in that list, you will be able to send us a request using this page. We'll add the website to the list of sites we're currently working on integrating. We appreciate your patience!
In more detail
How it works – in more detail
To change a password for a particular website, the Dashlane application generates a new, strong password, then sends both the new and the old passwords to Dashlane's servers. This is done using secure WebSockets over SSL/TLS to prevent any Man-in-The-Middle attacks.
Then our servers try to log in to the targeted Web site and change your password with the newly generated one. This is done using either a headless browser (i.e. a web browser without a graphical user interface) or a call to an API if the Website offers one.
At the end of the operation, our server updates the user with the result. In the case of success, the application updates the current password locally with the new password which was previously generated.
How we protect your data – in more detail
The servers that are used by Password Changer are separated from the rest of the Dashlane's server infrastructure. We use dedicated instances and distinct security groups.
Additionally, any sensitive information on our servers (e.g. logins and passwords when signing to sites) is only used temporarily in RAM (random access memory). All information is removed from the RAM right after our servers send the result back to the application. On average, it takes 45 seconds to change a password, or five minutes if our servers cannot reach your application and confirm that the password was changed during the process. This information is never permanently stored on our servers.
For detailed information about Dashlane's security practices, please consult our Technical White Paper, available under "Security resources" here.