The Password Changer feature allows you to change the passwords for many of your websites with one click, instead of having to change them manually.
Password Changer is currently available on Windows, Mac OS X and iOS in the United States, United Kingdom, and France only. Note that this feature is neither available on Windows XP nor on Mac OS X Snow Leopard (10.6).
What is Password Changer and how does it work?
How it works
Password Changer can automatically change the passwords for many of your saved websites by directly logging in to a list of compatible websites, generating strong, unique passwords, then changing the passwords for those sites on your behalf.
Everything is done automatically by Dashlane. You will see the Dashlane window showing the status of each password change and confirmations that your passwords were successfully changed.
Dashlane can also detect two-factor authentication and security questions and allow you to authenticate within Dashlane. If a site requires additional information to change your password, Password Changer will prompt you for it during the password-change process.
How we protect your data
When using the Password Changer, your passwords are always generated locally by the Dashlane application, then encrypted and transmitted securely to our servers.
Note that the Password Changer requires that your old and new passwords be briefly unencrypted on our servers. This process uses a secure, dedicated server infrastructure, and the information is immediately removed once the process is complete. We have worked to protect the security of your data. See below for more detail.
Sites compatible with Password Changer
Dashlane's Password Changer works on hundreds of websites. The current full list is available here.
When hovering over one of your credentials for a website, click on the More icon on the right and then choose Auto-change password.
If you have websites on which Dashlane doesn't offer to use Password Changer, you can click here and check if that site is supported. If a site is not on that list, you can send us your request. We'll add the website to the list of sites we're currently working on integrating. We appreciate your patience!
In more detail
How it works – in more detail
To change a password for a particular website, the Dashlane application generates a new, strong password, then sends both the new and the old passwords to Dashlane's servers. This is done using secure WebSockets over SSL/TLS to prevent any man-in-the-middle attacks.
Then our servers try to log in to the targeted website and change your password with the newly generated one. This is done using either a headless browser (i.e. a web browser without a graphical user interface) or a call to an API if the website offers one.
At the end of the operation, our server updates the user with the result. In the case of success, the application updates the current password locally with the new password which was previously generated.
How we protect your data – in more detail
The servers that are used by Password Changer are separated from the rest of the Dashlane's server infrastructure. We use dedicated instances and distinct security groups.
Additionally, any sensitive information on our servers (e.g. logins and passwords when signing to sites) is only used temporarily in RAM (random access memory). All information is removed from the RAM right after our servers send the result back to the application. On average, it takes 45 seconds to change a password, or five minutes if our servers cannot reach your application and confirm that the password was changed during the process. This information is never permanently stored on our servers.
For detailed information about Dashlane's security practices, please consult our Technical White Paper, available under "Security resources" here.