How to use Dashlane to find out how secure you are

Your Password Health: Focused on what matters most

Dashlane's Password Health feature is the easiest way to assess and improve the security of all of your passwords. But some of your online accounts, such as your bank or your email, are more important than others. We designed the Password Health feature to help you focus on protecting those accounts first. 

We've updated the way Dashlane evaluates the strength of your passwords, and we've streamlined how your security performance is displayed. Some changes will be more obvious than others, but all of them are designed to help you improve your security where it matters most.

You can see an overview of your Password Health at the top of your Identity Dashboard, but you'll need to go into the feature to access its full features.

On Desktop you can enter the feature directly from the left-hand menu, or else click on "Manage accounts" from within your Identity Dashboard. 

On mobile, within your Identity Dashboard, click on "Explore" near your Password Health Score.

What you'll see in the Password Health feature

At the top you see your Password Health Score, giving you an overall sense of how you're doing. Underneath, you'll notice four tabs for passwords: Compromised, Reused, Weak, and Excluded. In each case, a number in a small circle lets you know how many accounts are in each tab. Finally, on the far-right you're given the option to “only show critical accounts”.

Each feature is discussed more fully below.

How your Password Health Score is calculated

Your Password Health Score is based on the following factors:

• Are any of your passwords currently compromised?
• Have you reused similar passwords?
• Are your passwords weak?

Note that your critical accounts are given more weight. Also, you will not be given a Password Health Score if you have fewer than five accounts in your Dashlane.

Are any of your passwords compromised?

Dashlane sends instant security alerts when sites are breached and your passwords compromised. These accounts will appear under the first tab.

In addition to the compromised accounts themselves, Dashlane determines if any of your other accounts use the same or similar passwords, and considers these passwords compromised as well.

Note that if you changed your password after the date the breach itself took place, that account will not be considered compromised and you will not be notified of the breach.

We strongly encourage you to change your compromised passwords as soon as possible.

Have you reused similar passwords?

Many people reuse or introduce small variations into the same password for different websites. Using a password more than once is one of the main reasons people have multiple online accounts broken into at once. 

The Password Health feature will lower your score if any of your passwords are determined to be too similar. It's easy to see where you've reused passwords, as your accounts that share similar passwords are grouped together.

We recommend you use Dashlane's Password Generator to generate a new and unique password for each of your accounts.

It's important to understand that people who steal your personal data generally are not trying to figure out your passwords — their computers are. Differences that seem important to a human may be trivial for a computer. Dashlane uses a measure of difference called Levenshtein Distance with a limit of 3 to ensure that your passwords are meaningfully different from one another. 

Are your passwords weak?

People who steal your personal data care a lot about the tricks we use to make our passwords easy to remember, and they try those first.

To judge the strength of your passwords, Dashlane uses an open-source method called “zxcvbn”. Simply put, it allows Dashlane to judge the strength of your password against over 30,000 of the most common passwords, words, names, keyboard patterns, dates, and more.

We recommend you use Dashlane’s Password Generator to create the strongest password each website will allow.

Excluding accounts from your Password Health Score

If you would like to exclude an account from being a part of your Password Health Score, you can click on the small "×" on the far-right when you roll over an account.

This will remove this account from the calculation of your Password Health Score and add that account to the Excluded tab. If you later want to undo an exclusion, simply click on "Include" on the far-right when you rollover the account on the Excluded tab.

Reasons to exclude accounts might be because several accounts share the same password through no fault of your own, such as Amazon.com and Amazon.co.uk, or someone has shared a password with you that you cannot change yourself.

Are you protecting your most important websites?

The switch on the far right, "Only show critical accounts", will filter the accounts in each tab. Because they often handle your most important data, Dashlane defines four kinds of websites as critical: Finance, Shopping, Health, and Social Media.

You may recognize these categories, since they are applied by default to those websites when you add them to your Dashlane. Note that a website’s importance is based on our own classification. If you change a website’s category in your Dashlane, either by adding it to or removing it from these four default categories, it will not affect how important it is for your Password Health Score. 

We recommend you change the passwords for all of your accounts under the Compromised, Reused, and Weak tabs, especially those classified as critical.

The bottom line

Use Dashlane to manage your passwords. Regularly check your Password Health and use this feature to easily identify where your security needs the most attention. Use the Password Generator when changing your passwords.

We also recommend:

• Enabling Two-Factor Authentication to add an extra layer of security to your Dashlane account
• Deleting passwords that are stored in your browsers. Once they are in Dashlane, there’s no longer any need to store them in your browser where others may obtain access to them.