- Your Password Health: Focused on what matters most
- What you'll see in the Password Health feature
- How your Password Health score is calculated
- Are any of your passwords compromised?
- Have you reused similar passwords?
- Are your passwords weak?
- Excluding accounts from your Password Health score
- Are you protecting your most important websites?
- Password Health scores in the Admin Console
- The bottom line
This article is tailored for business users. If you are using Dashlane Free or Dashlane Premium, please click here. Note that this feature is not currently available for Dashlane Business plans with SSO enabled, but will be very shortly!
Your Password Health: Focused on what matters most
Dashlane's Password Health feature is the easiest way for you to assess and improve the security of all of your passwords. But some online accounts, such as your banking, email, or work-related accounts, are more important than others. We designed the Password Health feature to help you focus on protecting those accounts first.
We've updated the way Dashlane evaluates the strength of your passwords, and we've streamlined how your security performance is displayed. Some changes will be more obvious than others, but all of them are designed to help you improve your security where it matters most.
You can see an overview of your Password Health at the top of your Identity Dashboard, but you'll need to go into the dedicated Password Health section in order to access all of its features.
On Desktop you can enter the section directly from the left-hand menu, or else click on "Manage accounts" from within your Identity Dashboard.
On mobile, click on "Explore" from within your Identity Dashboard.
What you'll see in the Password Health section
The Password Health score is displayed at the top to give you an overall sense of how you're doing. Note that the scores and analysis provided for your passwords apply only to the accounts within your current space. The image below shows how different scores are calculated for both spaces together, only the user's company passwords, and only their personal passwords.
How your Password Health score is calculated
Your Password Health score is based on the following factors:
- Are any of your passwords currently compromised?
- Have you reused similar passwords?
- Are your passwords weak?
Note that your critical accounts are given more weight. Also, you will not be given a Password Health score for your business or personal spaces if you have fewer than five accounts in them, though you will be given an overall score if there is a total of five or more accounts across both spaces.
Underneath the Password Health score you'll notice four tabs for passwords: Compromised, Reused, Weak, and Excluded. Next to each heading, you will see a number indicating how many accounts are in each tab. Here again, the accounts listed in the tabs are those within your current space. It's a good idea to pay attention to the results for "All Spaces" as, for example, this can help you identify passwords you're using in common between your two spaces.
Finally, on the far-right you're given the option to “only show critical accounts”.
Each feature is discussed more fully below.
Are any of your passwords compromised?
Dashlane sends instant security alerts when sites are breached and your passwords compromised. These accounts will appear under the Compromised tab.
In addition to the compromised accounts themselves, Dashlane determines if any of your other accounts use the same or similar passwords as the compromised accounts, and considers these passwords compromised as well.
Note that if you changed your password after the date the breach itself took place, that account will not be considered compromised and you will not be notified of the breach.
We strongly encourage you to change your compromised passwords as soon as possible.
Have you reused similar passwords?
Many people reuse or introduce small variations into the same password for different websites. Using a password more than once is one of the main reasons people have multiple online accounts broken into at once.
The Password Health feature will lower your score if any of your passwords are determined to be too similar. It's easy to see where you've reused passwords, as your accounts that share similar passwords are grouped together in the Reused tab.
We recommend you use Dashlane's Password Generator to generate a new and unique password for each of your accounts.
It's important to understand that people who steal your personal data generally are not trying to figure out your passwords — their computers are. Differences that seem important to a human may be trivial for a computer. Dashlane uses a measure of difference called Levenshtein Distance with a limit of 3 to ensure that your passwords are meaningfully different from one another.
Are your passwords weak?
People who steal your personal data care a lot about the tricks we use to make our passwords easy to remember, and they try those first. Passwords that Dashlane finds to be vulnerable will be grouped in the Weak tab.
To judge the strength of your passwords, Dashlane uses an open-source method called “zxcvbn”. Simply put, it allows Dashlane to judge the strength of your password against over 30,000 of the most common passwords, words, names, keyboard patterns, dates, and more.
We recommend you use Dashlane’s Password Generator to create the strongest password each website will allow.
Excluding accounts from your Password Health score
If you would like to exclude an account from being a part of your Password Health score, you can click on the small X on the far-right when you roll over an account.
Doing so will remove this account from the calculation of your Password Health score and add the account to the Excluded tab. If you later want to undo an exclusion, simply click on Include on the far-right when you rollover the account on the Excluded tab.
Reasons to exclude accounts might be because someone has shared a password with you that you cannot change yourself, the website does not allow for a more secure password, or you are obliged to use the same password on more than one account, such as with Amazon.com and Amazon.co.uk.
Are you protecting your most important websites?
The switch on the far right, "Only show critical accounts", will filter the accounts in each tab. Because they often handle your most important data, business plans define five kinds of websites as critical: Business, Finance, Shopping, Health, and Social Media.
You may recognize these categories, since they are applied by default to those websites when you add them to your Dashlane. Note that a website’s importance is based on our own classification. If you change a website’s category in your Dashlane, either by adding it to or removing it from these five default categories, it will not affect how important it is for your Password Health. Admins, note that forcing accounts into your business space will not affect their importance.
We recommend you change the passwords for all of your accounts under the Compromised, Reused, and Weak tabs, especially those classified as critical.
Password Health scores in the Admin Console
Every business account admin has access to an Admin Console that features an overview of the organization's security.
On the Users tab, you will first find the overall score for your organization. This global score is defined as the average of the individual scores of all the members of the business account. You will also see the individual score for each user on your account. Note that this score is only based on passwords stored under business spaces, in order to safeguard your users' privacy.
The bottom line
Use Dashlane to manage your passwords. Regularly check your Password Health and use this feature to easily identify where your security needs the most attention. Use the Password Generator when changing your passwords.
We also recommend:
- Enabling two-factor authentication to add an extra layer of security to your Dashlane account
- Deleting passwords that are stored in your browsers. Once they are in Dashlane, there’s no longer any need to store them in your browser where others may obtain access to them.