Passwords help protect your accounts, but they also come with risks related to security breaches, phishing, and other online attacks.

What is phishing, and how can I protect myself?

When a site or app asks for your password, they’re asking you to prove your identity by providing something only you know. So, in theory, only you can access your account. But the process isn't always secure because people can make these mistakes:

• Create passwords that are simple and easy to remember but also easy to hack
• Reuse the same password on different websites
• Share passwords accidentally with the wrong people, such as in a phishing scam

In addition, the websites you use store your passwords on their servers. In security breaches, hackers sometimes get access to these servers and compromise the passwords of all users.

Using a password manager like Dashlane to create and store complex, unique passwords has always been the best way to protect your online identity. But now, Dashlane is leading the way in using passkeys as an even safer and easier way to manage your life online.

Concerned that your email was hacked? Check out our blog post on what to do if a scammer has your email address

Passkeys are designed to be resistant to phishing and other online attacks.

When you create a passkey for a site and save it in Dashlane, we create two "keys" that connect you securely to the site. These keys are two long numbers connected by a complex mathematical relationship. You’ll never see or do anything with these keys, but they’ll be stored in two places connected to you:

• The first is a "private" key that we store safely in your Dashlane account
• The second is a "public" key that the website or app you want to access stores for your account on their servers

The public key isn't a secret. In theory, anyone with access to the server where the public key is stored can see the key. But the public key is useless without the private key, and the private key is protected by Dashlane's unique security system. No one can access the private key, not even Dashlane employees.

You can only access an account protected by a passkey when the private and public keys are used together. When you log in to a website or app using a passkey, Dashlane uses the public and the private keys together to connect you.

At Dashlane, we've added an extra layer of protection to passkeys by storing the private key in a secure cloud enclave using confidential computing.

How does Dashlane give passkeys advanced security?

For more on the technology behind passkeys, check out our blog for a guide to asymmetric encryption

More about security at Dashlane

When you log in to an account with a passkey, you use an "authenticator" that tells the site or app you’re trying to access that you are who you say you are. The authenticator can be your phone, computer, or security key. Your Dashlane account can also act as an authenticator, which lets you use the same passkey anywhere you’re logged in to Dashlane.

Before logging in, you need to create a passkey for the account. The process for creating passkeys is simple.

1. When you access a website or app, enter your username as usual.
2. The site asks if you want to create a passkey, and you confirm.

   Note: The process depends on the website or app you're using. For some websites and apps, you’ll need to go to your account's security settings to set up passkeys.

3. You save the passkey to the authenticator you want to use. If you’re logged in to Dashlane when you create the passkey, we’ll ask if you want to save the passkey in Dashlane.

Create and manage passkeys in Dashlane