Dashlane has created a new approach for managing passkeys that improves security using confidential computing. This approach will also make it possible to securely share passkeys in the future. You can add this extra layer of security to the passkeys you store in Dashlane by joining our beta program for passkeys with advanced protection.
When you join the beta program, your experience saving and logging in with passkeys doesn't change. You can continue to use any passkeys that you've already saved in Dashlane. Any new passkeys you save will have additional protection from a secure cloud enclave.
What are passkeys and how are they used in Dashlane?
What are cloud enclaves and confidential computing?
How do I join the beta program for passkeys with advanced protection?
Currently, you can only create passkeys with advanced protection in the Dashlane web app. After creating a passkey with advanced protection, you can use the passkey in the Dashlane web app or Dashlane mobile app for iPhone or iPad. You won't be able to see or use the passkey in the Dashlane Android app.
You're ready to start saving passkeys with advanced protection. Passkeys you've already saved in your Dashlane vault will still work. Any new passkeys you save will be protected with confidential computing.
Save, manage, and log in with passkeys in Dashlane
Tip: You can identify passkeys with advanced protection in your Dashlane vault by selecting the passkey and looking for the Beta label.
How does advanced protection make passkeys more secure?
Passkeys are always far more secure than the most secure passwords. But passkeys rely on a secret piece of information called a "private key," which is potentially vulnerable to attacks—at least in theory. Advanced protection removes this vulnerability entirely.
Why are passkeys with standard protection potentially vulnerable?
Credential managers like Dashlane store the private key for each passkey in your encrypted vault. Encryption means that the information is scrambled so that no one can use it.
But when you log in to an account using a passkey, your private key needs to be decrypted or unscrambled. Usually, credential managers decrypt the private key on your device when you're logging in, which makes it temporarily vulnerable to attacks.
Important: The standard approach to decrypting private keys is still highly secure. To use your passkey, an attacker would need to access your computer or mobile device while the private key is decrypted and then log in to your account at the same time that you're trying to log in.
How are passkeys with advanced protection different?
Passkeys with advanced protection improve security even further by eliminating the step where your private key is decrypted on your device. Instead, your private key is decrypted within a secure cloud enclave, meaning that no one—including Dashlane, the cloud provider, or attackers—can ever access the private key in its unencrypted form.
More about passkeys and public-key cryptography
Passkeys with advanced protection will also allow us to develop secure passkey sharing in the future.
How will advanced protection allow for secure passkey sharing?