Home Admin Help Center

Set up Credential Risk Alerts

For admins only For all plans

Set up Credential Risk Alerts

Printer icon
Updated

Credential Risk Alerts are available to all members of organizations with Credential Protection.
Learn more about the Dashlane Omnix platform

Credential Risk Alerts are security alerts that employees receive when autofilling passwords on company-managed desktop browsers. These alerts help admins automate risk response by notifying plan members about compromised, weak, or reused passwords. If you have Credential Risk Alerts for compromised passwords enabled, Dashlane will check if a password is compromised whenever you use that login to access a website.

More about the Password Health score

Currently, Credential Risk Alerts are sent only through the Dashlane browser extension when it autofills a compromised, weak, or reused login. We also send Risk Notifications on Slack, and we'll be adding support for other channels.

Set up Risk Notifications

Tip: Admins can turn on Credential Risk Alerts for logged-out users. These alerts improve credential security across your organization, even for employees who are logged out of Dashlane or don't have an account.

More about Credential Risk Alerts for logged-out users

Important: If your plan members use Chrome, we recommend turning off the browser's password alerts to avoid confusion.

Manage password change alerts in Chrome

Set up Credential Risk Alerts for logged-in plan members

Credential Risk Alerts for compromised credentials are on by default for all plan members. As an admin, you can turn on security alerts for weak and reused passwords as well:

  1. Open the Admin Console
  2. In the Security Tools section of the sidebar menu, select Risk Alerts & Notifications.

  3. Select Settings.

    in-browser_alerts_customize.png

  4. The compromised passwords security alert will already be turned on. You can choose to turn on in-browser security alerts for weak and reused passwords.

    in-browser_alerts_compromised_on.png

  5. After turning on the alerts, you can preview the messages that members receive.

    reused_password_preview.png

  6. If you have deployed the Dashlane browser extension, you can add a company logo and a support contact to the alerts, so users know who to reach out to if they have questions about the risk alert they received.

    customize_alerts.png

You can also let your team know they may start getting Credential Risk Alerts. That way, they'll know to trust the alert and take action. On the Settings page of the Risk Alerts & Notifications tab, you can copy a template message from the info box on the right.

Set up Credential Risk Alerts for logged-out plan members and employees without Dashlane accounts

Admins can set up Credential Risk Alerts for everyone in their organization, even employees who aren't using Dashlane. Credential Risk Alerts for logged-out users alert employees when they type or autofill a weak or compromised password, even if they're logged out of Dashlane or don't have a Dashlane account.

Step 1: Credential Protection deployment

You can only turn on Credential Risk Alerts for logged-out users if you've deployed the extension to all members of your organization. While deploying the extension, you can also set up Credential Protection features, like Credential Risk Alerts, for your organization.

Deploy Credential Protection using Windows and Intune Deploy Credential Protection using Windows and GPO Deploy Credential Protection using macOS and Jamf

Deploy Dashlane to your organization

Step 2: Turn on Credential Risk Alerts for logged-out users

  1. Open the Admin Console
  2. In the Security Tools section of the sidebar menu, select Risk Alerts & Notifications.
  3. Select Settings and scroll down to Alert logged-out and non-vault users.

  4. Turn on the Credential Risk Alerts settings for logged-out users. You can choose to send alerts to employees who are entering a compromised password, a weak password, or both.

    in-browser_alerts_customize.png

  5. After turning on the alerts, you can preview the messages that members receive.

    compromised_password_preview.png

  6. As you have deployed the extension, you can add a company logo and a support contact to the alerts, so users know who to reach out to if they have questions about the risk alert.

    customize_alerts.png

You can also let your team know they may start getting risk alerts. That way, they'll know to trust the alert and take action. On the Settings page of the Risk Alerts & Notifications tab, you can copy a template message from the info box on the right.

Watch Credential Risk Alerts in action

Video: Credential Risk Alerts for Omnix Credential Protection

Common questions

Why can't I set up Credential Risk Alerts?

Credential Risk Alerts are only available to organizations with Credential Protection.

Start a trial of Credential Protection

Do members need to do anything to receive Credential Risk Alerts?

No, members don't need to set up Credential Risk Alerts. They'll receive them automatically for compromised passwords and for weak and reused passwords if you've turned those settings on.

What plan members should do when they receive a security alert

How can I track the effectiveness of Credential Risk Alerts?

Specific insights for Credential Risk Alerts are coming soon.

Currently, you can track your organization's security with the Password Health score. Your organization's Password Health score will improve as members update their compromised, weak, and reused passwords to more secure ones.

You can see your organization's Password Health score in the Insights Dashboard and in the Users tab, where you'll also see how many compromised, weak, and reused passwords each member has.

More about the Password Health score

Will my members receive multiple Credential Risk Alerts?

Plan members will receive in-browser risk alerts when the Dashlane browser extension autofills a login with a compromised, weak, or reused password. Plan members will see this alert every time they log in until they change their password.

What plan members should do when they receive a security alert when autofilling

Why did a plan member receive an risk alert despite not having any compromised, weak, or reused passwords?

If a plan member adds a new password or updates an existing one, we check whether that password has been leaked immediately, so they might see that login flagged as compromised before their Password Health dashboard is updated.

If a plan member sees zero compromised, weak, or reused passwords in their Password Health dashboard but receives Credential Risk Alerts, they may need to sync their Dashlane account.

If a plan member still receives incorrect Credential Risk Alerts after performing a sync, please contact support through the Admin Console.

Sync your Dashlane data
Contact an agent through the Admin Console

Are Credential Risk Alerts secure?

All Dashlane security alerts, including Credential Risk Alerts, follow our zero-knowledge principle. We identify logins with compromised, weak, or reused passwords without ever having access to your passwords or other data stored in your Dashlane account.

Security at Dashlane
Dashlane's Security Principles & Architecture

Powered by Zendesk