Home Admin Help Center

Master Password alerts

For all plans

Master Password alerts

Printer icon
Updated

You'll get an alert related to your Master Password in two situations:

  • We warn you if your Master Password is too weak.
  • We warn you if a password matching your Master Password has been found on the dark web. The "dark web" refers to hidden websites sometimes used for illegal activities, such as selling and using other people's data.

What other security alerts does Dashlane offer?

Important: Master Password alerts uphold our zero-knowledge approach to security and don't reveal your Master Password to us or anyone else.
Security details regarding Master Password alerts

Who gets Master Password alerts?

All Dashlane plans come with Master Password alerts automatically.

How do Master Password alerts work?

Master Password alerts use a highly secure process to check if your Master Password is weak or if a password matching your Master Password has been found on the dark web. This process works without revealing your password to anyone.

This process happens once daily on each of your devices when you enter your Master Password in our app. If we think your password is too weak or is on the dark web, we'll alert you the next time you open the Dashlane browser extension.

We also alert you in the Security settings section of our web and mobile apps, as well as in the Dark Web Monitoring section of your app.

What do I do if I get a Master Password alert?

Change your Master Password immediately. Make sure your new password is strong, unique, and easy to remember.

Change your Master Password
Create a strong Master Password

We recommend turning on 2-factor authentication (2FA) for your Dashlane account. With 2FA turned on, no one can access your account without access to your mobile device, even if they have your Master Password.

Turn on 2FA for your Dashlane account

Important: You'll keep seeing the alert until you change your Master Password. This alert means that the security of your Dashlane account is at risk. The best way to secure your account is to change your Master Password to a strong password that you don't use anywhere else.

You can also check if any unknown devices have been using your account. In the Dashlane web app on your computer, you can view and manage the devices connected to your Dashlane account.

  1. Open the Vault menu in the top left of the app and select Settings.
  2. In the Settings panel, select Manage activity.

  3. You can see when each device was added, last used, and updated. Remove any device you don't recognize.

    Manage your devices

Common questions about Master Password alerts

If Dashlane doesn't know my Master Password, how can you search for it on the dark web?

Master Password alerts work without revealing your Master Password to us or anyone else.

We have a list of billions of passwords that were found on the dark web. Before storing this list on our servers, we use a "hash function" to disguise each password by turning it into a special code called a "hash."

Hash functions are secure because they only work in one direction. We can use a hash function to turn the password into a hash, but not to turn the hash back into the original password. In other words, we can produce a unique set of characters that represents the password without revealing it.

When you enter your Master Password to log in to Dashlane, we apply the same hash function that we used on our list from the dark web and turn your Master Password into a hash. We send the first part of this hash to our servers to compare with the list of leaked passwords.

Important: We never send your Master Password to our servers. We turn your Master Password into a hash, an almost unreadable code, and we only send a small portion of that code to our servers. So even people with access to our servers can never know your Master Password.

On our servers, we identify all the hashed passwords on our list that begin the same way as your hashed Master Password. We create a new list of potential matches for your Master Password. We send this list, which usually has thousands of hashed passwords, back to the device where you signed in to Dashlane.

On your device, we compare the full hash from your Master Password with the list of hashes from the dark web. If we find a match, we know that your Master Password is on the dark web, but we still don't know your Master Password. We notify you so you can change your Master Password and protect your account.

More about security at Dashlane

Note: We use a method known as "k-anonymity" to group hashed passwords together based on the first part of the hash. It's already extremely difficult to guess any password based on its hash. Grouping the hashes adds another layer of protection by hiding each password in a crowd of similar hashes.

How do Master Password alerts protect my organization?

We know our professional plan admins are particularly concerned about the damage compromised passwords can cause to their organization.

In the past, admins had to rely on employees to create strong and unique passwords to protect the organization. If a plan member used the same simple password for all their accounts, including Dashlane, we couldn't know if that password had been compromised.

With Master Password alerts, your employees will get an alert if their Master Password is found on the dark web. We'll ask them to change their Master Password as soon as possible. This feature helps strengthen your organization's security and empowers employees to proactively protect their accounts.

Steps to take if you get a Master Password alert

Important: Master Password alerts uphold our zero-knowledge approach to security and don't reveal your Master Password to us or anyone else.
Security details regarding Master Password alerts

Powered by Zendesk