Security alerts and Dark Web Monitoring in Dashlane Expand Sections

We look at your login for any site involved in a breach. We consider your login "compromised" if you haven't changed your password since the date of the breach. We also consider any similar passwords you use for other logins compromised.

A security alert from Dashlane doesn't always mean that others have gotten access to your personal information. Instead, an alert means that your information is at risk because a site you use has had a breach.

You receive an alert about any comprised passwords in a pop-up the next time you open Dashlane. You also see alerts in the Password Health section of your account when you select the Compromised tab to view compromised passwords.

As soon as you receive an alert, we recommend you change the affected password.

1. View details of the alert in the pop-up notification or the Password Health section of the app.
2. Go to the website or app affected by the alert and change your password. Then make sure to update the login in Dashlane.
3. When you update a compromised password in Dashlane, your Password Health score updates automatically.

More about Password Health

Dark Web Monitoring for Master Password works without revealing your Master Password to us or anyone else.

We have a list of billions of passwords that were found on the dark web. Before storing this list on our servers, we use a "hash function" to disguise each password by turning it into a special code called a "hash."

Hash functions are secure because they only work in one direction. We can use a hash function to turn the password into a hash but not to turn the hash back into the original password. In other words, we can produce a unique set of characters that represents the password without revealing it.

When you enter your Master Password to log in to Dashlane, we apply the same hash function that we used on our list from the dark web and turn your Master Password into a hash. We send the first part of this hash to our servers to compare with the list of leaked passwords.

Important: We never send your Master Password to our servers. We turn your Master Password into a hash, an almost unreadable code, and we only send a small portion of that code to our servers. So even people with access to our servers can never know your Master Password.

On our servers, we identify all the hashed passwords on our list that begin the same way as your hashed Master Password. We create a new list of potential matches for your Master Password. We send this list—which usually has thousands of hashed passwords—back to the device where you signed in to Dashlane.

On your device, we compare the full hash from your Master Password with the list of hashes from the dark web. If we find a match, we know that your Master Password is on the dark web, but we still don't know your Master Password. We notify you so you can change your Master Password and protect your account.

More about security at Dashlane

Note: We use a method known as "k-anonymity" to group hashed passwords together based on the first part of the hash. It's already extremely difficult to guess any password based on its hash. Grouping the hashes adds another layer of protection by hiding each password in a crowd of similar hashes.

Dark Web Monitoring for Master Password uses a highly secure process to check if a password matching your Master Password has been found on the dark web without revealing your password to anyone. This process happens once daily on each of your devices when you enter your Master Password in our app.

Important: Dark Web Monitoring for Master Password upholds our zero-knowledge approach to security and doesn't reveal your Master Password to us or anyone else.
Dark Web Monitoring for Master Password security details

If we think your password is on the dark web, we alert you the next time you open the Dashlane extension. Select Open settings to go to your security settings and change your Master Password. You can also select Skip for now to dismiss the alert.

We also alert you in the Security settings section of our web and mobile apps. This alert stays until you change your Master Password. Select Change Master Password as soon as possible to update your password and secure your data.

Customers with paid plans will also see alerts in the Dark Web Monitoring section of their apps.

If we notify you that a password matching your Master Password has been found on the dark web, change your password immediately. Make sure your new password is strong, unique, and easy to remember.

Change your Master Password
Create a strong Master Password

We recommend turning on 2-factor authentication (2FA) for your Dashlane account. With 2FA turned on, no one can access your account without access to your mobile device, even if they have your Master Password.

You can also check if any unknown devices have been using your account. Go to the list of devices "authorized" to use your account and remove any you don't recognize.

Turn on 2FA for your Dashlane account
Manage authorized devices

We know our Starter, Team, and Business plan admins are particularly concerned about the damage compromised passwords can cause to their organization.

In the past, admins had to rely on employees to create strong and unique passwords to protect the organization. If a plan member used the same simple password for all their accounts, including Dashlane, we couldn't know if that password had been compromised.

With Dark Web Monitoring for Master Password, your employees get an alert if their Master Password is found on the dark web. We'll ask them to change their Master Password as soon as possible. This feature helps strengthen your organization's security and empowers employees to proactively protect their accounts.

Steps to take if you get a Dark Web for Master Password alert

Important: Dark Web Monitoring for Master Password upholds our zero-knowledge approach to security and doesn't reveal your Master Password to us or anyone else.
Dark Web Monitoring for Master Password security details

Step 1: You choose the email addresses you want to track with Dark Web Monitoring. You can choose up to five addresses.

Note: When you add an address, you'll get an email asking you to verify your request. You can add the same email addresses to Dark Web Monitoring in multiple Dashlane accounts, but you need to verify the email address each time.

Step 2: Dashlane scans the dark web for personal information related to that address. We look for these types of personal info and more:

• Usernames
• Passwords
• Contact information
• Credit cards
• Social Security numbers and other ID numbers
• Computer IP addresses

Step 3: If we find anything, we give you a report with everything we found, and we ask you to change passwords for any compromised logins. If we don't find anything, we tell you the good news and ask if you want to monitor other email addresses.

Step 4: We continue to scan the dark web and let you know if any new breaches affect your personal info. If we find anything to worry about, we alert you by email and with a pop-up the next time you open Dashlane. You can also find any current alerts in our app's Dark Web Monitoring section.

Sign up for a Starter, Team, or Business plan with Dark Web Monitoring.

Select the app you're using.

• Web
• Android
• iOS (Apple)

1. Go to the Dark Web Monitoring section in the side menu of the web app.
2. If this is your first time using Dark Web Monitoring, select Monitor your first email. If you already use Dark Web Monitoring for other email addresses, select Add email.
   
3. Enter the email address you want to monitor and select Send activation link.
   
4. Look in your inbox for an email from Dashlane asking you to confirm. Open the email and select Yes, I confirm this request. The email address is marked Pending in Dashlane until you verify your address. The link sent to your email stays valid for 24 hours. If you didn't receive the email, check your spam folder.
   

1. Select the three parallel lines to open the menu and go to the Dark Web Monitoring section.
2. If this is your first time using Dark Web Monitoring, select Start monitoring. If you already use Dark Web Monitoring for other email addresses, select the down arrow for the list of monitored emails and select Add email.
3. Enter the email address you want to monitor and select Confirm. You can then select Open my email app to look for your confirmation email.
4. Look in your inbox for an email from Dashlane asking you to confirm. Open the email and select Yes, I confirm this request. The email address is marked Pending your verification in Dashlane until you verify your address. The link sent to your email stays valid for 24 hours. If you didn't receive the email, check your spam folder.

1. In the Tools section of the bottom menu of the iOS (Apple) app, select Dark Web Monitoring.
2. If this is your first time using Dark Web Monitoring, select Start monitoring. If you already use Dark Web Monitoring for other email addresses, select the down arrow for the list of monitored emails and select Add email.
3. Enter the email address you want to monitor and select Start monitoring.
4. Look in your inbox for an email from Dashlane asking you to confirm. Open the email and select Yes, I confirm this request. The email address is marked Pending your verification until you verify your address. The link sent to your email stays valid for 24 hours. If you didn't receive the email, check your spam folder.

When you get a Dark Web Alert, we send a notification to your email, and a pop-up appears the next time you open the Dashlane app. You can also view alerts in the Dark Web Monitoring section of the Dashlane app or the Password Health section when you select the Compromised tab. We recommend changing any passwords related to the alert as soon as possible.

1. View the details of the alert in the pop-up notification or the Dark Web Monitoring or Password Health sections of the Dashlane app.
2. Go to the website or app affected by the alert and change your password. Then make sure to update the login in Dashlane.
3. Delete the alert in the Dark Web Monitoring section of the Dashlane app. In the web app, select the X for the alert. In the mobile app, select the alert and select Delete alert. When you update a compromised password, your Password Health score updates automatically.

Note: You may receive alerts for logins that you haven't stored in Dashlane. These alerts are labeled "unknown website."

Yes. We download the dark web data we use in Dark Web Monitoring to our servers. We don't transfer this data or the email addresses you add to Dark Web Monitoring to anyone else. When you add an email to Dark Web Monitoring, we only use the address to perform the dark web scan.

Our dark web data includes more than 12 billion records attached to hacks and data breaches, and we add nearly a million new records every day. We partner with the leading online intelligence company SpyCloud to provide this data.