When you use apps and websites, they often save your personal information on their servers. Other people can sometimes illegally access these servers, which is called a security breach. We work hard to inform Dashlane customers when a possible breach affects their logins or personal info.
All Dashlane customers, including members of Dashlane Free, get personalized security alerts and Dark Web Monitoring for Master Password. With our paid plans, we also offer more general Dark Web Monitoring for all personal data.
- Personalized security alerts let you know if any of the apps or sites you use have had a breach
- Dark Web Monitoring for Master Password alerts you if a password matching your Master Password has been found on the dark web
- Dark Web Monitoring scans the dark web to see if anyone has accessed any of your personal info illegally
Important: Dark Web Monitoring for Master Password upholds our zero-knowledge approach to security and doesn't reveal your Master Password to us or anyone else.
Dark Web Monitoring for Master Password security details
Read about Dashlane's security and compliance at trust.dashlane.com
Personalized security alerts
All Dashlane plans come with personalized security alerts. We send you an alert when a website or app you use has a security breach. For example, if you have a login for Twitter stored in Dashlane, we alert you if Twitter's servers are hacked.
How do security alerts work?
We look at your login for any site involved in a breach. We consider your login "compromised" if you haven't changed your password since the date of the breach. We also consider any similar passwords you use for other logins compromised.
A security alert from Dashlane doesn't always mean that others have gotten access to your personal information. Instead, an alert means that your information is at risk because a site you use has had a breach.
You receive an alert about any comprised passwords in a pop-up the next time you open Dashlane. You also see alerts in the Password Health section of your account when you select the Compromised tab to view compromised passwords.
What should I do when I get a security alert?
As soon as you receive an alert, we recommend you change the affected password.
- View details of the alert in the pop-up notification or the Password Health section of the app.
- Go to the website or app affected by the alert and change your password. Then make sure to update the login in Dashlane.
- When you update a compromised password in Dashlane, your Password Health score updates automatically.
Dark Web Monitoring for Master Password
All Dashlane plans come with Dark Web Monitoring for Master Password. The "dark web" refers to hidden websites that are sometimes used for illegal activity, like selling and using other people's personal information. We send you an alert if a password matching your Master Password has been found on the dark web.
Important: Dark Web Monitoring for Master Password upholds our zero-knowledge approach to security and doesn't reveal your Master Password to us or anyone else.
Dark Web Monitoring for Master Password security details
Read about Dashlane's security and compliance at trust.dashlane.com
If Dashlane doesn't know my Master Password, how can you search for it on the dark web?
Dark Web Monitoring for Master Password works without revealing your Master Password to us or anyone else.
We have a list of billions of passwords that were found on the dark web. Before storing this list on our servers, we use a "hash function" to disguise each password by turning it into a special code called a "hash."
Hash functions are secure because they only work in one direction. We can use a hash function to turn the password into a hash but not to turn the hash back into the original password. In other words, we can produce a unique set of characters that represents the password without revealing it.
When you enter your Master Password to log in to Dashlane, we apply the same hash function that we used on our list from the dark web and turn your Master Password into a hash. We send the first part of this hash to our servers to compare with the list of leaked passwords.
Important: We never send your Master Password to our servers. We turn your Master Password into a hash, an almost unreadable code, and we only send a small portion of that code to our servers. So even people with access to our servers can never know your Master Password.
On our servers, we identify all the hashed passwords on our list that begin the same way as your hashed Master Password. We create a new list of potential matches for your Master Password. We send this list—which usually has thousands of hashed passwords—back to the device where you signed in to Dashlane.
On your device, we compare the full hash from your Master Password with the list of hashes from the dark web. If we find a match, we know that your Master Password is on the dark web, but we still don't know your Master Password. We notify you so you can change your Master Password and protect your account.
More about security at Dashlane
Note: We use a method known as "k-anonymity" to group hashed passwords together based on the first part of the hash. It's already extremely difficult to guess any password based on its hash. Grouping the hashes adds another layer of protection by hiding each password in a crowd of similar hashes.
How does Dark Web Monitoring for Master Password work?
Dark Web Monitoring for Master Password uses a highly secure process to check if a password matching your Master Password has been found on the dark web without revealing your password to anyone. This process happens once daily on each of your devices when you enter your Master Password in our app.
Important: Dark Web Monitoring for Master Password upholds our zero-knowledge approach to security and doesn't reveal your Master Password to us or anyone else.
Dark Web Monitoring for Master Password security details
If we think your password is on the dark web, we alert you the next time you open the Dashlane extension. Select Open settings to go to your security settings and change your Master Password. You can also select Skip for now to dismiss the alert.
We also alert you in the Security settings section of our web and mobile apps. This alert stays until you change your Master Password. Select Change Master Password as soon as possible to update your password and secure your data.
Customers with paid plans will also see alerts in the Dark Web Monitoring section of their apps.
What do I do if I get an alert about my Master Password?
If we notify you that a password matching your Master Password has been found on the dark web, change your password immediately. Make sure your new password is strong, unique, and easy to remember.
Important: The security alert won't disappear until you change your Master Password. This alert means that the security of your Dashlane account is at risk. The best way to secure your account is to change your Master Password to a strong password that you don't use anywhere else.
Change your Master Password
Create a strong Master Password
We recommend turning on 2-factor authentication (2FA) for your Dashlane account. With 2FA turned on, no one can access your account without access to your mobile device, even if they have your Master Password.
You can also check if any unknown devices have been using your account. Go to the list of devices you've added to your Dashlane account and remove any you don't recognize.
Turn on 2FA for your Dashlane account
Manage your devices
How does Dark Web Monitoring for Master Password protect my organization?
We know our Starter, Team, and Business plan admins are particularly concerned about the damage compromised passwords can cause to their organization.
In the past, admins had to rely on employees to create strong and unique passwords to protect the organization. If a plan member used the same simple password for all their accounts, including Dashlane, we couldn't know if that password had been compromised.
With Dark Web Monitoring for Master Password, your employees get an alert if their Master Password is found on the dark web. We'll ask them to change their Master Password as soon as possible. This feature helps strengthen your organization's security and empowers employees to proactively protect their accounts.
Steps to take if you get a Dark Web for Master Password alert
Important: Dark Web Monitoring for Master Password upholds our zero-knowledge approach to security and doesn't reveal your Master Password to us or anyone else.
Dark Web Monitoring for Master Password security details
Dark Web Monitoring
Dark Web Monitoring comes with all Advanced, Premium, and Friends & Family plans as well as Starter, Team, and Business plans. Dark Web Monitoring isn't included in Dashlane Free or free trials of our paid plans.
With Dark Web Monitoring, Dashlane scans the web for any of your personal information that someone else may have accessed illegally. The "dark web" refers to hidden websites that are sometimes used for illegal activity, like selling and using other people's personal information. If your personal information appears on the dark web, your data may be involved in a breach.
Sign up for a Starter, Team, or Business plan with Dark Web Monitoring.
How does Dark Web Monitoring work?
Step 1: You choose the email addresses you want to track with Dark Web Monitoring. You can choose up to five addresses.
Note: When you add an address, you'll get an email asking you to verify your request. You can add the same email addresses to Dark Web Monitoring in multiple Dashlane accounts, but you need to verify the email address each time.
Step 2: Dashlane scans the dark web for personal information related to that address. We look for these types of personal info and more:
- Usernames
- Passwords
- Contact information
- Credit cards
- Social Security numbers and other ID numbers
- Computer IP addresses
Step 3: If we find anything, we give you a report with everything we found, and we ask you to change passwords for any compromised logins. If we don't find anything, we tell you the good news and ask if you want to monitor other email addresses.
Step 4: We continue to scan the dark web and let you know if any new breaches affect your personal info. If we find anything to worry about, we alert you by email and with a pop-up the next time you open Dashlane. You can also find any current alerts in our app's Dark Web Monitoring section.
Sign up for a Starter, Team, or Business plan with Dark Web Monitoring.
How do I turn on Dark Web Monitoring?
Turn on Dark Web Monitoring in the web app
- Go to the Dark Web Monitoring section in the side menu of the web app.
- If this is your first time using Dark Web Monitoring, select Monitor your first email. If you already use Dark Web Monitoring for other email addresses, select Add email.
- Enter the email address you want to monitor and select Send activation link.
- Look in your inbox for an email from Dashlane asking you to confirm. Open the email and select Yes, I confirm this request. The email address is marked Pending in Dashlane until you verify your address. The link sent to your email stays valid for 24 hours. If you didn't receive the email, check your spam folder.
Turn on Dark Web Monitoring in the Android app
- Select the three parallel lines to open the menu and go to the Dark Web Monitoring section.
- If this is your first time using Dark Web Monitoring, select Start monitoring. If you already use Dark Web Monitoring for other email addresses, select the down arrow for the list of monitored emails and select Add email.
- Enter the email address you want to monitor and select Confirm. You can then select Open my email app to look for your confirmation email.
- Look in your inbox for an email from Dashlane asking you to confirm. Open the email and select Yes, I confirm this request. The email address is marked Pending your verification in Dashlane until you verify your address. The link sent to your email stays valid for 24 hours. If you didn't receive the email, check your spam folder.
Turn on Dark Web Monitoring in the iOS (Apple) app
- In the Tools section of the bottom menu of the iOS (Apple) app, select Dark Web Monitoring.
- If this is your first time using Dark Web Monitoring, select Start monitoring. If you already use Dark Web Monitoring for other email addresses, select the down arrow for the list of monitored emails and select Add email.
- Enter the email address you want to monitor and select Start monitoring.
- Look in your inbox for an email from Dashlane asking you to confirm. Open the email and select Yes, I confirm this request. The email address is marked Pending your verification until you verify your address. The link sent to your email stays valid for 24 hours. If you didn't receive the email, check your spam folder.
What do I do when I get a Dark Web Alert?
When you get a Dark Web Alert, we send a notification to your email, and a pop-up appears the next time you open the Dashlane app. You can also view alerts in the Dark Web Monitoring section of the Dashlane app or the Password Health section when you select the Compromised tab. We recommend changing any passwords related to the alert as soon as possible.
- View the details of the alert in the pop-up notification or the Dark Web Monitoring or Password Health sections of the Dashlane app.
- Go to the website or app affected by the alert and change your password. Then make sure to update the login in Dashlane.
- Delete the alert in the Dark Web Monitoring section of the Dashlane app. In the web app, select the X for the alert. In the mobile app, select the alert and select Delete alert. When you update a compromised password, your Password Health score updates automatically.
Note: You may receive alerts for logins that you haven't stored in Dashlane. These alerts are labeled "unknown website."
Is Dark Web Monitoring secure?
Yes. We download the dark web data we use in Dark Web Monitoring to our servers. We don't transfer this data or the email addresses you add to Dark Web Monitoring to anyone else. When you add an email to Dark Web Monitoring, we only use the address to perform the dark web scan.
Our dark web data includes more than 12 billion records attached to hacks and data breaches, and we add nearly a million new records every day. We partner with the leading online intelligence company SpyCloud to provide this data.
Want to protect your information before a breach happens?
Learn about Password Health
Protect your logins with 2FA
Read about Dashlane's security and compliance at trust.dashlane.com
Check out our blog posts on password tips and bad password examples