If you have a question about security at Dashlane that isn't addressed in this article or elsewhere in our Help Center, reach out for more information.
How does Dashlane keep my data safe?
The data you store in Dashlane is “encrypted” or locked. No one can see your logins and personal information without “decrypting” or unlocking the data.
We call our approach to security a “zero-knowledge” system, meaning no one—including Dashlane—has access to your data. Your logins and personal information are always encrypted, even when we store your data on our servers.
Only your Master Password can unlock data saved in Dashlane. No one but you knows your Master Password, not even Dashlane. So only you can access your data.
Interested in learning about the technical details of our zero-knowledge system?
Dashlane's unique set of security measures
- Dashlane requires a strong Master Password. We encourage our customers to make their Master Passwords unique and as complex as possible while still being memorable.
- We don’t store your Master Password anywhere on our servers, and we never send your Master Password over the internet. Even if hackers attack our servers, they can’t access your data.
- Dashlane doesn't collect or store a password hint. Often these hints are bad for security, and we don't use them for that reason.
- When you log in to a new device, we add an extra layer of security by sending a code to a device or email account that we know belongs to you.
Other steps Dashlane takes
- We host our servers on Amazon AWS, one of the most respected and secure cloud hosting services.
- We audit our products to make sure we have no holes in our system.
- We regularly scan our servers and security system for any trace of suspicious activity or vulnerability.
What can I do to make my data more secure?
You can take these steps to strengthen security while using Dashlane:
- Create strong and unique passwords for all your logins. Use our Password Generator to create the strongest password possible. Use our Autofill feature, and you won’t have to remember your passwords.
- Keep track of your Password Health and update weak or compromised passwords.
- Make sure to respond to security alerts by changing your passwords. We provide these alerts when your logins are affected by a breach.
- Turn on 2-factor authentication (2FA) for an extra layer of security.
- Dashlane Premium subscribers can use our virtual private network (VPN) for additional security on unsecured networks like public WiFi.
Want to know more about security at Dashlane?
More about remote work security on our blog
What if I lose a device with Dashlane data on it?
No one can see the data you store in Dashlane without your Master Password, even if they have your device. You can also add layers of security to block access in case someone gets access to your device:
- Turn on Pin unlock in Android or Use passcode in Apple, and no one can access your data without your 4-digit code
- Turn on Biometric unlock, and no one can access your data without your face or fingerprint
You can also remotely disable Dashlane on any device—a good idea if the device is lost or stolen:
- In the My account menu of the web app, select Settings and then Manage activity.
- Select the cross icon next to the device you want to disable, then select De-authorize.
The next time you access Dashlane from the device, we’ll ask you to enter a code sent to an email address or mobile device that we know belongs to you.
What if Dashlane's servers are hacked?
Hackers are unlikely to access our servers. Also, no one who accesses our servers can see your logins and personal information. All customer data stored on our servers is "encrypted" or locked using the best security system possible.
The only way to see the data you store in Dashlane is to log in to your account using your Master Password on a device you approve. Only you know your Master Password, so only you can see your data.
Can Dashlane employees access my data?
No Dashlane employees can see your logins or personal information because of our “zero-knowledge” security system. Anywhere we store your logins or personal information—including our servers—your data is “encrypted“ or locked using the best security system possible.
The only way to see the data you store in Dashlane is to log in to your account using your Master Password on a device you approve. We don’t know your Master Password. Only you know your Master Password, so only you can see your data.
How does Dashlane work without knowing my Master Password?
We use a complex security system called “asymmetric encryption.” This system uses two codes or “keys” that work together to “encrypt” and “decrypt” data—to lock and unlock your logins and other personal information. When you first use Dashlane, we create a pair of keys for you:
- A “public” key that we store on Dashlane’s servers
- A “private” key that we store safely in the Dashlane app on your device
Your public key encrypts the data you store in Dashlane. But no one can decrypt your data without your private key, and no one can use your private key without entering your Master Password.
When you enter new logins and personal information in your Dashlane account, we encrypt the data for storage on our servers. When you want to access your logins or personal information in Dashlane, you enter your Master Password, and your private key unlocks your data.
Add devices securely
When you use Dashlane on a new device, we add another layer of security. When you enter your Master Password, your device contacts Dashlane. We send a one-time code to the phone or email address you use with your Dashlane account. We only unlock your data when you enter this code on your device.
This process “authenticates” your device. In other words, we know the device belongs to you. You can access your data on the device when you enter your Master Password.
Share data securely
Secure sharing in Dashlane also uses asymmetric cryptography. When you share a login or Secure Note with another Dashlane customer, we encrypt the data with that customer’s public key. When they enter their Master Password, their private key decrypts the data in their account.
Can I change my cryptography settings?
You can change your cryptography settings in the web app only.
- In the My account menu, select Settings and then Security settings.
- In the Key derivation function section, choose from the available methods:
- Argon2d (Recommended): This password derivation function is state-of-the-art and recommended if your organization doesn't need to meet specific compliance policies. We use three iterations, 32 MB memory cost, and two parallel tasks.
- PBKDF2 200,000: This password derivation function complies with NIST recommendations. It can be slow on old devices. We use 200,000 iterations of PBKDF2 with SHA256.
- PBKDF2 10,204: This password derivation function is compatible only with older versions of Dashlane.