• Dashlane requires a strong Master Password. We encourage our customers to make their Master Passwords unique and as complex as possible while still being memorable.

  More on Master Passwords

• We don’t store your Master Password anywhere on our servers, and we never send your Master Password over the internet. Even if hackers attack our servers, they can’t access your data.
• Dashlane doesn't use password hints or security questions for password reset. These processes are often bad for security, and we don't use them for that reason.
• When you log in to a new device, we add an extra layer of security by sending a code to a device or email account that we know belongs to you.

Other steps Dashlane takes

• We're the first major password manager to meet the updated 2022 ISO standards and become ISO 27001 certified.

  Read more about ISO certification on our blog

• We host our servers on Amazon AWS, one of the most respected and secure cloud hosting services.
• We audit our products to make sure we have no holes in our system.
• We regularly scan our servers and security system for any trace of suspicious activity or vulnerability.

You can take these steps to strengthen security while using Dashlane:

• Create strong and unique passwords for all your logins. Use our Password Generator to create the strongest password possible. With our Autofill feature, you won’t have to remember your passwords.

  Dashlane Password Generator

• Set up the recovery options available to you so that you can regain access to your account if you forget your Master Password.

  Account recovery options for Dashlane

• Keep track of your Password Health and update weak or compromised passwords.

  Password Health score

• Make sure to respond to security alerts by changing your passwords. We provide these alerts when your logins are affected by a breach.

  More about security alerts

• Protect your account with 2-factor authentication (2FA) for an extra layer of security.

  Turn on 2FA

• Dashlane Premium subscribers can use our virtual private network (VPN) for additional security on unsecured networks like public Wi-Fi.

  More about VPN protection

Want to know more about security at Dashlane?

• Visit the Security webpage
• Read about Dashlane's security and compliance at trust.dashlane.com
• More about remote work security on our blog

Want to learn other ways to keep your account secure? Check out our tips:

Tips for keeping your Dashlane account secure

No one can see the data you store in Dashlane without your Master Password, even if they have your device. You can also add layers of security to block access in case someone gets access to your device:

• Turn on Pin unlock in Android or Use PIN in Apple, and no one can access your data without your 4-digit code
• Turn on Biometric unlock, and no one can access your data without your face or fingerprint

Unlock the iOS (Apple) app with biometrics or a PIN
Unlock the Android app with biometrics or a PIN

You can also unlock the Dashlane macOS using Touch ID. You can't use Touch ID with the Dashlane Smart Extension for Safari due to a limitation on Safari's side, so you need to use your Master Password.

Unlock the Dashlane macOS app with Touch ID
More about the Dashlane Smart Extension for Safari

You can also remotely disable Dashlane on any device—a good idea if the device is lost or stolen:

1. In the My account menu of the web app, select Settings and then Manage activity.
2. Select the cross icon next to the device you want to disable, and then select De-authorize.

The next time you access Dashlane from the device, we’ll ask you to enter a code sent to an email address or mobile device that we know belongs to you.

Hackers are unlikely to access our servers. Also, no one who accesses our servers can see your logins and personal information because that data is always “encrypted." Encryption scrambles your data so that no one can read it. When you enter your Master Password, your data is “decrypted” on your device and available only to you.

More about security at Dashlane

No Dashlane employees can see your logins or personal information because of our “zero-knowledge” security approach. Anywhere we store your logins or personal information—including our servers—your data is encrypted using the best security system possible.

The only way to see the data you store in Dashlane is to log in to your account using your Master Password on a device you approve. We don’t know your Master Password. Only you know your Master Password, so only you can see your data.

We use a complex security system called “asymmetric encryption.” This system uses two codes or “keys” that work together to “encrypt” and “decrypt” data—to scramble and unscramble your logins and other personal information. When you first use Dashlane, we create a pair of keys for you:

• A “public” key that we store on Dashlane’s servers
• A “private” key that we store safely in the Dashlane app on your device

Your public key encrypts the data you store in Dashlane. But no one can decrypt your data without your private key, and no one can use your private key without entering your Master Password.

When you enter new logins and personal information in your Dashlane account, we encrypt the data for storage on our servers. When you want to access your logins or personal information in Dashlane, you enter your Master Password, and your private key unlocks your data.

Add devices securely

When you use Dashlane on a new device, we add another layer of security. When you enter your Master Password, your device contacts Dashlane. We send a one-time code to the phone or email address you use with your Dashlane account. We only unlock your data when you enter this code on your device.

This process “authenticates” your device. In other words, we know the device belongs to you. You can access your data on the device when you enter your Master Password.

Share data securely

Secure sharing in Dashlane also uses asymmetric cryptography. When you share a login or Secure Note with another Dashlane customer, we encrypt the data with that customer’s public key. When they enter their Master Password, their private key decrypts the data in their account.

More about secure sharing

No, we back up all of our customers' encrypted data on our servers. Remember, only you have the key to your data—your Master Password—so we can never read or decrypt your data.

You can change your cryptography settings in the web app only.

1. In the My account menu, select Settings and then Security settings.
2. In the Key derivation function section, choose from the available methods:
   • Argon2d (Recommended): This password derivation function is state-of-the-art and recommended if your organization doesn't need to meet specific compliance policies. We use three iterations, 32 MB memory cost, and two parallel tasks.
   • PBKDF2 200,000: This password derivation function complies with NIST recommendations. It can be slow on old devices. We use 200,000 iterations of PBKDF2 with SHA256.
   • PBKDF2 10,204: This password derivation function is compatible only with older versions of Dashlane.

A Brand Indicator for Message Identification (BIMI) is the standardized way of discovering and publishing each brand’s preferred logo beside its email address. The logo confirms that you’re who you say you are and that the message is official brand communication. In your desktop inbox, you’ll see a blue checkmark icon.

With the rise of phishing attacks and fake information on the internet, BIMIs add a reliable layer of legitimacy to business communications.

Learn more about BIMIs in the Dashlane blog:

Dashlane Now Has a Brand Indicator for Message Identification (BIMI)