Dashlane is built on the principle of zero knowledge, which means we ensure that only you have access to the data in your Dashlane vault. Your logins and personal information are always “encrypted,” even when we store your data on our servers as a backup and to sync your data across devices. Encryption scrambles your data so that no one can read it—not even Dashlane.
When you enter your Master Password, your data is “decrypted” on your device and available only to you. No one but you knows your Master Password, not even Dashlane. So only you can access your data.
Our zero-knowledge approach also applies to passwordless Dashlane accounts. Passwordless login is highly secure and makes accessing Dashlane easier than ever before. You no longer need to create and remember a complicated Master Password to safely manage your online life.
Interested in learning about the technical details of our zero-knowledge approach?
Read our white paper
More about security and passwordless login
How does Dashlane keep my data safe?
- Dashlane requires a strong Master Password. We encourage our customers to make their Master Passwords unique and as complex as possible while still being memorable.
- We don’t store your Master Password anywhere on our servers, and we never send your Master Password over the internet. Even if hackers attack our servers, they can’t access your data.
- Dashlane doesn't use password hints or security questions for password reset. Often these processes are bad for security, and we don't use them for that reason.
- When you log in to a new device, we add an extra layer of security by sending a code to a device or email account that we know belongs to you.
Other steps Dashlane takes
- We're the first major password manager to meet the updated 2022 ISO standards and become ISO 27001 certified.
- We host our servers on Amazon AWS, one of the most respected and secure cloud hosting services.
- We audit our products to make sure we have no holes in our system.
- We regularly scan our servers and security system for any trace of suspicious activity or vulnerability.
What can I do to make my data more secure?
You can take these steps to strengthen security while using Dashlane:
- Create strong and unique passwords for all your logins. Use our Password Generator to create the strongest password possible. With our Autofill feature, you won’t have to remember your passwords.
- Set up the recovery options available to you so that you can regain access to your account if you forget your Master Password.
- Keep track of your Password Health and update weak or compromised passwords.
- Make sure to respond to security alerts by changing your passwords. We provide these alerts when your logins are affected by a breach.
- Protect your account with 2-factor authentication (2FA) for an extra layer of security.
- Dashlane Premium subscribers can use our virtual private network (VPN) for additional security on unsecured networks like public WiFi.
Want to know more about security at Dashlane?
- Visit the Security webpage
- Read about Dashlane's security and compliance at trust.dashlane.com
- More about remote work security on our blog
Want to learn other ways to keep your account secure? Check out our tips:
What if I lose a device with Dashlane data on it?
No one can see the data you store in Dashlane without your Master Password, even if they have your device. You can also add layers of security to block access in case someone gets access to your device:
- Turn on Pin unlock in Android or Use PIN in Apple, and no one can access your data without your 4-digit code
- Turn on Biometric unlock, and no one can access your data without your face or fingerprint
Unlock the iOS (Apple) app with biometrics or a PIN
Unlock the Android app with biometrics or a PIN
You can also unlock the Dashlane macOS using Touch ID. You can't use Touch ID with the Dashlane Safari extension due to a limitation on Safari's side, so you need to use your Master Password.
Unlock the Dashlane macOS app with Touch ID
More about the Dashlane Safari extension
You can also remotely disable Dashlane on any device—a good idea if the device is lost or stolen:
- In the My account menu of the web app, select Settings and then Manage activity.
- Select the cross icon next to the device you want to disable, and then select De-authorize.
The next time you access Dashlane from the device, we’ll ask you to enter a code sent to an email address or mobile device that we know belongs to you.
What if Dashlane's servers are hacked?
Hackers are unlikely to access our servers. Also, no one who accesses our servers can see your logins and personal information because that data is always “encrypted." Encryption scrambles your data so that no one can read it. When you enter your Master Password, your data is “decrypted” on your device and available only to you.
Can Dashlane employees access my data?
No Dashlane employees can see your logins or personal information because of our “zero-knowledge” security approach. Anywhere we store your logins or personal information—including our servers—your data is encrypted using the best security system possible.
The only way to see the data you store in Dashlane is to log in to your account using your Master Password on a device you approve. We don’t know your Master Password. Only you know your Master Password, so only you can see your data.
How does Dashlane work without knowing my Master Password?
We use a complex security system called “asymmetric encryption.” This system uses two codes or “keys” that work together to “encrypt” and “decrypt” data—to scramble and unscramble your logins and other personal information. When you first use Dashlane, we create a pair of keys for you:
- A “public” key that we store on Dashlane’s servers
- A “private” key that we store safely in the Dashlane app on your device
Your public key encrypts the data you store in Dashlane. But no one can decrypt your data without your private key, and no one can use your private key without entering your Master Password.
When you enter new logins and personal information in your Dashlane account, we encrypt the data for storage on our servers. When you want to access your logins or personal information in Dashlane, you enter your Master Password, and your private key unlocks your data.
Add devices securely
When you use Dashlane on a new device, we add another layer of security. When you enter your Master Password, your device contacts Dashlane. We send a one-time code to the phone or email address you use with your Dashlane account. We only unlock your data when you enter this code on your device.
This process “authenticates” your device. In other words, we know the device belongs to you. You can access your data on the device when you enter your Master Password.
Share data securely
Secure sharing in Dashlane also uses asymmetric cryptography. When you share a login or Secure Note with another Dashlane customer, we encrypt the data with that customer’s public key. When they enter their Master Password, their private key decrypts the data in their account.
I don't want my data saved in the cloud. Do I have that option?
No, we back up all of our customers' encrypted data on our servers. Remember, only you have the key to your data—your Master Password—so we can never read or decrypt your data.
Can I change my cryptography settings?
You can change your cryptography settings in the web app only.
- In the My account menu, select Settings and then Security settings.
- In the Key derivation function section, choose from the available methods:
- Argon2d (Recommended): This password derivation function is state-of-the-art and recommended if your organization doesn't need to meet specific compliance policies. We use three iterations, 32 MB memory cost, and two parallel tasks.
- PBKDF2 200,000: This password derivation function complies with NIST recommendations. It can be slow on old devices. We use 200,000 iterations of PBKDF2 with SHA256.
- PBKDF2 10,204: This password derivation function is compatible only with older versions of Dashlane.
Does the logo next to Dashlane’s name in my email inbox mean it’s official brand communication?
A Brand Indicator for Message Identification (BIMI) is the standardized way of discovering and publishing each brand’s preferred logo beside its email address. The logo confirms that you’re who you say you are and that the message is official brand communication. In your desktop inbox, you’ll see a blue checkmark icon.
With the rise of phishing attacks and fake information on the internet, BIMIs add a reliable layer of legitimacy to business communications.
Learn more about BIMIs in the Dashlane blog:
Dashlane Now Has a Brand Indicator for Message Identification (BIMI)
Check out our Trust Center for more information on security and compliance, including the location of our servers.
Read about Dashlane's security and compliance at trust.dashlane.com