Passwords help protect your accounts but also come with risks related to security breaches, phishing, and other online attacks. When a site or app asks for your password, they’re asking you to prove your identity by providing something only you know. So, in theory, only you can access your account. But the process isn't always secure because people can make these mistakes:

• Create passwords that are simple and easy to remember but also easy to hack
• Reuse the same password on different websites
• Share passwords accidentally with the wrong people, such as in a phishing scam

  What is phishing, and how can I protect myself?

In addition, the websites you use store your passwords on their servers. In security breaches, hackers sometimes get access to these servers and compromise the passwords of all users.

Using a password manager like Dashlane to create and store complex, unique passwords has always been the best way to protect your online identity. But now, Dashlane is leading the way in using passkeys as an even safer and easier way to manage your life online.

Concerned that your email was hacked? Check out our blog post on what to do if a scammer has your email address

Passkeys are a form of "passwordless authentication," which means you prove your identity without a password when you log in to a website or app.

For the person logging in with a passkey, the process is simple. In some cases, you’ll use your fingerprint or facial recognition the same way you do when unlocking your phone. If you’ve saved a passkey in Dashlane, you’ll see a pop-up asking you to confirm that you want to log in to the site. After confirming, you’ll be logged in automatically.

Create and manage passkeys with Dashlane

But passkeys are also far more secure than the best passwords. Passkeys are a phishing-resistant way to log in. Unlike passwords, passkeys can't be stolen or guessed. Passkeys are always unique and strong and don’t require storing private information on servers.

Passkeys are designed to be resistant to phishing and other online attacks.

When you create a passkey for a site and save it in Dashlane, we create two "keys" that connect you securely to the site. These keys are two long numbers connected by a complex mathematical relationship. You’ll never see or do anything with these keys, but they’ll be stored in two places connected to you:

• The first is a "private" key that we store safely in your Dashlane account
• The second is a "public" key that the website or app you want to access stores for your account on their servers

The public key isn't a secret. In theory, anyone with access to the server where the public key is stored can see the key. But the public key is useless without the private key, and the private key is protected by Dashlane's unique security system. No one can access the private key, not even Dashlane employees.

You can only access an account protected by a passkey when the private and public keys are used together. When you log in to a website or app using a passkey, Dashlane uses the public and the private keys together to connect you.

For more on the technology behind passkeys, check out our blog for a guide to asymmetric encryption

More about security at Dashlane

When you log in to an account with a passkey, you use an "authenticator" that tells the site or app you’re trying to access that you are who you say you are. The authenticator can be your phone, computer, or security key. Your Dashlane account can also act as an authenticator, which lets you use the same passkey anywhere you’re logged in to Dashlane.

Before logging in, you need to create a passkey for the account. The process for creating passkeys is simple.

1. When you access a website or app, enter your username as usual.
2. The site asks if you want to create a passkey, and you confirm.

   Note: The process depends on the website or app you're using. For some websites and apps, you’ll need to go to your account's security settings to set up passkeys.

3. You save the passkey to the authenticator you want to use. If you’re logged in to Dashlane when you create the passkey, we’ll ask if you want to save the passkey in Dashlane.

Create and manage passkeys in Dashlane

Yes. As the online world transitions to passkeys, you'll probably use a mix of passkeys and passwords to log in to your different accounts. On some websites and apps, you'll be able to choose whether you log in with a passkey or a password.

With Dashlane, you can use either type of login. When you go to websites and apps that are set up to use both passkeys and passwords, you can choose how you log in. When you select the login field for one of these sites, a pop-up will open showing any logins you've saved in Dashlane for the site.

You can select a password login, shown with a lock icon, and Dashlane autofills your login information before you sign in. Or you can select a passkey login, shown with a passkey icon, and we'll log you in directly. You can also select Use a different passkey to use a passkey that is saved somewhere other than Dashlane, like your browser.

Note: Dashlane is using "Conditional UI" to navigate the transition to passkeys. The UI, or "user interface," is everything you see and interact with when using a website or app. With Conditional UI, the user interface adapts to the type of login you're using. For websites and apps that use both passkeys and passwords, you see one user interface but can use either type of login to access your account.

We’re working to create passwordless login for Dashlane accounts. On a technical level, our version of passwordless login does not involve passkeys. But for the person logging in, the experience will be similar to accessing an account using a passkey.

Log in to Dashlane without a password

If you use Dashlane to manage passkeys, your passkeys remain available in your vault, which you can access on any device. For example, if you lose your phone, you can still log in to Dashlane on your computer and use your passkeys to access your accounts. The Dashlane app on your lost phone remains protected by your PIN, fingerprint, Face ID, or Master Password.

Apple Keychain and Google’s password manager give the option to store passkeys in the cloud. So, if you lose an iOS or Android device where you’ve stored passkeys, you’ll still likely have access to them from other devices.

If you can't access your passkeys on any device, the process for recovering your account will depend on the website or app you’re using. For accounts that use both passkeys and passwords, you’ll likely be able to use your password to recover the account. Some sites and apps might send you a recovery email like they do when you reset your password.

You can’t share passkeys yet. But we’re working on adding this feature. For the time being, many websites and apps are using both passkeys and passwords at the same time. So you can share a password instead if you want someone else to access your account. Dashlane and other companies are working on making it possible to import and export passkeys. But the technology to do so isn't available yet.

Biometrics is when you use your face or fingerprint to access an account. In some cases, you can use a biometric login with passkeys. For example, if you save a passkey on an Apple device, you might be asked for your Face ID or Touch ID when you log in using the passkey. In this case, your Face ID or Touch ID proves that you're the one logging in.

When you use Dashlane to store a passkey, you won't use biometrics to log in to the account you're trying to access. Instead, the fact that you've already logged in to Dashlane on your device proves that you're the one logging in. A Dashlane pop-up asks if you want to log in with a passkey, and you select Confirm to access your account.

Does Dashlane ever use biometrics?

Dashlane uses biometrics for other features that don't involve passkeys. When you've already logged in to Dashlane, you can use biometrics like your face or fingerprint to unlock your Dashlane account. We call this "local unlock" in the Dashlane web app and "biometric unlock" in the mobile apps. These features give you safe and easy access to your account without requiring you to enter your Master Password every time you log in.

Local unlock and biometric unlock can feel just like logging in with a passkey that uses biometrics. But what happens behind the scenes on a technical level is different from passkey login.

Local unlock for the web app
Unlock the Android app with biometrics or a PIN code
Unlock the iOS app with biometrics or a PIN code