This led me to contact Dashlane to see how they intended to justify this. The best way for a service to guarantee the secrecy of data is to ensure they never have access to it in the first place. This is the exact opposite of security by design. This process uses a secure, dedicated server infrastructure, and the information is immediately removed once the process is complete.
Note that the Password Changer requires that your old and new passwords be briefly unencrypted on our servers. When using the Password Changer, your passwords are always generated locally by the Dashlane application, then encrypted and transmitted securely to our servers. They even mention this explicitly in their help pages on the Password Changer: You read that right: when using Dashlane’s Password Changer feature, both your old and your new password transit through Dashlane’s servers, where they will be in plain text at one point or another, since they need to be able to fill them on the website they are changing the password for.
Password Changer uses our servers to actually connect to the sites in order to update your passwords there. This is why a site may detect that you are signing in from another location and display a warning. Their FAQ mentions the following (emphasis mine):Ī “suspicious log-in attempt” notification may appear when signing in to a site after using Password Changer, because your passwords are changed through our servers when using the Password Changer feature. Rather than doing everything locally on the user’s machine, which is what another password manager with this feature does, Dashlane does it via their servers. The main problematic feature is their Password Changer it may look awesome, but it represents a serious security issue. This is something that every Password Manager must guarantee.ĭashlane's design choices make them unable to guarantee that they will never have access to their users' passwords. The main principle Dashlane tramples is the minimisation of their attack surface, as their design choices make them unable to guarantee that they will never have access to their users’ passwords without knowing their Master Passwords. The first feature does not respect basic security by design principles, to which any application or organisation should automatically adhere when handling sensitive data. Specifically, I take serious issue with two of Dashlane’s features, both in the way they are designed and in the way they are presented. However, while doing my research, I stumbled upon some concerning design choices regarding Dashlane, which pushed me to write and publish this post first. Initially, this post should have been a comparative of password managers.