Dashlane Review
Views: 2924
2023-07-20 04:56
A password manager can help you generate and store unique, strong passwords for every app

A password manager can help you generate and store unique, strong passwords for every app you use and every website you visit. Dashlane offers easy password management and file storage, with dark web monitoring as a bonus. We're impressed with the inclusion of an activity log in its security settings, and the VPN included with a subscription is a nice perk. Dashlane's premium password manager isn't cheap, but it earns our Editors’ Choice award because it provides extras other password managers just don’t offer at a similar price.

Note that Dashlane has a free tier, but it’s limited to just one device, so we can’t recommend it for practical use. Bitwarden is our Editors’ Choice winner for free password management.

How Much Does Dashlane Cost?

As mentioned above, Dashlane’s free tier limits users to a single device, whereas Bitwarden offers syncing across unlimited devices. Every Dashlane personal plan offers unlimited password storage and secure sharing.

The paid Dashlane tiers start at $33 annually for the Advanced tier, which adds a dark web monitoring feature. A Premium plan is $59.88 per year and adds a VPN powered by Hotspot Shield to the mix. The Friends and Family account is $89.88 annually, and with it, you get all features listed above for up to 10 users.

What Is a Password Manager, and Why Do I Need One?

Dashlane's Premium personal plan is expensive compared with other password managers. For example, Bitwarden's similar tier is just $10 annually, and Keeper’s comparable premium plan is $35 per year. The biggest difference between the three password managers is that Bitwarden and Dashlane offer fully functional free password management tiers, and Keeper does not.

What are Dashlane’s Authentication and Security Options?

Every password manager we recommend has a common feature: multi-factor authentication (MFA). Anybody who can guess, hack, or pilfer your master password can also get into your vault. MFA adds another layer of protection to your account.

What Is Two-Factor Authentication?

Dashlane handles MFA in two ways: default email verification and via an authenticator app. Every time you log into Dashlane on a new device, the company sends a verification code to your email address. The code serves as a way to authenticate your device.

We also recommend adding another layer of authentication in the form of an authenticator app. Unlike Keeper, Dashlane does not support MFA with hardware security keys. For more on using an authenticator, Dashlane offers an extensive tutorial for adding MFA to your account.

Why Do I Need A Security Key?

Like Bitwarden and Keeper, Dashlane can also serve as an authenticator app. Dashlane Authenticator is similar to Google Authenticator or Authy and generates 6-digit one-time use codes that you can use to verify your identity wherever MFA is available. Just use your phone to scan a QR code or enter the setup code provided by the website to link your account to the Dashlane Authenticator.

What happens if you lose your phone? Log into the web app and use your recovery code to regain access to your account. We recommend saving your recovery code on a device that is not the one you’ll be using for authentication. Better yet, write it down and put it in your safe.

One Dashlane security feature of note is the activity log. To view, go to Settings > Security > Manage Activity on the web or mobile app. From there, you can view which devices have been authorized to access your Dashlane vault and when they last logged in.

Notice a login time or device you don’t recognize? You can remove its access with just one tap or rename it to something more familiar. We like this feature, and it appears to be unique to Dashlane. We hope other password management companies will adopt a similar feature for their apps in the future.

Data Privacy With Dashlane

Before we review and test a password manager, we send a list of questions to the company inquiring about its privacy and security practices. We want consumers to have plenty of information about the companies handling their data. We've included Dashlane's responses to our questions below.

Has Dashlane ever had a security breach?

No.

What unencrypted information does Dashlane store in user vaults?

None–all vault information is encrypted.

What is Dashlane’s policy regarding master passwords?

All master passwords are zero-knowledge to Dashlane—they are saved and stored only on user devices and never shared with or stored on Dashlane servers. Only the authorized user on a validated device can access their vault data. At account creation, we use zxcvbn to evaluate the complexity and enforce a minimum strength for master passwords.

What is Dashlane's policy regarding user data collection and data sales?

We collect the data required to establish and manage user accounts, such as a user email and, for paying customers, payment information (although payment information is processed by third parties such as Stripe). We do not know anything about what sites individual users interact with on Dashlane (e.g., whether they have a credential for Amazon or on what pages they autofill forms), but we do collect information about individual users’ use of Dashlane itself (e.g., what features they have activated, how long have they had an account, how many credentials are in their vault, what devices are validated, and what language should communications be in) which is used to provide support and contextual in-app messaging.

We do not sell personal data, nor do we allow vendors who process data on our behalf to use our data for any purposes other than the provision of services to us. We regularly review our data-sharing practices to ensure that we are only sharing what is needed for our vendors to perform their assigned functions.

How does your company protect user data?

We use Argon2, the winner of the Password Hashing Competition, to generate an Advanced Encryption Standard (AES) 256-bit key for encryption and decryption of the user’s personal data on the user’s device.

We encrypt all data in our customers’ vaults, not just passwords. This includes Secure Notes, domains, and more.

How does your company respond to requests for user information from governments and law enforcement?

We only provide information under a subpoena or equivalent demand. We verify all such requests prior to responding. Because of our zero-knowledge architecture, we do not (and cannot) provide any information about the subject user’s vault. We provide only basic account information responsive to the relevant order (i.e., email, existence of account, date of last activity).

We found Dashlane’s answers informative, and in line with the company's privacy policy. PCMag encourages users to browse the privacy policies for all apps to learn more about how companies collect, sell, or store user data. Decide how comfortable you are with data collection and how companies use your data and act accordingly.

Hands On With Dashlane

To start, download Dashlane’s browser extension, then create an account and a strong master password. Once you’re in your vault view, click through the tutorial’s four steps: account creation, adding a login, using autofill, and downloading the mobile app.

(Credit: Dashlane)

Next, you can import any credentials you have stored in your browser’s password manager or from a few competitors if you are switching password managers. Dashlane’s importing capabilities are pretty limited; you can only import from 11 sources, and just five of those are from competing password managers.

For this review, we uploaded test logins stored in a CSV file to our Dashlane vault. We like the password health tool included in the vault, which makes it easy to identify our compromised, reused, or weak passwords.

You can organize your credentials within your vault using Dashlane’s Collections feature, which sorts your logins into different categories, such as Entertainment or Shopping. Collections are handy for people who have a lot of logins.

Dashlane's Password Capture and Replay

Like most password managers, Dashlane captures passwords while you log in around the web. Get started by logging in as you would normally on a site, and then accept Dashlane's pop-up prompt to save the login in your vault.

With Dashlane’s browser extension, you can toggle the autofill function on and off for logins and forms around the web. The browser extension works on Chrome and other browsers using Google’s Chromium code base, such as Brave, Edge, and Opera. The browser extensions also work on Firefox, Microsoft Edge, and Safari browsers.

(Credit: Dashlane)

In testing, we found that creating new logins is exceptionally easy with Dashlane, whereas Bitwarden’s capture and replay function is rather clunky. Dashlane’s is as follows: Just click in an empty field on the account creation page of your choice, and if you have multiple email addresses associated with logins in your vault, Dashlane will ask you which email address you'd like to use to log in. Choose your email address, then tap the password field to generate a new password. Click "Save" to store the new credential in your vault.

Dashlane's Password Generator

Dashlane’s generator creates credentials using just 16 characters by default. PCMag recommends creating passwords using at least 20 characters, including digits, letters, and symbols.

(Credit: Dashlane)

We like Dashlane’s password history feature. It allows you to see old versions of your credentials and the passwords generated by Dashlane that you didn't use. This feature is helpful when you accidentally close the app without saving your new password on a website.

Storage and Form Filling With Dashlane

Dashlane lets users organize notes and file attachments into 11 categories, including legal documents, software licenses, and Wi-Fi passwords. We like that you can ramp up the security in the Secure Notes section by clicking on the Security toggle in the More Options menu. Enabling secure access to your notes means you'll have to enter your master password to unlock specific categories.

Dashlane’s Personal Info section is where you can fill in data about yourself to assist the password manager as it fills in forms for you around the web. You can add only one entry per category. In the future, we’d prefer an option like 1Password’s identities, which allows subscribers to create multiple profiles in one user vault.

In testing, Dashlane handled form filling with ease. We filled login fields with just one tap on the Dashlane logo while browsing with the browser extension enabled.

While using the web vault, we found that we could add bank account information, as well as credit and debit card data, to the Notes section of the app. A separate IDs section allows storage for a driver's license, ID card, passport, social security number, or tax number.

(Credit: Dashlane)

You can upload file attachments to the vault, too. The maximum file upload size is 15 MB, and you can store up to 1 GB of files in your account. Competitors such as Keeper offer more storage, but you’ll have to cough up an annual fee, starting at $9.99 for 10 GB.

Sharing and Emergency Access With Dashlane

Sharing credentials is straightforward with Dashlane. Users can share login information or anything else stored in their vault with anyone’s email address. After tapping the vault item and choosing “Share” from the popup menu, choose to grant limited rights or full rights to the recipient. Limited rights means the person you shared the credential with cannot edit, revoke, or share access to the item. Be careful! If you give full rights to someone, they can revoke your access.

(Credit: Dashlane)

In the event of your inevitable demise, you can let someone else access your credentials. Unfortunately, Dashlane’s password inheritance system isn’t very straightforward.

Dashlane requires a multi-step process to access your data. You must set up and store a DASH file, which is a file containing your encrypted vault data, somewhere that is accessible to whomever you wish to access it. You also need to give your loved one a password that they can use to unlock the DASH file.

On the one hand, this system is a good way to ensure that your data is only accessible to the people you want to access it. On the other hand, many things can happen in emergencies. If your DASH file is on a USB thumb drive at the bottom of a box in your basement at the time of your incapacitation, your data may be lost to your loved ones forever.

Bitwarden, Keeper, and several other password managers include a handy email system to give a trusted friend or relative emergency read-only access to your accounts. For each entry, you can establish an access timeout period and receive notifications about access attempts. We’d like to see similar emergency access features from Dashlane in the future.

Dashlane’s Mobile App

For mobile device testing, we used Dashlane's iOS app on an iPhone 12 mini running iOS 16.5.1. Dashlane also offers an Android app.

(Credit: Dashlane)

Both apps offer biometric authentication and the ability to autofill your logins, payment data, and personal information. The mobile apps proved well designed and easy to use, and they include the functions found in the web browser extension.

Is Dashlane Good for Business?

Dashlane’s Business tiers (starting at $20 monthly for ten users for a Starter plan) are an affordable way to offer password management to each member of a corporate team. Dashlane offers four tiers of service for business customers. For this review, we signed up for a Business plan account, which costs $8 per user monthly. A Business plan account includes access to a password manager vault and the features listed above, along with single sign-on integration, audit log access for administrators, a VPN, and an additional free Friends and Family vault (linked to the corporate account) for each employee.

(Credit: Dashlane)

Like Keeper’s Security Audit Score feature, Dashlane also allows administrators to monitor employees’ password hygiene practices through activity logs showing session times, MFA policy adherence, VPN connections, and secure sharing practices. We like that the password health module is included in the dashboard so that administrators can keep an eye on the company’s password practices over time.

The Groups section allows you to add employees to different groups and share credentials within that group instead of with the entire organization. If an employee loses their master password, they can send an account recovery request to their administrator. If the admin approves the request, the employee can create a new master password from the same computer and browser they used to make the request.

Dashlane's Other Notable Features

Dark web monitoring: Dashlane’s monitor checks the dark web for leaked or stolen data associated with up to five email addresses, which is similar to Keeper’s BreachWatch feature. We tested Dashlane’s dark web monitoring with an email address associated with work, and the monitor did not find data linked to that email.

(Credit: Dashlane)

Passkey support: Dashlane allows the creation and storage of passkeys in your web vault or a mobile device running Android 14 beta or later. Currently, subscribers cannot save or store passkeys using Dashlane on iOS.

To create a passkey using Dashlane, visit a website that uses passkeys, such as Adobe or Google. Sign in using a username and password, then set up a passkey in your account settings menu. After completing the passkey setup, log out of the website, return to the sign-in screen, and choose "Sign in with passkey."

Users can only view, edit, and delete passkeys in the Android app. You can save and use passkeys using the web-based browser extension, but passkeys will not appear in the Logins section of the web vault.

Right now, not all apps and websites are set up for passkey logins, so we encourage PCMag readers to continue creating new and strong passwords for all websites they visit.

VPN connection: Dashlane uses Hotspot Shield for its VPN connections. We did not test the VPN’s efficacy for this review, but PCMag has an in-depth review of Hotspot Shield VPN. Do you need to connect to a VPN while using your password manager? Do you need a VPN at all? The answer depends on your personal preferences and browsing habits.

Premium Password Management Made Simple

Dashlane offers user-friendly applications for browsers and mobile devices, and the subscription tiers deliver password protection for unlimited devices. Dashlane has a free password management tier, though it's limited to just one device. In contrast, Bitwarden’s free tier offers unlimited password storage synced across all your devices.

Yes, Dashlane’s premium plans are expensive, but some may find the added VPN and dark web monitoring justify the cost. We also like Dashlane’s ultra-smooth password capture and replay system, secure sharing, MFA options, and password-strength reports. Ultimately, Dashlane is an Editors' Choice winner in the premium password management category because of its superior usability and plentiful features. Bitwarden remains our top pick for free password managers for its generous free plan and overall ease of use.

Tags password managers