Dashlane is getting rid of its insecure master password
Password manager company Dashlane is replacing the master password with a new device-based / biometric “Passwordless Login” solution to better protect users’ password vaults. That means Dashlane users will no longer have to create and remember a single password that must be guarded from the world — lest it succumbs to a dastardly phishing scheme that compromises your whole digital life (and probably your identity).
Dashlane’s Passwordless Login follows the company’s early support for the rising cryptographic keys solution known as passkeys. However, while Dashlane’s new master password replacement solution also uses cryptographic keys, it’s not the same as passkeys, which is the password-free authentication solution developed by FIDO Alliance. Passkeys are backed by all the major tech players, including Apple, Microsoft, and Google, which just added support for passkey protection on Google accounts this morning.
“The only reason we didn’t do passkey for this is it just wasn’t quite ready,” explains Dashlane CPO Donald Hasson in an interview with The Verge. Dashlane can already store passkeys via its browser extension, but in practice, passkeys generally end up being usable only within the ecosystem it was initially stored in — for instance, Apple’s iCloud Keychain.
In the same interview, Dashlane CEO John Bennett said the company wants to avoid getting trapped inside a walled garden with passkey. “It works great if I’m only in operating system A, but if I’m in operating system B it becomes a problem,” Bennett explains. In the future, Dashlane may add a passkey unlock option for users’ vaults, a feature competitor 1Password plans to add this summer. But for now, Hasson tells us that the company will be open-sourcing certain aspects of its phishing-resistant proprietary Passwordless Login tech for the sake of security and privacy.
Dashlane’s Passwordless Login works using the company’s app on mobile devices. It uses a PIN and can use the device’s biometrics like Face ID or fingerprint readers to authenticate and open up users’ vaults. You can also use it to log in to Dashlane on your other devices by scanning a QR code.
If a Dashlane user loses one of their devices, like their smartphone, they can recover their account from another device they’ve authenticated. But there’s also a recovery key option that can be saved elsewhere or printed out — which will be crucial for free Dashlane users who are only given access to one device.
Dashlane’s Passwordless Login will be available to new Dashlane users in the “coming months,” according to the press release. And for existing customers, Dashlane will be rolling out the feature “later this year.”
Read the full article Here