Dashlane toes the line between cloud service and local password manager in an attempt to answer every security concern. You can store your password database on Dashlane's servers and take advantage of synchronization across devices, or you can store your password vault locally and forgo synchronization. It's your choice.
If you store your password database in Dashlane's cloud, your master password remains with you only. Rather than storing a hash of the master password on its servers, Dashlane claims to use your password merely to encrypt and decrypt the data locally. For this reason your password database on the Web is read only, and changes can solely be made on a client.
Authentication is performed against devices that are registered with Dashlane through a two-step process, incorporating your master password and a device registration code sent via email. Two pricing tiers are offered for Dashlane users. A free account allows access to your passwords through a single device of your choice. Premium accounts, which cost $39.99 per year, let you synchronize your passwords across multiple devices, perform account backups, share more than five items, give you access to the read-only Web app, and entitle you to Dashlane's customer support.
With Dashlane, retention of your master password is critical. The company states that it is unable to perform password recovery in the event of loss, a necessary side effect of its decision to not store a copy of your password in any form. Two-factor authentication is also supported through the use of Google Authenticator. Support for two-factor authentication must be enabled through the Windows or Mac client and can only be used on Internet-connected clients.
Dashlane's team features allow you to securely share login information with other Dashlane users, providing them with an appropriate level of access to the information. Shared items can be provided with limited rights, which restrict the ability to change permissions or reshare an item, or with full rights to the data. Dashlane also offers the ability to designate emergency contacts, making it easy to allow family or co-workers access to critical accounts or information in the event of an emergency. The data shared with an emergency contact can be fine-tuned in order to only provide certain information to specific contacts.
Because Dashlane attempts to be a hybrid of a cloud-based and local password manager, it isn't as full featured as other cloud offerings, and it may not win over customers fearful of cloud services. However, Dashlane has been able to accomplish something truly remarkable through no small amount of ingenuity and attention to security precautions. Before you dismiss Dashlane because it's a cloud-based service, take a look at the company's security whitepaper, which details the concepts and security practices it has implemented.
Sign up for CIO Asia eNewsletters.