Dashlane toes the line between cloud service and local password manager in an attempt to answer every security concern. You can store your password database on Dashlane's servers and take advantage of synchronization across devices, or you can store your password vault locally and forgo synchronization. It's your choice.
If you store your password database in Dashlane's cloud, your master password remains with you only. Rather than storing a hash of the master password on its servers, Dashlane claims to use your password merely to encrypt and decrypt the data locally. For this reason your password database on the Web is read only, and changes can solely be made on a client.
Authentication is performed against devices that are registered with Dashlane through a two-step process, incorporating your master password and a device registration code sent via email. Two pricing tiers are offered for Dashlane users. A free account allows access to your passwords through a single device of your choice. Premium accounts, which cost $29.99 per year, let you synchronize your passwords across multiple devices, give you access to the read-only Web app, and entitle you to Dashlane's customer support.
With Dashlane, retention of your master password is critical. The company states that it is unable to perform password recovery in the event of loss, a necessary side effect of its decision to not store a copy of your password in any form. Two-factor authentication is also supported through the use of Google Authenticator. Support for two-factor authentication must be enabled through the Windows or Mac client and can only be used on Internet-connected clients. Dashlane's secure sharing process combines an email containing a link and an access code, both of which expire within a short period of time. It's the best approach to secure password sharing I've seen.
Because Dashlane attempts to be a hybrid of a cloud-based and local password manager, it isn't as full featured as other cloud offerings, and it may not win over customers fearful of cloud services. However, Dashlane has been able to accomplish something truly remarkable through no small amount of ingenuity and attention to security precautions. Before you dismiss Dashlane because it's a cloud-based service, take a look at the company's security whitepaper, which details the concepts and security practices it has implemented.
A mature open source project (GNU GPL version 2), KeePass is a free password management solution for Windows, OS X, or Linux, running natively on Windows and requiring Mono for the other platforms. Many of the benefits of open source software are prevalent in KeePass, including ports to other client operating systems and a robust plug-in ecosystem. With the extensibility offered by plug-ins for KeePass, you can change the encryption algorithm, automate logins through your browser, integrate an on-screen keyboard, or even create scripts you can run against KeePass.
Sign up for CIO Asia eNewsletters.