Dashlane has apps for Android and iOS. Its browser extension supports Chrome, Edge, Firefox, Safari, and Chromium-based browsers.
(Credit: Dashlane/PCMag)
Start by setting up an account via your web browser. Enter your email, then choose to either create a strong master password, use a hardware security key, or set up passwordless login with a six-digit PIN you’ll enter whenever you sign in.
Passwordless Logins
I opted to create a passcode, and Dashlane let me set a pretty insecure one (333333) for my account. An on-screen warning asks you not to create a passcode using consecutive numbers, but it won’t stop you from doing so. If you frequently use a shared computer or other device, make your PIN as complex as possible, or use a hardware security key or a master password to log in.
The PIN is device-specific, so you must create a new passcode for your mobile app or to use the password manager with other browsers. For example, I evaluated Dashlane using two browsers and an iPhone, so I created three (identical) passcodes to login to my test account.
I asked a Dashlane spokesperson whether the development team plans to add stricter passcode rules in future updates. They replied, “With a passwordless account, because the local device PIN code (something you know) is combined with a physical device (something you have), the need for a unique or strong PIN is reduced. Most cyber attacks are remote attacks, such as phishing. Phishing attacks on a PIN code are ineffective as the attacker must also possess or have access to the user’s device.”
It appears the company is placing responsibility for account security on the customer while addressing the “what password should I use for my password manager?” question, which is certainly a tough problem to solve.
Right now, Dashlane’s login solution is still imperfect. Here’s a scenario that explains why: You install Dashlane’s browser extension on a desktop computer at home or work, and get up to leave for a minute or two. Then someone, maybe your kid, or your biggest hater in the office, comes along to unlock the extension using six repeating characters. It’s not something that will happen to everyone, but it’s a scenario that could be avoided by using a traditional login and multi-factor authentication, or by using more complicated passcodes.
Another issue I ran into while logging in with a passcode is accessing my vault outside the office. That’s because, if you log out of your Dashlane account on a device, you’ll need a logged-in device to access your vault. So, if, like me, you’re logged into your Dashlane account on a desktop computer, but you need to use Dashlane while you’re out and about, you won’t be able to access your vault on your phone without entering your account recovery key. That means you’ll need to carry your 28-digit recovery key or memorize it, which seems like a big undertaking.
A few final login thoughts: You can still enter two-factor codes from an authenticator app when logging in with a master password at sign-up, which is great. That said, if you want to switch from a traditional master password login to a passwordless login, you’ll need to create a new account, which isn’t ideal. The Dashlane spokesperson told me that customers will be able to migrate their traditional login accounts to passwordless accounts later this year.
Vault Setup
After signing up, create the aforementioned account recovery key. Dashlane recommends saving it on a different device to use as a “break glass in case of emergency” option to access your account. I like that Dashlane asked me to verify that I had saved the recovery key and emphasized that the company cannot access my vault if I lose access to it.
Follow the on-screen tutorial to set up your vault. Dashlane walks you through adding your first login, downloading a browser extension, and installing a mobile app.
(Credit: Dashlane/PCMag)
You can import any credentials you have stored in your browser’s password manager or from competitors if you are switching password managers. Dashlane accepts credential lists from competitors like Bitwarden and LastPass, but if your old password manager isn’t on the list, you can always just upload a CSV containing your logins. If you’re like me and you have a lot of online accounts, you can organize your credentials within your vault using Dashlane’s Collections feature, which sorts your logins into different categories, like Entertainment or Shopping.
If you’re using an iOS device, Dashlane lets you import your passkeys, passwords, and other data without uploading a CSV file, which is helpful. I was able to transfer my Apple Passwords logins to my Dashlane vault with a tap or two, which is great.
