Dashlane wants to automate passwords in 2018
Passwords are everywhere. You use them to sign in to operating systems and devices, web services, email accounts, computer games, audio and video chat services, or websites that you have user accounts at.
If you are tech savvy, you know that it is important to use unique secure passwords for accounts. This is best done with the help of a password manager unless you only use a single account on the Internet.
Password managers of today assist users in multiple ways. They store passwords, come with sure password generation options, and allow you to sync between devices often for that extra bit of comfort.
What most don't do is make the managing of passwords easier. Dashlane, makers of the popular Dashlane password manager, wants to change that.
Tip: Check out our review of Dashlane 5 here.
The company announced Project Mirror the other day. Project Mirror is Dashlane's attempt at giving "you back control of your digital identity" so that the "logins and all other digital identification data are safe," "accessed only by you" and "entirely automated."
While you could say that most password managers ensure the first two goals, it is different when it comes to the third. Sure, LastPass, Dashlane and some other password managers support the automatic changing of passwords for select services, but only for a limited number of supported sites. Dashlane introduced inbox scan in 2015 to improve automation further.
Project Mirror is an evolution of earlier automation technologies according to Dashlane. The company wants to release a feature it calls Critical Account Protection as the first step towards that ambitious goal.
What does it do?
In a single click, this feature will import and secure your most important passwords in Dashlane, identifying any high-risk accounts and automatically resetting and securing those credentials.
From your iPhone or Android device, you will be able to effortlessly identify, secure, and store your entire portfolio of passwords.
The feature imports and identifies important passwords from email accounts you connect to the service. It runs a risk analysis of all accounts then and highlights accounts that have a high-risk assessment.
The most interesting bit of the process is that users will be able to use Dashlane to automatically reset and secure the credentials (by updating them from within the application with minimal effort on the user's side).
In seconds, Critical Account Protection will allow you to link your email accounts, scan and view a detailed Critical Account report, and lock down any accounts you want completely protected.
Dashlane published a video that demonstrates the functionality.
Closing Words
The information is scarce at this point in time. It seems however that Dashlane will use information about data breaches and hacks in the account analysis. This closes the information gap somewhat that exists and assists users who don't follow IT news in securing their accounts after breaches.
It is unclear right now if Dashlane will support only select accounts with the automation functionality -- resetting and setting new passwords -- or if automation covers the bulk of services out there.
Now You: What's your take on Dashlane's initiative?
No Thanks!
I’ll stick with KeePass for locally stored passwords, and pencil/paper for high value passwords.
None of my passwords need to be stored on someone else’s machine. Some of mine are not stored even on my own machines.
Why would anyone want an outside agency to rummage through their valuable stuff? You would have to assign too much trust in the kindness of strangers to use it.
Be careful if you are seduced by simplicity. Security needs some complexity to be useful.
I agree, and believe open source KeePass is one of the best password managers.
I cannot fathom the design of Dashline in 2018 to make passwords automatically secure. If its code really can do this, will not bad people reverse engineer this and perpetuate the problem?
To change almost all passwords you need the original username and password (i.e. be logged in already), so I’m not sure why you think a service that probably just scans sites looking for “Change Password†options, then plugs the old password into one field and a new one into a couple of others, is somehow some complicated backdoor that could be exploited.
Just wait until Google Project Zero’ Tavis Ormandy to discover.
If it purports to be a security product, who is behind Dashlane and what private data does it steal and send back its servers?
That’s much too automated for my taste. Automatically reset passwords ? The potential for problems is just too high. And automatically secure them ? What does that mean ?
I just attempted to open an account at a very large and well-known service : it accepted my password, created the account, then denied me entry, alleging false password — impossible, since I use Kee Pass.
Fortunately, I was able to reset the password. I downgraded it from 100 characters to 50. That did the trick. However, nowhere in the help pages can you find a maximum size for passwords — and other instructions are remarkably thin on the ground.
And that’s just for opening the account. Now imagine changing passwords automatically… Also, the final aim of Dashlane is this :
“Through Project Mirror, the Dashlane App will be the source for your digital identity — a mirror of sorts, reflecting the personal information and credentials that you use throughout the internet so that you don’t have to worry about it. This next phase of Dashlane will ensure automatic and secure on-demand access to all of your digital accounts.”
Don’t you feel warm and fuzzy at the idea that ONE company out there would hold the key to ALL the accounts you can’t possibly live without (email, banking, taxes, you name it) ?
Security takes a bit of education. You need to learn how things work, and why they might fail. Relying on one company to do it all for you behind a closed door prevents that.