BrandWikiReturn

Dashlane

Dashlane is a subscription-based password manager and digital wallet application available on macOS, Windows, iOS and Android, founded in Paris.[1] Dashlane uses a subscription business model option.[2][3]

Overview

Dashlane was founded in Paris on July 6, 2009, releasing their first software on May 23, 2012, that first included a password manager (encrypted using AES-256),[4] which was walled behind a single master password. Over time, more features were introduced to the product such as:

  • Multi-factor authentication[5]
  • Automatic form filling[6]
  • Password generation[7]
  • Digital wallet[8]
  • Security breach alert[9]
  • Virtual private network[10]

Source code

The source code for the Android and the iOS app is available under the Creative Commons NonCommercial license 4.0.[11][12]

Reception

In 2017, Stiftung Warentest evaluated nine paid password managers and rated Dashlane Premium as one of four recommended products.[13]

Security criticism

2024 leakage via injection attacks

A 2024 study by Fábrega et al. demonstrated that many popular password managers are vulnerable to injection attacks. Dashlane was affected due to its handling of application-wide security metrics, allowing an attacker to inject crafted shared entries and observe externally logged data (such as duplicate-password counts) to determine whether their injected values matched passwords stored in a victim's vault.[14]

2024 evaluation of password checkup tools

A 2024 study by Hutchinson et al. examined the “password checkup” features of 14 password managers, including Dashlane, using weak, breached, and randomly generated passwords. The authors found that the evaluated products reported weak and compromised passwords inconsistently and sometimes incompletely. No manager successfully flagged all known breached passwords. The study concludes that such inconsistencies may give users a false sense of security.[15]

2025 DOM-based extension clickjacking

Security researcher Marek Tóth presented a vulnerability in browser extensions of several password managers (including Dashlane) at DEF CON 33 on August 9, 2025. In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click.[16] The affected password manager vendors were notified in April 2025. According to Tóth, Dashlane version 6.2531.1 (August 1, 2025) addressed the issue.[17]

See also

  • List of password managers

External links

References

  1. Top 10 Best Password Managers [NEW 2023 Rankings] Software Testing Help, retrieved 2022-12-15^
  2. Compare Dashlane plans Dashlane Support, retrieved 2025-08-31^
  3. Dashlane. The Dashlane Free Plan Is Ending Soon Dashlane, 2025-08-05, retrieved 2025-08-31^
  4. Ben Popper. Dashlane takes on 1Password and LastPass for the web keychain crown The Verge, 12 May 2012, retrieved 30 January 2020^
  5. Alan Henry. Dashlane Adds Two-Factor Authentication, a New Interface, and More Lifehacker, May 28, 2013, retrieved June 23, 2018^
  6. David Pogue. Remember All Those Passwords? No Need The New York Times, June 5, 2013, retrieved July 16, 2014^
  7. Sean Captain. Dashlane Manages Passwords and Eases Online Shopping NBC News, July 16, 2012, retrieved June 23, 2018^
  8. David Zax. Dashlane, The Mobile Future, and Mega-Passwords Fast Company, July 2, 2012, retrieved June 23, 2018^
  9. Sarah Perez. Dashlane's Password Management Service Now Alerts Users When Their Accounts May Be Hacked TechCrunch, September 11, 2012, retrieved June 23, 2018^
  10. Angela Moscaritolo. Dashlane Password Manager Adds VPN, Dark Web Monitoring PCMag, 27 July 2018, retrieved 30 January 2020^
  11. Android apps Dashlane, 4 February 2023, retrieved 4 February 2023^
  12. Apple apps Dashlane, 4 February 2023, retrieved 4 February 2023^
  13. Stiftung Warentest testet Passwort-Manager: Vier empfehlenswert DER STANDARD, retrieved 2025-11-22^
  14. Andrés Fábrega, Armin Namavari, Rachit Agarwal, Ben Nassi, Thomas Ristenpart. Exploiting Leakage in Password Managers via Injection Attacks 2024^
  15. Adryana Hutchinson, Collins W. Munyendo, Adam J Aviv, Peter Mayer. Extended Abstracts of the CHI Conference on Human Factors in Computing Systems Association for Computing Machinery, 2024-05-11^
  16. Multiple top password managers vulnerable to password stealing clickjacking attacks - here's what we know TechRadar, 2025-08-22, retrieved 2025-11-09^
  17. Marek Tóth. DOM-based Extension Clickjacking: Your Password Manager Data at Risk marektoth.com, 2025-08-09, retrieved 2025-11-09^