This week, a report published by security researchers from the Fraunhofer Institute for Secure Information Technology outlined some security issues in nine password managers for Android devices.
Vulnerabilities were submitted to our Security team last September. After a thorough evaluation, all vulnerabilities were determined to be of limited impact because they did not allow an attack at scale and did not represent an immediate threat to our users. These vulnerabilities were however immediately fixed in an October 2016 release to all our users.
Every day, our Security Team evaluates emerging cyber threats that could affect our company, our product, our reputation, and our users. In the case of the Android vulnerabilities, the risks were limited, unlikely to be exploited and fixed by our engineers right away. Our investigation has shown no evidence that anyone was compromised as a result of these vulnerabilities in any way, which aligns with our initial risk assessment.
We are known for advancing security standards and practices to protect our users’ data, as shown in our open-source Open YOLO partnership with Google, support for the FIDO Alliance’s Universal Second Factor (U2F) authentication standard, and support for Intel’s hardware-based password protection technology. And, thanks to the work of our Security and Engineering teams, Dashlane has never experienced a critical threat that compromised the security or privacy of our users’ stored data.
Dashlane uses security researchers just like the publishers of this report to continually test our product for potential bugs and vulnerabilities. Their reports and the actions that result from them are instrumental to our success and the success of the entire security industry and not something that should be used to alarm consumers.
In recent months, we’ve seen more and more journalists and security experts praise the use of password managers in various publications, like Forbes, InfoWorld, and PCMagazine and their work has done much to help inform and protect people from cyber crimes. Password managers, like Dashlane, remain the best tools to help users protect their digital identity effectively by strengthening their passwords and helping them practice safer habits online with greater ease. With journalists’ and security experts’ support, we’ll continue to educate consumers and businesses on the importance of secure identity and password management.
Learn more about how Dashlane protects users’ data and how we were awarded the industry’s only US Patent for our security architecture. If you want to learn more about why password managers are the best way to keep online accounts secure, check out the video below from Vox.