No Shortcuts: Why a Culture of Security is So Important

People have always been great at finding shortcuts: clever solutions to problems that save us time and energy. The internet is full of them—Waze for driving, Slack for collaboration, and Google for finding information. And many do it with their passwords as well—making them simple so they can remember them, using them over and over, and sharing them openly.

But when it comes to passwords and cybersecurity in general, shortcuts are what create vulnerabilities that bad actors can exploit. The purpose of a password manager is to address this problem. Dashlane provides smart, time-saving solutions to manage your passwords without taking shortcuts. 

As a security provider, cutting corners is not a best practice. It can be cumbersome and expensive to take extra steps and add layers of protection. But at Dashlane, we remind ourselves daily that customers rely on us to be as secure as possible, which is why we commit to a strong culture of security and encourage our customers to do the same. Here are some of the ways we have ingrained the industry’s strictest standards and review processes into our order of operations:

• Vigilance in our monitoring. We constantly monitor and manage the security posture of our servers. The threat landscape is always evolving, and it’s our job to keep up with it. So far, that’s kept us from ever being breached, but that doesn’t mean we will ever stop being vigilant.
• Wall-to-wall encryption. We encrypt all of our customer’s data, not just passwords. This includes, but is not limited to, website domains, URLs, Secure Notes, payment information, and login and account information. These should always be encrypted and protected. 
• Genuine zero-knowledge architecture. Dashlane uses zero-knowledge architecture, which means we never trust any server, code, or user it interacts with, including Dashlane’s servers. We always assume that our servers could become the next target of a cybercriminal, and so our architectural choices must ensure that such an event, however unlikely it may be, does not break our security model. Zero-knowledge architecture also means we never see your data. 
• Enforcing security by default. We utilize ARGON2, the most powerful and up-to-date cryptography advancements, and we automatically update our users’ vaults with these improvements. 
• Going beyond certifications. We employ security best practices such as the principle of least privilege and enforcing MFA and standards such as PCI-DSS and SOC 2, but we don’t stop there. Compliance status doesn’t ensure total security, so we don’t rest on our auditors telling us we’re protected. 
• Testing with ethical hacking. We run a security bug bounty program to ensure security researchers can find vulnerabilities and help us fix them before bad actors do. 

Security is never complete

We know passwords are an imperfect solution to authentication,  which is why we became the first password manager to offer passkey support. We are also exploring technologies to make integrations with single sign-on (SSO) systems both simpler and more secure and have been named an SSO leader in our space. 

Technology changes fast, and staying on top of the latest security methods will always be an ongoing effort at Dashlane. We will continue to enhance our security based on the latest information. We keep our systems and data safe in order to keep our customers’ data safe. 

— JD Sherman, CEO