As I mentioned in my recent review and how to for the KeePass password manager, everyone who uses passwords online needs to ensure that they use a different one for every site they visit.
Of course, as the number of passwords you need to remember increases, so does the temptation to reuse them, or make them easy to remember.
Neither of those two options is great of course and that’s where a password manager comes in, allowing you to create complex passwords for all of your online accounts while only having to remember one master password.
One option for doing just that is Dashlane which comes in two different versions – one that’s free, and one (the Premium version) that isn’t.
It’s the free version we’ll be looking at here.
The fact that Dashlane is a paid-for password manager that also offers a lighter, free version, gives it one immediately noticeable advantage over open source alternatives – its interface. To say its easier to install, understand and use than some other free password managers would be something of an understatement.
There’s also another bonus to be derived from using a product which is much slicker than than some of the competition – it has a much wider range of compatibility, both in terms of the operating system it can be used with (Windows, OS X, iOS and Android) to browser integration (Chrome, Safari, Firefox and that Microsoft one no-one ever uses).
That means almost anyone can pick this program up and use it to save their passwords across all of their machines and between browsers – how handy is that?
Security and Privacy
It goes without saying that the key things you will want to know about Dashlane is how secure it is and whether it respects your privacy.
And the answers to those questions are, unfortunately, not entirely what you may want to hear.
In terms of security I assume all is good – not being an open source program carries many advantages but it also means it’s impossible to review the code to check all bases have covered.
Dashlane says it employs strong AES-256 encryption, using a cryptographic key it stores in RAM in order to provide easy access. This key is generated from your Master Password using the OpenSSL PKCS5_PBKDF2_HMAC_SHA1 hash function, which is then salted using 10,000 iterations.
The fact that your Master Password is not stored on Dashlane servers is a problem if you forget it, but otherwise a very secure practice as it means it can never fall victim to a breach at the company’s end.
Communication between the application and the company’s servers takes place via HTTPS which, again, is a good sign.
In operation, Dashlane is very good at capturing passwords, automatically logging you into saved sites and filling in web forms though, with the latter, my experience has taught me that there always seems to be at least one field it will struggle with, often for reasons that are not apparent.
The ability to add an emergency contact who can gain access to your passwords could be handy should you become incapacitated – or worse – but you will of course need to ensure that you grant that privilege to someone you trust completely.
The fact that Dashlane emails out warning whenever a new device attempts to connect with your account is also a good feature to have.
The offending text says:
« We collect technical and usage data to analyze how our product performs for you, and for us to improve the quality of Dashlane. This data is is (sic) completely anonymized except for gender, birth year and zip code, and cannot IN ANY WAY be linked to your individual personal information – not even the email address you registered with us. »
At first glance you may not think that is a big deal – data collection is anonymous – but look again: the company collects your gender, year of birth and postal code. With even that limited amount of information, determining your identity is not particularly hard for anyone with time – or computing power – at their disposal.
Much better, I would have thought, to make such data collection an option the product’s users could either opt into or out of.
On the whole, Dashlane is a good quality password manager.
It’s easy to install and even easier to use. This program is definitely a good choice for anyone who may feel scared off by the apparent complexity of open source alternatives.
It does have a few negative points though, especially in terms of its data collecting habits.
- Great, easy to use interface
- Has all the features you would expect to see in a password manager and the Security Dashboard is especially useful
- Employs strong encryption
- Can be installed and used across a variety of operating systems and browsers
- Image-packed online Help section is genuinely useful
- The ability to add an emergency contact could be a very useful feature for some people
- Non-storage of Master Password is good from a security standpoint
What’s not so hot
- Email support, while good, is not particularly quick
Overall, though, Dashlane is a good quality password manager. In fact, it was the first one I ever used myself and I stuck with it for several years until I deliberately chose to check out the competition merely for the sake of it.
Its ease of use will appeal to a very wide audience indeed and I cannot think of any ability level that would struggle to install and then use it.
Whether you should stick with the free version, as reviewed here, or plump for the $39.99 per year paid version is a tricky question to answer.
Handing over your cash doesn’t buy you a whole load more features but it does allow the same account to be used on more than one device. If you are a single desktop user the free version will probably do you. If you a real tech geek like me, with machines all over your house, not to mention multiple mobile devices, you may need to open your wallet to benefit fully from Dashlane’s features.