One of the downsides with most password managers is that you have to protect your account with a master password. And if that password is weak or simple, your account logins are more vulnerable. Now a new initiative from Dashlane aims to avoid the pitfalls of master passwords by giving you other ways to authenticate your account.
Due to be released over the next few months, Dashlane's passwordless login technology will enable you to skip the master password and instead set up your account access with a four-digit numeric PIN and then supplement that with facial or fingerprint recognition.
After you enable your preferred authentication method, the necessary encryption keys will be securely transferred from your device to Dashlane, allowing you to use the same method to log into your account from any location or device.
Though most of the major password managers let you set up a PIN or biometric authentication, you typically still have to concoct a master password and then enter it from time to time. The more complex that password, the more difficult it may be to remember and type. But the simpler it is, the more susceptible it becomes to hacking or other types of compromise. Accessing your account with a facial or fingerprint scan is not only easier and quicker but is considered more secure than a password.
By first setting up your account with passwordless logins on one device, you can then access it on another device. Here, the technology will be designed to handle a couple of scenarios, according to Dashlane chief product officer Donald Hasson.
If you first set up Dashlane on a Windows PC or Mac and opt for the passwordless login, you can validate your access on an iPhone, iPad, or Android device by scanning a QR code displayed on your computer. If you first set up Dashlane on a mobile device and then wish to access it on a computer, the company will offer a universal device transfer process that prompts you for validation.
What happens if you lose the mobile device that you use to authenticate your Dashlane account? To address this pitfall, Dashlane will introduce a mechanism to help users recover their data if they lose their device. For people who still use a master password, an account recovery key will also be available to let them gain access to their account.
The public beta of the passwordless logins will initially support iOS/iPadOS and Android users creating a Dashlane account, Hasson said. On the PC end, it will work with the Dashlane Mac Catalyst app and browser extensions via Touch ID and with Windows computers via Windows Hello biometric security. In this regard, the technology itself will leverage the WebAuthn standard in the browser and the authentication capabilities built into the operating system.
The tech industry has been trying to move more quickly and aggressively toward a passwordless future by developing other forms of authentication. One such method starting to take hold is the passkey, a technology spearheaded by the FIDO Alliance. Last week, Google rolled out support for passkeys as an alternative method for users to sign into any of their Google accounts.
However, the passwordless login process being introduced by Dashlane uses a process that's separate and distinct from passkeys. (The company does already support passkey management across its various platforms.) To set up the new passwordless login system, Hasson said, Dashlane wanted a more agnostic solution than passkeys.
One drawback is that the device-specific PIN used to set up your account is limited to four numeric digits, which could be as susceptible to compromise as a simple master password. In the future, Dashlane may consider other options for securing the account without a master password, Hasson said. But for now, the PIN will be the default authentication method backed by biometrics on devices that support facial or fingerprint recognition.
In the coming months, new Dashlane users will be able to set up an account on their mobile device without a password, Hasson added. Later in the year, the company will offer existing users the ability to convert to a passwordless login. Down the road, however, Hasson said that Dashlane sees a future where users will be able to access their accounts without a master password by choosing multiple methods, including PIN, biometrics, other logged-in devices, and passkeys.