Dashlane

  1. Home
  2. Wiki
Dashlane
DevelopersDashlane, Inc.
Initial releaseMay 23, 2012; 13 years ago (2012-05-23)
Repositorygithub.com/Dashlane
Written inKotlin (Android)
Swift (iOS)
Operating systemmacOS, Windows, iOS, Android
Available in12 languages
TypePassword manager, digital wallet
LicenseProprietary software
Websitewww.dashlane.com

Dashlane is a subscription-based password manager and digital wallet application available on macOS, Windows, iOS and Android, founded in Paris.[1] Dashlane uses a subscription business model option.[2][3]

Overview

[edit]

Dashlane was founded in Paris on July 6, 2009, releasing their first software on May 23, 2012, that first included a password manager (encrypted using AES-256),[4] which was walled behind a single master password. Over time, more features were introduced to the product such as:

Source code

[edit]

The source code for the Android and the iOS app is available under the Creative Commons NonCommercial license 4.0.[11][12]

Reception

[edit]

In 2017, Stiftung Warentest evaluated nine paid password managers and rated Dashlane Premium as one of four recommended products.[13]

Security Criticism

[edit]

2024 Leakage via Injection Attacks

[edit]

A 2024 study by Fábrega et al. demonstrated that many popular password managers are vulnerable to injection attacks. Dashlane was affected due to its handling of application-wide security metrics, allowing an attacker to inject crafted shared entries and observe externally logged data (such as duplicate-password counts) to determine whether their injected values matched passwords stored in a victim’s vault.[14]

2024 Evaluation of Password Checkup Tools

[edit]

A 2024 study by Hutchinson et al. examined the “password checkup” features of 14 password managers, including Dashlane, using weak, breached, and randomly generated passwords. The authors found that the evaluated products reported weak and compromised passwords inconsistently and sometimes incompletely. No manager successfully flagged all known breached passwords. The study concludes that such inconsistencies may give users a false sense of security.[15]

2025 DOM-based Extension Clickjacking

[edit]

Security researcher Marek Tóth presented a vulnerability in browser extensions of several password managers (including Dashlane) at DEF CON 33 on August 9, 2025. In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click.[16] The affected password manager vendors were notified in April 2025. According to Tóth, Dashlane version 6.2531.1 (August 1, 2025) addressed the issue.[17]

See also

[edit]

References

[edit]
  1. ^ "Top 10 Best Password Managers [NEW 2023 Rankings]". Software Testing Help. Retrieved 2022-12-15.
  2. ^ "Compare Dashlane plans". Dashlane Support. Archived from the original on 2025-08-27. Retrieved 2025-08-31.
  3. ^ Dashlane (2025-08-05). "The Dashlane Free Plan Is Ending Soon". Dashlane. Retrieved 2025-08-31.
  4. ^ Popper, Ben (12 May 2012). "Dashlane takes on 1Password and LastPass for the web keychain crown". The Verge. Retrieved 30 January 2020.
  5. ^ Henry, Alan (May 28, 2013). "Dashlane Adds Two-Factor Authentication, a New Interface, and More". Lifehacker. Archived from the original on June 22, 2018. Retrieved June 23, 2018.
  6. ^ Pogue, David (June 5, 2013). "Remember All Those Passwords? No Need". The New York Times. Archived from the original on July 26, 2014. Retrieved July 16, 2014.
  7. ^ Captain, Sean (July 16, 2012). "Dashlane Manages Passwords and Eases Online Shopping". NBC News. Archived from the original on March 4, 2016. Retrieved June 23, 2018.
  8. ^ Zax, David (July 2, 2012). "Dashlane, The Mobile Future, and Mega-Passwords". Fast Company. Archived from the original on June 24, 2018. Retrieved June 23, 2018.
  9. ^ Perez, Sarah (September 11, 2012). "Dashlane's Password Management Service Now Alerts Users When Their Accounts May Be Hacked". TechCrunch. Archived from the original on June 24, 2018. Retrieved June 23, 2018.
  10. ^ Moscaritolo, Angela (27 July 2018). "Dashlane Password Manager Adds VPN, Dark Web Monitoring". PCMag. Retrieved 30 January 2020.
  11. ^ "Android apps". Dashlane. 4 February 2023. Retrieved 4 February 2023.
  12. ^ "Apple apps". Dashlane. 4 February 2023. Retrieved 4 February 2023.
  13. ^ "Stiftung Warentest testet Passwort-Manager: Vier empfehlenswert". DER STANDARD (in Austrian German). Retrieved 2025-11-22.
  14. ^ "Exploiting Leakage in Password Managers via Injection Attacks". arxiv.org. Retrieved 2025-11-22.
  15. ^ Hutchinson, Adryana; Munyendo, Collins W.; Aviv, Adam J; Mayer, Peter (2024-05-11). "An Analysis of Password Managers' Password Checkup Tools". Extended Abstracts of the CHI Conference on Human Factors in Computing Systems. CHI EA '24. New York, NY, USA: Association for Computing Machinery: 1–7. doi:10.1145/3613905.3650741. ISBN 979-8-4007-0331-7.
  16. ^ published, Benedict Collins (2025-08-22). "Multiple top password managers vulnerable to password stealing clickjacking attacks - here's what we know". TechRadar. Retrieved 2025-11-09.
  17. ^ Tóth, Marek (2025-08-09). "DOM-based Extension Clickjacking: Your Password Manager Data at Risk". marektoth.com. Retrieved 2025-11-09.
[edit]