Dashlane helps you ditch your master password for good

Android Police

By Karandeep Singh

Published May 4, 2023

But Dashlane’s substitute solution isn’t the more secure passkeys

Passwords are the bane of our modern internet life — you must set one up for each service you use, remember them, and they’re prone to phishing and leaks, too. While passkeys are slowly bringing some respite, with Google being the latest to jump on the bandwagon, we still can’t seem to ditch the master passwords for our password managers. Dashlane wants to change that by bringing a passwordless login solution to its own password manager, but its alternate login method isn’t a passkey.

Dashlane already supports passkeys with its browser extension (and is soon bringing them to Android 14), though just for the passwords you store within Dashlane. For logging into the Dashlane app, the company is using a different, proprietary method that is touted to be an easy authentication process, unlike those lengthy and hard-to-remember master passwords.

When signing up for Dashlane for the first time, you will have the option to skip the master password and set up a PIN instead. You can optionally use your phone’s biometric security check — fingerprint or facial recognition — as well to make sign-ins even faster. The PIN is linked to the phone it was set up on, allowing you to authenticate your Dashlane account logins on other devices simply by scanning a QR code from your phone. For instances where you can’t access your phone or have forgotten your PIN, Dashlane plans to offer a single-use recovery key for account retrieval.

In a statement to The Verge, Dashlane said it intentionally avoided using passkeys for its own app login setup. That’s because passkeys aren’t “ready” just yet and are usually tied to the platform you create them on, like Google’s and Apple’s own password management systems for Android and iOS.

This is why Dashlane opted to develop its custom passwordless login mechanism that it intends to make open source (at least some parts of it) to improve its security and privacy. But the company is still open to using passkeys down the line when there is better cross-platform support.

Using biometric and trusted device authentication is indeed much more secure than passwords that can be easily compromised. However, a four-digit PIN itself is far less secure than a reasonably strong master password, as it is easier to crack and susceptible to shoulder surfing, which could be a major privacy and security issue like it recently was for Apple iPhones.

Dashlane will roll out its password-less login method sometime later this year, and even existing users will be allowed to switch to the new login option. In case you aren’t quite convinced by Dashlane’s decision to use a combination of PIN and biometric authentication, there are plenty of trusted password managers that you can move to.