Dashlane's Free Automatic Password Changer - Comments Page 1

How does Dashlane rank for ease of use? I tried LastPass for a few weeks but found it way too complicated and gave up. If I have to spend several hours learning how to use a password manager, I simply won't.

I am concerned about the safety of putting all my "stuff" in Dashlane's vault. Could Dashlane be hacked with disastrous results?

EDITOR'S NOTE: Dashlane uses AES-256 encryption (the world's leading standard), with 10,000+ rounds of PBKDF2 salt. Open source, yet remains uncracked. Widely-accepted as the strongest encryption there is. The key that encrypts your data is derived from your Master Password. There is by default NO RECORD of them anywhere in the universe and never transmitted on the web.You can choose to have your private, encrypted data never leave your device. Or, seamlessly sync your data (AES-256 encrypted, of course).

Bob, I went to the link and saw Free vs. Premium at $39.95. Did I miss something?

EDITOR'S NOTE: Sorry, that was the old price. Updated now.

I just checked Dashlane's site and it now costs $39.95 a year, but I think I will give it a try. This is a good article and I'm probably not the only one that needed reminding about password security.

EDITOR'S NOTE: Thanks, I've already updated the article. That $20 was the old price, which you correctly noted has gone up to $39.95

I believe the important area to protect is my online banking and this is where my alphanumeric passwords are more complex. I have a different password for each requirement and, because of the method I use, have no difficulty in making changes. Consequently I'm averse to paying for the service and also detect a complexity which I don't want to mess with.

Dashlane sounds good, but I still have some concerns:

1. All of my keys are now under the control of the Dashlane program. If anything were to happen to it, my keys would be unavailable until the problem was fixed (if it could be fixed). I feel better knowing my actual keys (even if that means they can't be as long and random) than only knowing the key to a vault.

2. Everything is now dependent on my remembering (or recording) the key to the vault. That makes it a single-point failure.

3. What happens if I am incapacitated or die? I still need to make sure that trusted family members or friends can get access to my vault.

In fairness, the above objections are generalized ones for all password protection. I already use my own private vault (an encrypted file which stores my various passwords and other crucial financial data) which I can consult when my memory fails me. And family members know where and how to access it if necessary.

The problem with all locks is that you want them to be perfectly secure against intruders, but not so perfectly secure that you (or an heir) couldn't pick your own lock if you had to. That tension will always exist.

As far as the strength of a password is concerned, I'm attracted to the Haystack Theory (grc.com/haystack.htm) of using simple, easy to remember passwords with lots of padding.

Sounds like a great tool. Would the free version give an indication of how good the paid version is? I'm temporarily unemployed.

Is there a program that would store your master password for that program and change it every 30 days according to the security advice automatically?

Also if that program is so safe and is virtually impossible to break, what happens if you just forget your current master password for all your stored and automatically generated passwords? I bet there is a reason for old proverb to not keeping all eggs in one basket. So do the math and predict your future with this program.

I have been a faithful Dashlane user for quite some time now, and I have been amazed at its simplicity. The user interface is very intuitive, and I am convinced that it is every bit as safe to use and secure as it claims to be. I have not had any issues at all with any bugs or with anything that has adversely affected the computer.

I also have a Windows Phone, and from a Dashlane standpoint, that's one thing where one can say "there ISN'T an app for that." Therefore I opted not to pay for basically only a synch'ing feature. I am also impressed with the new password changer (actually just with its existence since I've yet to use it). I am anxious to put it through its paces and see it do what it's supposed to do, especially given that the Security Dashboard has been yelling at me daily (not really) for having weak and/or overused passwords.

Wish I could trust a password company to keep my information a secret. But I do not.

EDITOR'S NOTE: Good news! You don't have to trust them. You have the option to store all the data on your local computer, or in encrypted form on their server. In the latter case, only you would have the encryption key.

I don't always understand everything I know about computers. If I set up Dashlane and they have a power outage or terrorist attach, does this mean I wouldn't be able to open up any of my online accounts, unless I have a printed copy of all the passwords stashed somewhere?

EDITOR'S NOTE: No, you'd have a local (encrypted) copy of the passwords.

I certainly think this is a very important security tool but the double the price to 40$ per year is too much. What does your volunteer donation refer to? Other good tools are available at no or at least a reasonable cost.
I enjoy your publications.

Hi Bob. I just wanted to mention KeePass as well. It is a free password manager that I've been using since the Heartbleed epidemic and I'm very happy with it. It also recognizes the website and automatically logs in with one keystroke, which I really like.

It doesn't have the change password feature you've mentioned in this article. I'd like that feature, but the passwords I'm most worried about are for financial websites (banks, credit cards, etc.) and none of those are included on the list of 75 that Dashboard works with.

I don't use two factor authentication with it but apparently there is a plug-in you can get to provide that functionality.

I just found this article and am wondering about setting up the system suggested in it. https://joscor.com/2014/10/tutorial-using-keepass-two-factor-authentication/ Do you have any thoughts? (Feel free to not include this last paragraph when you post to your page.)

Thanks Bob, for this valuable information. I'll check this site out. However, I do have a question. Do you know of any other free sites that do the same thing?

I have also been using RoboForm for many years and like it very much; however, I have noticed lately more sites are not accepting sign-ins directly from RoboForm I am having to manually enter name and password on more and more sites.

Dashlane sounds like a good program, but not at $40 a year when LastPass can be had for $12. I too have been using RoboForm for several years. I mostly use LP and probably will drop RF to keep my life simple. LP also has 2-Factor Authentication and can also be used with a Yubikey which is really nice.

Didn't you once explain how you don't NEED to change passwords frequently? - if you have a good one to begin with...

EDITOR'S NOTE: ...and there's a breach that reveals your password to Evil Hackers... then YES, you need to change it.

Didn't you once explain how you don't NEED to change passwords frequently? - if you have a good one to begin with ..

i am thinking what happens if somebody steel may master password, change and let me out. that happen to me few days ago. a hacker change all my passwords and let me out. I try to contact google, but they don't have costumer service to help you. so i lost all my contacts, my email, everything. terrible.

What if one has several different email accounts with one company (eg. several gmail accounts). Does Dashlane differentiate between them? I've had problems with a different password generator on this topic.

EDITOR'S NOTE: I would certainly hope so -- they have unique usernames. If not, it would be a flaw in the software.