Dashlane eliminates master passwords


A credential management company has launched a passwordless login, allowing customers to create an account without a master password.

Master passwords are commonly used in password management applications – they grant access to every password and other sensitive information stored in a certain password manager application.

ADVERTISEMENT

Some security experts frown upon this authentication method, calling it “one password to hack them all.”

Dashlane is said to be the first company to completely eliminate master passwords. With its initial release, passwordless login is available only on new personal accounts. The feature will be released for all other customers throughout 2024.

Dashlane users will be able to access their accounts using a device-specific PIN and biometrics, such as their fingerprint or FaceID. Users who aren’t ready to make the change will still be able to create accounts with master passwords.

“Passwordless login reduces the risk of password reuse and phishing attacks since there is no master password to remember (or forget). Dashlane ties the unique vault key created at account setup to the authorized user’s device(s) and protects it with biometrics or the device PIN and an additional layer of underlying security. This mechanism provides a higher level of security compared to the traditional master password or other passwordless solutions that still utilize the password as the foundation of the account,” the company said.