What I Use: Dashlane (Premium)

In January, I expressed my frustration with the sad state of the passwordless experiences in Bitwarden and 1Password, two of the top-rated standalone password managers. As I noted a few weeks back, security is a rabbit hole from which there is no beginning, no end, and no escape, a topic that can easily consume you because there’s so much to learn, and getting it wrong can have disastrous consequences.

But after speaking to two security experts—both of whom verified my experiences and shared my frustrations, I stepped back and reevaluated what it was I was trying to achieve. And what it came down to was something I think of as an “online account security checklist,” something that would be not just helpful and accurate, but also understandable to the mainstream users who are most at risk by ignoring or improperly configuring the security of their accounts.

I’m still working through the checklist, which is complicated in part because our online accounts evolve to support new security technologies all the time, and they do so in haphazard, unpredictable ways. For example, part of the impetus for my recent security push was the more formal support in Windows 11 version 23H2 for passkeys, the most recent and promising way for us to secure our online accounts. But this technology is so poorly and inconsistently implemented when it’s used at all that it’s only introduced an additional layer of complexity. And on the other end of the spectrum, the airline JetBlue emailed its customers less than a week ago to tell them that it finally supports the most basic forms of two-step authentication, a basic (and baseline) account protection. This is something it should have implemented several years ago, given how much personal and financial information the company stores for its customers. That’s just irresponsible.

But we can’t despair. As I keep pointing out, online account security is too important to ignore, and it’s on us to make sense of this mess. Properly securing online accounts can be both difficult and inconvenient, causing us to give up. So the goal is to somehow bridge that divide, to secure our accounts in a way that provides effective security while still being convenient. And it all starts with the most basic (and maybe most important) of online account security tools, the password manager.

And the advice there is simple enough: Use a password manager. Use only one password manager. Configure all of your desktop web browsers and mobile devices to use only that password manager for autofill. Any password manager is better than no password manager or multiple password managers, even one that’s built into your chosen web browser.

Beyond that, I have some advice you’re free to ignore based on your own needs and wants. For example, I prefer standalone password managers to those built into a browser because they tend to be more portable, meaning that they work across all the platforms I use or may want to use in the future and aren’t locked to a specific ecosystem. And because they tend to offer additional account security features that aren’t available in the browser password managers.

For most of 2023, I was using Bitwarden as my password manager. It meets the criteria noted above in that it is portable and works everywhere, and it offers additional features not found in browser-based password managers. Bitwarden is also open source and free, which is attractive, and while it does offer a premium paid version, it’s incredibly inexpensive.

I was happy with Bitwarden … until I wasn’t. Late last year, I started down the online account security rabbit hole, and without documenting that nightmare yet again, it’s easy enough to summarize: What I was looking for was a passwordless sign-in experience for my password manager. That is, not only did I not want to ever have to remember or type in a master password, as is required by most password managers, I wanted a password manager that didn’t even offer a master password.

Bitwarden is working on that, but the experience is terrible. So is 1Password, though it’s only in beta as I write this and that experience, likewise, is terrible. So is every password manager on earth, I guess. But one of the experts I spoke with as part of my security push recommended a password manager that already implements a passwordless sign-in experience with no master password in a stable (non-prerelease) version of its product. And I began using that password manager exactly one month ago across every single device that I’ve used in that time. And it has worked nearly flawlessly, and is exactly what I’ve been looking for since last December.

That password manager is Dashlane.

The only sticking point is that you have to pay for it. Yes, there’s a free version, but it only supports a single device with no syncing, making it a non-starter. But Dashlane lets you evaluate its password manager with premium features enabled for a lengthy period of time, a full month, and it’s not expensive, especially if you understand the value you receive: Dashlane Premium is $39.99 per year for an individual or $59.88 per year for a Friends & Family plan that supports 10 members. I signed up on January 28 and still have 9 days left before I have to pay, and the only sticking point is which version I pay for, as I’d like to get my wife on Dashlane as well.

Dashlane includes all the expected password manager functionality. In addition to storing and autofilling passwords, it does so for credit cards and other forms of payment, personal information (names, addresses, email, phone numbers, and company and website names), secure notes, and IDs. You can also add logins to collections, which are like folders, for related accounts (travel, work, and so on).

Dashlane Premium supports multiple devices and unlimited passwords, as you would expect of a paid product. It also supports unlimited passkeys, which is interesting: Rather than save each passkey on a particular device, you can save it to Dashlane, making it truly portable because you can now use it on all of your devices. Nice.

I noted that standalone password managers offer additional features that aren’t typically found in the free, web browser-based alternatives. To that end, Dashlane Premium provides secure sharing (of passwords and secure notes), Dark Web monitoring, real-time phishing alerts, and a VPN (though that latter perk is only available to the primary account holder if you choose the Friends & Family plan). There’s also a nice password health dashboard that can help you change at-risk passwords (those that are reused, weak, or compromised).

So far, this should all sound familiar. But what sets Dashlane apart is that new customers like me can use this password manager in a truly passwordless configuration, one without a master password. In fact, you couldn’t add a master password to your account even if you wanted to.

That’s just not good, it’s ideal. A master password is the Achilles Heel that could lead to all of your online accounts being compromised. Master passwords can succumb to phishing attacks or brute force attacks, and they’re easy to forget and mistype. Eliminating them from the experience makes the password manager—and thus all the accounts it stores and protects—more secure. It also makes using it convenient.

Perfect.

To get started, you download the Dashlane app on iPhone or Android and create a new account. Then, you add the Dashlane extension to your PC and/or Mac web browser(s), and instead of typing a master password that doesn’t exist to sign in, you verify your identity with the mobile app. You repeat this process for each device, and it couldn’t be easier.

In fact, the way this works is reminiscent of how the Brave web browser handles cross-device settings sync, and I love it. You just open the Dashlane mobile app, which requires a secure, device-based authentication—your fingerprint, facial recognition, or PIN—to unlock, open the app settings, and tap the “Add new device” option. The app will display a notification about your attempted sign-in so you can verify it’s you. Then it will display a verification challenge. This is the genius bit, really: In your desktop web browser, Dashlane will display a list of five random words. And on your phone, the Dashlane app will display four of those words with the fifth, randomly chosen, left blank. To authorize that PC or Mac, you just have to type the missing word on your phone.

This process takes less than 20 seconds. And it is the epitome of the secure and convenient ideal I keep repeating. It could not be easier.

As noted, I have added Dashlane to dozens of devices (many of which were later reset and re-added over time) in the past month. And I have never had any issues with this ideal passwordless system. It is precisely what I was looking for. It doesn’t require an additional app install on Windows, as Bitwarden does for its own buggy passwordless login system. Instead, it just works.

And what the heck, if you do decide to go this route, pay it forward by using my referral code, and I’ll get six months for free. Or at least evaluate it. I’ll be cleaning up my password health in the meantime.