Skip to main content

Dashlane Review: Solid, Web-Based Password Management

Works well enough but the UI can be confusing.

Dashlane
(Image: © Shutterstock)

Tom's Hardware Verdict

Dashlane offers the features one would expect from a password manager, along with bonuses such as a VPN service and dark web monitoring, but the ho-hum design and lack of consistency may frustrate people who expect more from subscription-based software.

Pros

  • +

    + Bundled VPN service, dark web monitoring, and other extras

  • +

    + Solid Family plan

  • +

    + Can automatically update passwords on certain sites

Cons

  • -

    - No desktop apps

  • -

    - Some features are restricted based on platform

  • -

    - Prompts to save data can be easy to miss

  • -

    - Settings can be difficult to navigate and aren’t consistent across platforms

Dashlane takes a different approach to password management than many of its competitors. Instead of relying on native apps that mostly store passwords on-device (although many password managers offer some kind of cloud-based syncing) the service mostly depends on the browser. Its main interface is a web app, and when it comes time to save new information, the primary method of ingress is a browser extension that offers to add new logins and other data.

The service also offers three distinct membership tiers: Free, Premium, and Family. Most individuals will use the Premium tier, which costs $6.50 per month ($60/year), since the Family plan is meant to be used with up to five other people with whom you want to share passwords. But some folks might be able to get by with naught but the Free tier, at least at first. Then it’s up to them whether or not they want to pay for additional Premium features.

Dashlane: Costs and What’s Covered

The main difference between the Free and Premium tiers is the amount of data Dashlane is willing to store: Free users are restricted to 50 logins, five of which can be shared with other users, that are accessible from a single device. This option probably won’t appeal to anyone with more than one device or many accounts to manage, but anyone who can live with these restrictions can use Dashlane for free. 

Premium membership removes the limits on login items, shareable logins, and devices that can be used with Dashlane. It also includes access to features such as Dark Web Monitoring, which offers “an alert if personal info associated with your email is found on the dark web,” as well as the Hotspot Shield virtual private network (VPN) service. Premium users also get 1GB of encrypted storage space and access to Secure Notes for storing non-password text.

The Family plan costs $7.49 per month ($90/year) and offers the same features as the Premium plan for up to six people. This is a good deal if you can find even one other person to share a Family plan, because it’s only $1/month more than the Premium plan. However, Dashlane’s Premium options are more expensive than several other password managers on the market, such as LastPass ($36/year individual, $48/year family) and Keeper ($35/year individual, $75/year family).

Premium and Family offer access to Dashlane’s web app, browser extensions, and mobile apps. Data is synced between devices using Dashlane’s cloud service; there doesn’t appear to be an option to save information locally or sync it across devices by other means. We reviewed Dashlane Premium using Firefox on Windows 11 as well as an iPhone SE (2020).

Dashlane: Setup and Desktop Use

Signing up for Dashlane is slightly odd. The service asks for an email address, requires you to enter it a second time if you don’t already have a Dashlane account, then prompts you to install a browser extension. Only after I installed the extension was I prompted to create a “master password” that’s used in conjunction with one-time passwords sent to my email address to access my account. Normally I would expect to be prompted to set a password right away.

Getting started on iOS was similarly odd. After entering my email address, Dashlane sent a one-time password used to add the device to my account. I couldn’t access the information I’d saved to the password manager, however, until I entered the master password. It seems strange to pair a device with the account before a master password has been provided, but perhaps that’s supposed to make it easier for people to tell when someone’s trying to access their accounts.

After everything is up and running, Dashlane prompts you to save your first password. It doesn’t ask you to add the password manually; however, it requires you to visit the website in question and then enter your account information so the extension can offer to save it. This was a somewhat vexing process because I was already signed in to all of the services (Netflix, Twitter, Amazon, etc.) that Dashlane expects people to add first. That meant I needed to visit the site, sign out, enter my account details, and then wait for Dashlane to ask to save the information.

It’s possible to import passwords from other tools, but Dashlane doesn’t make this obvious during the account creation process, and I didn’t find the exact steps until I searched online. (For reference: You have to open the web app, click “My account” at the top, select “Settings,” and then click “Import passwords.”) Being able to import passwords can save time on this process, but it’s odd that Dashlane makes it so frustrating to find in the first place.

Dashlane also prompts you to add personal information—name, birth date, and potentially their phone number—so it can be saved as well. After this is done, any time Dashlane’s browser extension detects that you’re signing into a service with credentials that haven’t been saved yet, it asks you if you’d like to save that information. This is similar to how other password managers prompt users to save their login information, and works about as well as expected.

Once you have saved information to Dashlane, the browser extension will automatically offer to fill in the stored credentials when you visit the relevant website by way of a dropdown window. The personal information can also be supplied to relevant forms (such as those used by online storefronts, government websites, etc.) on demand. The email address used to create the Dashlane account can be auto-filled when creating new accounts, too, which is a nice touch.

When it’s not offering to store login details, the Dashlane browser extension can be used to access saved credentials, manage auto-fill settings, or generate new passwords. That last page includes controls for the length of the password and if it should use letters, numbers, symbols, and similar characters (such as a capital “I” and lowercase “l” or “1”) in the generated password. Those same controls are offered when generating a password using the dropdown window.

I did encounter some issues with Dashlane’s ability to collect data, however, including when I created a new Reddit account to test some of its features. After clicking “Use generated password” in the dropdown window, I expected to find the credentials for that Reddit account in Dashlane. That wasn’t the case. The generated password was available in the “Password history” page, but the username I’d created wasn’t saved alongside the password. There isn’t a way to create a login item from the password history without copying and pasting, either.

Accessing the Automatic Password Changer feature was also slightly obtuse. Rather than being able to use the feature straight from a given login item, it’s buried within the “Password Health” section of the app, and must be enabled for specific accounts. The password change itself is a nifty feature that updates the password for the account in question and saves the new credentials without requiring additional prompting, though. It’s a neat trick, even though it’s restricted to specific accounts (presumably because of Dashlane’s partnerships).

Unfortunately the Dashlane browser extension appears to lack any knowledge of Secure Notes, so if you’re hoping to use that feature to jot down information, you’re out of luck. Secure Notes can only be accessed via the web app or mobile applications, and encrypted files attached to Secure Notes can only be added via the iOS or Android apps, period. It’s hard not to take this to mean that Dashlane considers Secure Notes a distraction from its service’s main purpose.

Dashlane: Mobile Use

Dashlane’s iOS app is not particularly impressive. It features five pages: Home, Notifications, Generator, Tools, and Settings.

Home is where you can find your login information and Secure Notes. Items are sorted alphabetically, and there doesn’t appear to be another way to sort them, which is a shame. Fortunately there is a search function, and the ability to look specifically at Passwords or Secure Notes, so the limited sorting options aren’t too much of a problem. (Again, mobile is the only place to attach encrypted files to Secure Notes for some reason.)

Notifications offers a Getting Started tour, messages about new features, and other information. Generator does what it says on the tin: Offers a way to generate passwords of specific lengths with the same composition settings that are available via the web app. Tools provides access to the Password Health page, Dark Web Monitoring, VPN, Password Changer, New Device Connector, and Sharing, all of which have their own dedicated sub-pages. It’s not clear why Password Changer is separate from Password Health on mobile but not on the web.

Settings provides access to Security-specific controls such as using Touch ID, Face ID, and/or a passcode; determining how long Dashlane should remain unlocked and if it should lock when it’s closed; and used to enable or disable Master Password reset (which does what you’d expect) or view the devices with access to the signed in account. It also offers control over the clipboard, integration with system features such as Spotlight or the Today view, and the ability to have one-time passwords replace whatever else was in the device’s clipboard as they come in.

Dashlane: Security

Dashlane says it encrypts data stored on its servers to prevent anyone from compromising login details or Secure Notes. “If a hacker gained access to our servers despite all our security measures,” the company says, “any user data they would find there is encrypted with uniquely salted keys based on their Master Password. [...] And of course, only you know your Master Password. It is never stored on our servers, so it cannot be stolen from there.”

The service offers three key derivation methods: Argon2D, PBKDF2 200,000 and PBKDF2 10,204. (The last one is limited to older versions of the product, Dashlane says.) The company recommends using Argon2D, but offers PBKDF2 for organizations whose credentials need to meet NIST guidelines. The key derivation function can be changed by visiting My account > Settings > Security settings > Key derivation function on desktop; it can’t be changed on mobile.

Dashlane cannot reset master passwords, so users are encouraged to choose secure-but-memorable passwords or to write them down somewhere. Master passwords can be changed on mobile, however, if that setting is enabled. Either way the company says that employees are unable to access information stored on its servers because it’s encrypted.

Bottom line

Dashlane is a fine password manager that offers the core functionality—letting people store their passwords and generate new ones—we’d expect from this category. The ability to monitor password health and change some passwords from directly within the app is welcome, and perhaps some users will find value in having access to Hotspot Shield’s VPN service, too.

The lack of a native desktop app can be frustrating, however, especially for people who’d like to access their passwords when their device is offline. (Which can be useful if you’re signing in on someone else’s computer, for example.) The app’s design is also quite bland. That’s fine. A password manager doesn’t need to be the most attractive app on the market, but it does seem like a project that was quickly slapped together rather than a professional effort.

The inability to attach files to Secure Notes from the desktop is also frustrating, and Dashlane clearly has a discoverability problem, whether it’s with importing credentials from other password managers or letting people access features like Automatic Password Changer. It’s also telling that we missed—or were never shown—the prompt for saving new credentials when we were testing Dashlane’s password generator. That’s a pretty big problem for a password manager.

All of the necessary features are here, though, and the ability to share passwords with other Dashlane users could prove useful. For anyone willing to be restricted to web and mobile apps, Dashlane is an okay choice that will get the job done, but it’s not a standout password manager.

Nathaniel Mott
Nathaniel Mott

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • Silicon Mage
    Dashlane lost my support when they killed off the Desktop App and forced me to move to the Web Client and then removed support for hardware keys.
    Not supporting hardware 2FA is just?????????
    Reply