It’s Cybersecurity Awareness Month, so as Dashlane CISO I’m excited to have discussions and answer questions here on Reddit on the current status of cybersecurity and where it’s going, best practices, password management, Dashlane, and anything else.
A little about myself,
I’ve been a security expert, hacker, and consultant for more than two decades. Through the development and maintenance of Dashlane’s security policies, as well as contributing to more than 250 security audits (technical, organizational, etc.), penetration tests, and red teams for many companies, I have strong insight into implementing and managing organization-wide security measures.
I’m accepting questions here in this thread starting today, and the AMA session begins here on Wednesday, October 11th at 11 AM ET.
The product you work on has changed my life. Password managers are useful for more than assuaging security concern. The cognitive load of holding passcodes in one’s mind is immense and insidious. I would probably continue to use dashlane if I learned that dashlanedotcom led directly to my personal vault.
I was recently targeted with LummaC2 Stealer on Google chrome from Malware in one of the extensions and my all passwords were leaked from Google password Manager. Would you please share some information about how Dashlane can still be protected from such attacks?
What are you finding companies are still commonly dropping the ball on, in 2023? I am asking because you have done so many security audits! I’m trying to find out if CS audit and GRC are what I want to focus on as I continue my studies. I have 10+ years in general IT support, management, administration.
does Dashlane employ any encryption methods beyond the master key? For instance, 1Password utilizes a secret key in addition to the master key, making it more challenging for hackers to access the main vault if it’s ever compromised.
Just want to voice appreciation for this AMA. I clicked on a newsletter link -I’m a computer nerd but by no means an engineer. Dashlane’s level of transparency and professional replies are pretty damn impressive. Thanks a bunch to you all, and count me in for another year as a customer.
Since encryption of the vault is based on your master password, how will passwordless work with passkeys? Will the passkey also be used to encrypt a randomly generated encryption key?
Will we ever be allowed to use the ASCII within the PW Generator that’s inside the Dashlane?
Some websites allow us to use ASCII as our passwords, so it would be great to have this possibility too. Also ASCII smileys too.
Most of my pws are really really hard to guess, and I want the ultimate security.
P.S. Special letters too, such as ones used in Germany, Sweden, Balkan Region, Finland, Asian countries, etc.
Why doesn’t Dashlane auto fill work on some websites?
It either doesn’t come up at all or it says username or password not recognized.
Yet if manually typed in, it works.
Is it a Dashlane issue or the website itself?
To clarify, I mean password generator which allows to generate unique passwords for each site and avoids storing passwords in any central location, as such a storage creates a single point of failure and strong attraction for any bad actors.
