Password Management Apps at Risk After Dashlane Breach

Password management apps play a crucial role in safeguarding users’ sensitive login details, such as email addresses, banking information, and social media accounts. Given their importance in securing your digital life, a failure in these apps can lead to severe consequences. Recently, Dashlane, a well-known password manager, experienced a brute force attack that put some users at risk of having their information stolen.

Details of the Attack

In a recent announcement, Dashlane reported that a specific group of accounts was compromised due to a brute force attack. This method involves a hacker trying different combinations, similar to guessing a combination lock by turning it randomly until it opens. While this approach is labor-intensive, it can be effective under the right conditions.

The attackers aimed to exploit the two-factor authentication feature—designed to safeguard accounts by requiring verification across multiple devices—to add compromised devices to these accounts. The volume of the attack triggered Dashlane’s security systems, which temporarily locked the targeted accounts. Fortunately, the attackers did not manage to successfully download the encrypted password vaults associated with these accounts.

It’s reassuring to know there are ways to bolster the security of your account.

Dashlane confirmed that fewer than 20 accounts were compromised, with all affected users promptly notified via email that their accounts had been temporarily locked. If you didn’t receive such an email, your account is safe.

Although some accounts were compromised, the encrypted vaults remain secure unless the hackers can also access each master password. This incident underscores the vital importance of end-to-end encryption in today’s digital landscape, especially for messaging apps, password managers, and cloud services.

All suspended accounts have since been restored, and Dashlane has assured users that its internal systems remained unaffected. The company is now focused on preventing similar brute force attempts in the future.

Protecting Your Dashlane Account

Dashlane claims to have implemented additional protections at the network level. They are working on measures to better detect and filter malicious traffic. However, if you’re using Dashlane, you may still feel uneasy about the current state of your password security. Luckily, there are steps you can take to enhance your account’s safety:

1. Change your password. While the hackers didn’t access Dashlane’s internal systems, it’s advisable to change your password every six months to a year as a preventative measure against potential leaks.
2. Create a more complex password. Brute force attacks are more successful against simple or short passwords. To minimize breach risks, ensure your password is sufficiently complex. And remember to keep a record in a safe place.
3. Enable two-factor authentication (2FA). This adds an extra layer of protection by requiring a verified device for login access.

Exporting Passwords from Dashlane

If you’re considering switching to another password service, you can remove your password from Dashlane. The easiest method is to export it to a CSV file.

To export your passwords, log into Dashlane on the web, navigate to the Vault menu, and select Settings. Then, choose Export Data and click on Export to CSV.

It’s important to verify that all passwords are correctly included in the CSV file before deleting your Dashlane account. This file will be your only record once you proceed with the deletion.

To delete your Dashlane account, visit the account deletion page. Enter the email associated with your account and follow the prompts to confirm the deletion.

After obtaining your CSV file and deleting your Dashlane account, make sure to store the file securely or upload it to a reliable alternative password manager. Possible options include Proton Pass, 1Password, NordPass, and LastPass. Each comes with its own advantages: Proton Pass focuses on privacy, while 1Password is known for its robust security. Just remember, please don’t store this information in an unprotected text file on your computer—it could be more dangerous than keeping it in Dashlane.