The password manager Dashlane, which competes with the likes of LastPass and 1Password, just gained a new trick. Through the acquisition of a New York-based startup called PassOmatic, Dashlane is now able to offer an automated password-changing feature.
Password Changer does what it says on the box. Like most password managers, Dashlane’s software already included a password generator — now, users can automatically change passwords for chosen services with a single click, making it less likely that they’ll use the same password for long periods of time. The firm is touting this as a good counter-measure against security disasters like Heartbleed, where passwords have found their way into the wrong hands.
During the beta phase that launched on Tuesday, Password Changer requires a small amount of manual intervention, but in future it will gain the ability to automatically change passwords at set intervals. It’s already compatible with sites such as [company]Amazon[/company], [company]Facebook[/company], [company]Google[/company], [company]eBay[/company] and [company]PayPal[/company].
Like some other password managers, Dashlane’s service sees users store their passwords on the company’s servers, to enable cross-device syncing (for which Dashlane charges $39.99 per year.) The files are encrypted in the user’s client beforehand, though, and Dashlane maintains that it cannot read anything without the user’s master password, which it does not have.
Asked whether law enforcement or intelligence agencies would be able to access anything, Dashlane CEO Emmanuel Schalit told me via email that agencies could only get encrypted files from the firm if it were subpoenaed, and the password would need to come from the user “as the grade of encryption used by Dashlane makes these encrypted documents very hard to attack.”
Some rivals such as 1Password don’t store any user data on their servers, and do make it possible (with some effort) to synchronize data between devices without the need for a cloud-based service. However, Dropbox remains the most flexible way to synchronize 1Password data, and that service is itself probably approachable by agencies.
It all really comes down to how much you trust the encryption, and whether you count your main threat as agencies or — far more likely — criminals. For general protection, everyone should be using a password manager, and the automated nature of what Dashlane is now offering does seem attractive. This applies to anything that makes it easier for people to adopt plausible security measures.
New York and France-based Dashlane raised a $22 million Series B round back in May and, while the PassOmatic acquisition didn’t come with any announced numbers, this is how Dashlane is using its cash. PassOmatic CEO Chana Kalai, who has now joined Dashlane along with two colleagues, said in a statement that it was “obvious to us that the solution made even more sense when combined with a password manager, and we clearly saw Dashlane as the leading and most innovative company in that field today.”