Dashlane is partnering with Yubico so customers can use YubiKey hardware security devices as the primary authentication for their vault credentials and other data.
“The password is a fundamentally flawed security control that still lies at the root of most of the breaches that occur today,” Dashlane CEO John Bennett says. “The Dashlane and Yubico integration combines the most advanced security available to protect sensitive credentials while eliminating the friction often caused by password-based logins, drastically raising costs for attackers and making good security hygiene easy for users.”
With this change, Dashlane says it’s the first major credential manager to enable FIDO2 security keys as the primary method for vault access. Compared to other solutions that use security keys as a secondary authentication factor, Dashlane users can instead use a YubiKey to securely generate a strong, unique hardware-based secret to encrypt their Dashlane vault. The result, Dashlane says, is phishing-resistant, passwordless vault access, and users can register multiple keys so they can retain access even if their primary key is lost or damaged.
For now, security-based Dashlane vault authentication is available only on desktop OSes using Chromium-based web browsers because the underlying security standard, called WebAuthn PRF, is not yet available on any mobile platforms or in non-Chromium-based web browsers. But Dashlane and Yubico are collaborating on a YubiKey SDK that will extend this support to any platform.
Passwordless login with YubiKeys is currently in beta for new Dashlane personal users, and Dashlane says support for existing personal users and business customers is coming soon.
You can learn more about this partnership and Dashlane/YubiKey integration on the Dashlane website.
