Dashlane Introduces 'Password Changer', Allowing Users to Change Multiple Passwords With One Click

[MacRumors]

The popular subscription-based password management service Dashlane is today introducing a new feature called Password Changer that will let users change all of their passwords with a single click (via The Verge).

The new feature will work with two-factor authentication enabled accounts and be available to work with over seventy websites at launch. Password Changer is fueled by Dashlane's acquisition of PassOmatic, a New York startup that developed the core technology running the new feature.

Password Changer will be beta-tested by a small audience (with a planned wide release soon) on the desktop versions of Dashlane for PC and Mac, and the company states that it is working on bringing it to mobile.

The update brings a large, green "change all passwords" button that, when clicked, prompts the user through changing all existing passwords with new unique, randomly generated ones. Accounts with two-factor authentication enabled will require the user to input the answer to a security question or a code.

Future updates promise users the ability to set certain accounts to automatically shuffle through new passwords at pre-set intervals. Dashlane hopes the new measures the company is taking to protect users' private information will give their customers ease of mind in the midst of recent hacking scandals over the past year.

Dashlane is free to use on a single device, but syncing and transferring between multiple devices costs $39.99 per year. The app can be downloaded for free from the Mac App Store [Direct Link] and App Store [Direct Link]. Users wanting to access the Password Changer feature ahead of the wide launch can sign up for the Password Changer beta now.

Article Link: Dashlane Introduces 'Password Changer', Allowing Users to Change Multiple Passwords With One Click

 

[Traverse]

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

 

[Tumbleweed666]

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

Similar here, i do use an app but its local to my phone / iMac.

Convenience of having a single online service that can access all your passwords online = great,
Outcome should that online service be breached = catastrophic.

 

[Traverse]

Similar here, i do use an app but its local to my phone / iMac.

Convenience of having a single online service that can access all your passwords online = great,
Outcome should that online service be breached = catastrophic.

Exactly. The idea behind iCloud Keychain or 1Password seems perfect: remember one good password and the app takes care of remembering impossible passwords. Still, the risk that the service is hacked or a glitch causes the data to be lost is just too risky.

I don't even use the cloud for highly sensitive stuff. If I was hacked they'd get some family photos, my school calendar and assignments, and a basic notes journal. We don't live in a highly trustworthy world.

 

[H2SO4]

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

I agree. Trouble is these days you have passswords for everything.
5 different bank accounts.
10 different forum accounts.
15 different miscellaneous accounts.
5 different email accounts.
Then you have one for your online telephone, gas, electricity, kids school, work ( that has to be changed every three months).
You may have AppleID that the fools won’t let you merge so that’s another unnecessary one.

Bear in mind that these should all be different and cryptic and it just gets unmanageable.

 

[MacOG728893]

I agree. Trouble is these days you have passswords for everything.
5 different bank accounts.
10 different forum accounts.
15 different miscellaneous accounts.
5 different email accounts.
Then you have one for your online telephone, gas, electricity, kids school, work ( that has to be changed every three months).
You may have AppleID that the fools won’t let you merge so that’s another unnecessary one.

Bear in mind that these should all be different and cryptic and it just gets unmanageable.

I'm with you on this. There is certainly an inherent risk using one of these services, but I'll take my chances with it over using similar pass words across the web.

 

[Huracan]

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

You can still use an application like 1Password to keep your passwords just in your local drive, encrypted, but have the convenience of auto password generation and automatic filling of passwords. There has to be a limit to being paranoid, because otherwise, perhaps you could think Apple could be harvesting your passwords from your encrypted file in your encrypted drive, whenever you unencrypt them

 

[Primejimbo]

This is an awesome idea!!

I use 1Password and I am a proud user. I was a skeptic, but not after research, it's safe to use.

I forgot how Dashlane works, but with 1Password, my stuff is on my device and not on a server. You can use wifi syncing if you want (only syncs on your network, Dropbox, iTunes, or iCloud to sync.

Another thing to think about. All these password managers are out there and I bet we would have heard by now that a hacker got into one, or the app sends the info to a 3rd party person who uses this app for this reason.

I have over 70 items now and all have a different password.

 

[DCstewieG]

This is a really nice service but it means they know your passwords. I like using Lastpass which does all of the encryption/decryption locally and the only thing stored in the cloud is that encrypted blob. With a strong password, no one's going to make any use of that even if Lastpass is hacked.

To me, having extremely strong unique passwords for every site stored encrypted in the cloud is better and safer than whatever I can store in my head. You simply can't remember a 32+ character password of random letters, numbers, and special characters, let alone tens or hundreds of them.

Update:
Woohoo, Lastpass just announced this for themselves!
http://blog.lastpass.com/2014/12/introducing-auto-password-changing-with.html

 

[Traverse]

You may have AppleID that the fools won’t let you merge so that’s another unnecessary one.

Oh my goodness, don't even get me started on that or why I need a gmail account to have an Apple account.

 

[nutmac]

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

I can't speak for Dashlane as I am not familiar with how data is stored.

In case of 1Password, however, the data (AES 256-bit encryption) is stored on Dropbox, iCloud, or Mac/PC (Wi-Fi syncing). 1Password does not have its own server and even if Dropbox or iCloud account is breached, the hacker will still need your 1Password password to unlock the password data.

The only weakness in the system is lack of Touch ID on Mac, which discourages me from creating very strong password for 1Password.

 

[freeskier93]

Exactly. The idea behind iCloud Keychain or 1Password seems perfect: remember one good password and the app takes care of remembering impossible passwords. Still, the risk that the service is hacked or a glitch causes the data to be lost is just too risky.

I don't even use the cloud for highly sensitive stuff. If I was hacked they'd get some family photos, my school calendar and assignments, and a basic notes journal. We don't live in a highly trustworthy world.

You should probably read up on how 1Password works. Its not really a service, it's just a database manager that stores the passwords in an encrypted file. This is all local. If you choose you can sync over wifi or through Dropbox. Still very secure because Dropbox syncs the encrypted file, even if your Dropbox account was hacked good luck with the encrypted file.

 

[Glassed Silver]

I can't speak for Dashlane as I am not familiar with how data is stored.

In case of 1Password, however, the data (AES 256-bit encryption) is stored on Dropbox, iCloud, or Mac/PC (Wi-Fi syncing). 1Password does not have its own server and even if Dropbox or iCloud account is breached, the hacker will still need your 1Password password to unlock the password data.

The only weakness in the system is lack of Touch ID on Mac, which discourages me from creating very strong password for 1Password.

It just hit me!
Next Apple mouse will have Touch ID surely.

Glassed Silver:mac

 

[bankshot]

I agree. Trouble is these days you have passswords for everything.
5 different bank accounts.
10 different forum accounts.
15 different miscellaneous accounts.
5 different email accounts.
Then you have one for your online telephone, gas, electricity, kids school, work ( that has to be changed every three months).
You may have AppleID that the fools won’t let you merge so that’s another unnecessary one.

Bear in mind that these should all be different and cryptic and it just gets unmanageable.

This is why I’m a big fan of password algorithms. You memorize an algorithm which produces a unique password for each site. For example (just made up):

1. ABC (satisfies capital letter requirements)
2. Last 4 letters in the site or company name, shifted left 2 keys on the keyboard, wrapping around if necessary, all lowercase
3. . (satisfies special character requirements)
4. 123 (satisfies number requirements)

So a few passwords would be:

• Apple: ABCiijq.123
• Amazon: ABCknuv.123
• Dropbox: ABCicum.123
• Google: ABCudjq.123
• Yahoo: ABCkfuu.123

All different, but you only memorize one thing. If someone cracks Yahoo’s database and gets my plaintext password, that doesn’t give them access to my account on any other site.

For the sites that you access frequently, it becomes muscle memory pretty quickly. For other sites, it takes just a few seconds to think about it and type it out.

The only things I store in 1Password are:

• A vague description of the algorithm - the ABC part might really be “first 3 letters of my second grade teacher’s name” which a random hacker wouldn’t be able to get even if they cracked my 1Password database.
• Any exceptions to the rule. Some sites don’t allow special characters, while others require them. So the password field for a site might literally say “standard password, no special characters”.

In addition, I have 2 levels of passwords. In the extremely unlikely event that someone reverse engineers the algorithm for my throwaway accounts, I don’t want them also getting to my more important accounts like banking. So the banking algorithm is a little more complex.

 

[nutmac]

This is why I’m a big fan of password algorithms. You memorize an algorithm which produces a unique password for each site. For example (just made up):

1. ABC (satisfies capital letter requirements)
2. Last 4 letters in the site or company name, shifted left 2 keys on the keyboard, wrapping around if necessary, all lowercase
3. . (satisfies special character requirements)
4. 123 (satisfies number requirements)

So a few passwords would be:

• Apple: ABCiijq.123
• Amazon: ABCknuv.123
• Dropbox: ABCicum.123
• Google: ABCudjq.123
• Yahoo: ABCkfuu.123

Having only 4 characters (at least in your example) per site is very weak for anything but casual websites. All hacker needs is password for two websites.

With apps like 1Password integrating so tightly with iOS and Mac, I frankly don't see any need for doing all that work. On iOS, just summon 1Password from the share sheet, Touch ID to login, click a button or two, and you are logged in.

 

[joecool99]

what will you do WHEN this service get's hacked ?
i'll never use such service.

 

[bankshot]

Having only 4 characters (at least in your example) per site is very weak for anything but casual websites. All hacker needs is password for two websites.

With apps like 1Password integrating so tightly with iOS and Mac, I frankly don't see any need for doing all that work. On iOS, just summon 1Password from the share sheet, Touch ID to login, click a button or two, and you are logged in.

As you recognize, that was merely an example. My actual password algorithm is more complex. Even so, I'll bet a lot of people would have a hard time figuring out even that simple one, given just a couple of example passwords.

But beyond that, remember that the people stealing passwords and breaking into accounts are running scripts to brute force thousands if not millions of accounts at once. They aren't about to spend any time reverse engineering one person's algorithm, no matter how simple. When my compromised Yahoo password doesn't yield access to my Amazon account, they move on to an easier target (heh, heh - Target).

I like my password algorithm because I can still access any site even when 1Password is not available (phone died, whatever) and I'm not vulnerable if a flaw is ever discovered in 1Password's encryption. How many times have we learned about a decades old bug causing a security flaw that was only recently discovered in the last few years. All of that software was considered to be rock solid and secure. For that reason, I won't put my actual passwords into 1Password, Safari autocomplete, or anything similar. I think my method is more usable than dozens of random unrelated passwords, and it's more secure than any password manager.

 

[rhett7660]

This is why I’m a big fan of password algorithms. You memorize an algorithm which produces a unique password for each site. For example (just made up):

1. ABC (satisfies capital letter requirements)
2. Last 4 letters in the site or company name, shifted left 2 keys on the keyboard, wrapping around if necessary, all lowercase
3. . (satisfies special character requirements)
4. 123 (satisfies number requirements)

So a few passwords would be:

• Apple: ABCiijq.123
• Amazon: ABCknuv.123
• Dropbox: ABCicum.123
• Google: ABCudjq.123
• Yahoo: ABCkfuu.123

All different, but you only memorize one thing. If someone cracks Yahoo’s database and gets my plaintext password, that doesn’t give them access to my account on any other site.

For the sites that you access frequently, it becomes muscle memory pretty quickly. For other sites, it takes just a few seconds to think about it and type it out.

The only things I store in 1Password are:

• A vague description of the algorithm - the ABC part might really be “first 3 letters of my second grade teacher’s name” which a random hacker wouldn’t be able to get even if they cracked my 1Password database.
• Any exceptions to the rule. Some sites don’t allow special characters, while others require them. So the password field for a site might literally say “standard password, no special characters”.

In addition, I have 2 levels of passwords. In the extremely unlikely event that someone reverse engineers the algorithm for my throwaway accounts, I don’t want them also getting to my more important accounts like banking. So the banking algorithm is a little more complex.

This is a very interesting take. One I have not heard of before. I know these are just simple examples but I can see how this could be used! Thanks for the idea.

 

[Primejimbo]

Similar here, i do use an app but its local to my phone / iMac.

Convenience of having a single online service that can access all your passwords online = great,
Outcome should that online service be breached = catastrophic.

Exactly. The idea behind iCloud Keychain or 1Password seems perfect: remember one good password and the app takes care of remembering impossible passwords. Still, the risk that the service is hacked or a glitch causes the data to be lost is just too risky.

I don't even use the cloud for highly sensitive stuff. If I was hacked they'd get some family photos, my school calendar and assignments, and a basic notes journal. We don't live in a highly trustworthy world.

Can't speak for other password managers, but how can something be hacked if it's not there? I use 1 Password and all the info is stored locally, so if AgileBites gets hacked, my passwords aren't there. They are only on my device only.

To get it off my iPhone a person needs my password for my phone (and it's not a 4 digit pin either) and then the long password for the 1Password app.

 

[IGregory]

I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

Good luck with that. A password manager is a lot easier.

 

[Traverse]

Good luck with that. A password manager is a lot easier.

Easier for you, easier for others too.

 

[nutmac]

I like my password algorithm because I can still access any site even when 1Password is not available (phone died, whatever) and I'm not vulnerable if a flaw is ever discovered in 1Password's encryption.

I frankly think hacking BOTH 1Password and Dropbox or iCloud (particularly if one uses optional two-factor authentication) is a lot more difficult than hacking basic cypher algorithm. While your algorithm may discourage hacker, even the most amateur hacker can easily hack if they want to.

And if you depend on accessing data anywhere without your phone, you can use Dropbox (you will obviously need to remember its password) and open 1Password.html directly to access all the data.

 

[Primejimbo]

Having only 4 characters (at least in your example) per site is very weak for anything but casual websites. All hacker needs is password for two websites.

There are so many articles about this too about how all the password leaks that hackers learn peoples habits and recipes for passwords.

I frankly think hacking BOTH 1Password and Dropbox or iCloud (particularly if one uses optional two-factor authentication) is a lot more difficult than hacking basic cypher algorithm. While your algorithm may discourage hacker, even the most amateur hacker can easily hack if they want to.

And if you depend on accessing data anywhere without your phone, you can use Dropbox (you will obviously need to remember its password) and open 1Password.html directly to access all the data.

I agree with you. For someone to get into my 1Password vault in Dropbox they need:
My log in
My password for Dropbox
My password for my phone (and not a 4 digit pic either) for 2 step verification
Then my password to my 1Password Vault

This is probably far more secured then having easy passwords for everything I use.

 

[OneMike]

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

I don't trust this either. However 1password I do trust as you do not need to store your passwords on any place other than your computer to use the service.

 

[DogBittenShoes]

Similar here, i do use an app but its local to my phone / iMac.

Convenience of having a single online service that can access all your passwords online = great,
Outcome should that online service be breached = catastrophic.

Not true. Should Dashlane get hacked, all the hacker would get would be undecipherable encrypted data. The master key is only stored in your head, not on any server. So basically for anyone to actually get your logins, passwords, or data they would have to not only hack Dashlane but also kidnap you and force you to provide your master key (master password)