How secure is the Dashlane sharing feature?
Sharing data in emails or texts is not secure but using Dashlane's Sharing Center is.
Each time you share a password or any sensitive information by email, the information is copied in plain text in:
- The 'Sent' folder in your email provider's inbox
- The 'Sent' folder on all other devices connected to your inbox
- Your email provider's servers
- Your recipient’s email provider's servers (which may actually include several different locations and data centers)
- Your recipient’s computers or devices
Sharing this information through instant messaging apps also is insecure, as the information is usually not encrypted and is sent in plain text on the network. This means your information can be read by the company running the messaging service and conversations are also generally saved in the history by these applications.
However, by using Dashlane's Sharing feature, your data is encrypted using the best encryption system to-date before even being sent over the internet. Please see the Security and Privacy section of this article for more details.
You and the user you share an item with are the only ones who can access the items. It is impossible for anyone, even for Dashlane employees, to access the data you share with other people. Here is why.
Whenever you share data, the data is encrypted and decrypted using a public-key (or asymmetric) cryptography protocol. Each Dashlane user has a set of two keys that are generated for them upon creating their account:
- A unique public key that is used to encrypt the data that others share with you. If for instance, you share a password with another Dashlane user, Dashlane will encrypt the password using the public key of that user. If someone shares a password with you, the item that they share with you will be encrypted using your public key.
- A unique private key, known only to you and never transmitted to others, which is directly saved in your Dashlane account and encrypted at all times with your master password. A user's private key is the only thing that can be used to decrypt data encrypted with that user's public key. So, if someone has shared a password with you, and therefore encrypted it with your public key, Dashlane will be able to decrypt that password for you by using your private key.
Both keys are generated together when your account is created. They can only work together: other users use your public key to encrypt the data that they want to send you, data which you then decrypt by using your private key, to which only you have access and which is protected by your Master Password.
For more information on security and encryption, please click here.