Last Thursday (May 5) marked World Password Day — that login process that everyone loves to hate and hackers have a field day scamming. We now have a holiday to celebrate it.
The purpose of the day is to remind people to change them. Most people don’t and for one simple reason. There are way too many places online that need one to do just about anything, and it creates too much friction to both change passwords and have different ones for different sites. So, to overcome that friction, consumers then use the same one everywhere and rarely change them. That also removes friction for the fraudsters, who know that if they crack one password, they, most of the time, have the keys to the online kingdom for that individual.
It’s a problem that Dashlane, a password manager, set out to solve many years ago.
"The beauty of solving the password problem for the consumer is threefold," said Emmanuel Schalit, CEO of Dashlane. “It's an obvious pain point. We are solving a well-known problem. At the end of the day, passwords are the key to everything else."
While Dashlane’s original idea was to adapt its software to commerce, Schalit quickly realized that passwords were the digital identity key to cracking the commerce code online. So, securing a consumer’s trust with a password is the first gateway to making that consumer comfortable with a brand that can also then manage the rest of their sensitive credentials (card info, address, etc.).
Or, as Schalit contends, if a consumer trusts a service enough to manage their passwords, the rest follows, since trust is the cornerstone of everything that happens online.
"At the end of the day, the passwords are the key to everything else,” he said.
Under Dashlane’s Hood
“Dashlane is known for keeping a consumer’s information safe,” Schalit says. “And we are quickly becoming their favorite for keeping digital transactions safe, secure and organized.”
Schalit said that Dashlane has been used by more than 4 million consumers and has enabled eCommerce transactions on close to half a million different websites.
The “wallet” that’s been used on those sites, he says, stores a host of online payment methods, including credit cards and bank accounts. When a consumer is checking out online, Dashlane users are able to have the shipping, billing and payment form fields autofilled. There is also a prompt for users to select their desired payment method on the merchant site.
From there, that checkout process that used to take a few minutes turns into one or two clicks. As for its underlying security, Schalit jokingly referred to it as Dashlane’s “magic.”
When a user creates a Dashlane account, they choose a master password, which has two unique characteristics.
There is no physical record of this master password in the universe. It is not stored on any devices, it does not go over the Internet and it is never seen by Dashlane or stored on its server.
This password is used only for one purpose — as the encryption key for all the information the user stores in Dashlane (passwords, identity information, payment information, etc.).
That, Schalit says, means that the user's data is always encrypted on the device. And when it travels through the service (to sync with multiple devices), it's only there in a fully encrypted form.
This also means that Dashlane has millions of heavily encrypted files on its servers, but because each one has its own unique key, not even the company can touch the data.
"So, whether you consider the case of hackers penetrating our servers, the case of a disgruntled employee or even the case of a government serving us a subpoena, there is simply no way for anyone to access this data — not even us," Schalit said.
Dashlane's Digital X Factor
Schalit said that Dashlane’s “unique advantage” is in its “universal capability.”
“While other forms of online payment and identity management are limited in scope by device type, operating system or merchant adoption, Dashlane works everywhere. This helps remove the majority of the friction consumers face when completing online transactions,” Schalit said.
That ubiquity, Schalit said, happens because Dashlane is completely independent of the merchant POS. Dashlane credentials are populated automatically on merchant webpages.
Therefore, Dashlane’s heavy lifting is in getting consumers to trust it enough to hand over the keys to their payments accounts — and $39.99 a year to sync those credentials across an unlimited number of devices. Dashlane is free to use on one device.
To tap into a broader base of consumers, Dashlane is partnering with banks, card networks and a variety of FinTech players.
One major partner soon to be announced is Banamex, Mexico’s largest bank.
“We are excited to help leading banks, like Banamex, reduce purchase friction and make online shopping one click everywhere,” Schalit said about the announcement.
Through this deal, which will be exclusive to Banamex customers in Mexico, Dashlane will provide six months of Dashlane Premium for free to consumers and VIP access to its Spanish-language support, as well as the ability to shop faster using their Banamex credit card stored securely in Dashlane. Dashlane will also enable Banamex to deliver relevant content to its customers while they shop online.
When a consumer downloads Dashlane, Dashlane is able to see the data on the checkout pages and can feed that data back to its partners in real time, providing an actionable promotional and commercial opportunity for its partners.
What that will do, in turn, is enable Dashlane to deliver its tools directly to clients of these institutions. Dashlane also allows bank partners to communicate with their customers at online checkout and provide special offers, rewards, etc.
Schalit says that Dashlane plans to replicate what it is bringing to Banamex for a number of other regions.
"We've think we've found a sweet spot," Schalit said. "It's an exciting time to see it unfolding now."