Dashlane launched Credential Risk Detection, a solution that continuously monitors and detects at-risk credential activity in real-time across the workforce, whether employees use a password manager or not.
The web extension-based solution is the latest Dashlane innovation that shifts credential security from passive defense to proactive protection, enabling enterprises to prevent credential-based breaches, rather than react to them.
IT and security teams can’t secure what they can’t see. And while organizations and their users have greatly benefited from hybrid environments and SaaS applications, dispersed workforces have also created unforeseen risks that are increasingly difficult to secure.
According to the 2024 Dashlane Global Password Health Score Report, the average enterprise user has more than 50 passwords not protected by single sign-on (SSO), each representing a point of risk if not properly monitored and secured.
“Password management that is too cumbersome is often seen by users as a barrier to getting their job done, and so they turn to what’s easiest, rather than what’s secure. And so, businesses continue to struggle to effectively manage credential risk across their workforce, creating blind spots and leaving themselves vulnerable to credential-based attacks,” said John Bennett, Dashlane CEO.
“Dashlane is laying a new path forward for credential security that goes beyond traditional password management into proactive protection – one that doesn’t rely on whether the user themselves is using a password manager, and helps get unengaged users engaged,” added Bennett.
When deployed across the enterprise, Credential Risk Detection delivers:
- Enhanced visibility and proactive risk mitigation: Enterprises gain complete visibility into the use of previously undetected weak or compromised passwords for signing into corporate applications across managed devices, whether the user is active on Dashlane or not. Passwords are neither accessible nor viewable to anyone but users themselves, per Dashlane’s zero-knowledge architecture. Admins can also identify when employees use unmanaged applications for corporate work.
- Comprehensive risk assessment: Admins obtain a deeper understanding of their organization’s credential risks, and whether or not employees are actively using a password manager.
- Actionable data and intelligence: Admins receive insights into employee password practices across their organization. Dashlane’s detailed reports highlight employees using at-risk passwords, enabling enterprises to identify vulnerable groups and take proactive measures.
Combining proactive threat detection with automated response
Dashlane also announced the general availability of Dashlane Nudges, which automates credential risk response by sending targeted alerts to employees via enterprise communications channels such as Slack. In beta testing, 50 percent of users who were nudged by Dashlane took action and reduced or eliminated their at-risk passwords, helping mitigate the risk of credential stuffing attacks.
Credential Risk Detection and Dashlane Nudges are the latest innovations in Dashlane’s proactive credential security product suite, which also features Phishing Alerts. By combining real-time threat detection, intelligence, and automated response capabilities, Dashlane establishes a feedback loop that enables organizations to proactively and continuously improve credential security posture and prevent account compromise.
A zero knowledge, privacy-first approach
Dashlane’s zero-knowledge architecture ensures that no one, including Dashlane itself, has access to credential data. Dashlane is built so that sensitive data processing and encryption happens locally on the user’s device and is never transmitted in clear text over the network, nor are credentials accessible or viewable to any party other than the end user.