Dashlane has become the first credential manager to support FIDO2 security keys as a primary login method for accessing password vaults.
The announcement was made earlier today introducing a security upgrade that leverages hardware-based authentication through the FIDO2 protocol, developed by the FIDO Alliance and W3C. This enhancement builds on Dashlane’s earlier passwordless login infrastructure and incorporates the WebAuthn PRF extension to enable local key derivation, further reducing reliance on server-side secrets and enhancing resistance to phishing attacks.
Founded in 2009, Dashlane is a prominent password manager and credential management platform used by individuals and enterprises worldwide. It offers encrypted storage for sensitive login credentials, identity documents, and secure notes. The platform has consistently pushed for a passwordless future, being the first among its peers to introduce full passkey support across platforms.
This latest security feature enables users to log in to their Dashlane vaults using FIDO2 security keys from vendors such as Yubico and Google (Titan Security Keys). These hardware tokens act as cryptographic authenticators that cannot be tricked by fake login pages or remote attackers. Unlike traditional MFA methods that use SMS or email codes, which remain vulnerable to phishing, SIM swapping, and social engineering, FIDO2 operates on public-key cryptography principles. No secrets are shared with the server, and credentials are cryptographically bound to the legitimate domain.
Dashlane’s implementation supports the WebAuthn PRF extension, allowing the client device to derive encryption keys locally using the security key and a server-provided salt. In the event that a user's platform or browser doesn’t support PRF, the fallback mechanism securely transfers the key using Dashlane’s existing passwordless provisioning system in combination with classic WebAuthn.
The new FIDO2-based login option is initially available to personal plan users through early access, with a broader rollout planned for both individual and business customers later in 2025. As part of the usability enhancements, Dashlane will support multiple hardware keys per user, certified device verification through FIDO Metadata Service (MDS) lookups, and frictionless provisioning of new devices, all without requiring users to type a single password.
If you’re interested in exploring more about Dashlane and where it stands against competition, check out our in-depth review of the product.
Leave a Reply