LastPass vs Dashlane - Comparing the Top Password Managers
In the past I used to register to at least a couple of websites every 2-3 days, and I really hated creating accounts with the same password, although it was so convenient since I didn't have to remember different passwords for each account. That was the way for me until I started trying out password managers - software that safely store your accounts and their details, with the added advantage of logging you in automatically to websites. From those I used, two made a difference for me and are objectively two of the top ones in their category: LastPass (homepage) and Dashlane (homepage). So in this article we will point out each one’s strengths and weaknesses and in the end compare them.
Let's start with LastPass.
LastPass supports a wide variety of platforms (Windows, Linux, Mac) and several browsers: Google Chrome, Mozilla Firefox, Opera, Safari and Internet Explorer. Of course, it couldn't lack support for handheld devices (for premium users only though); its app is available for iOS, Android and Blackberry devices, but you can also find it in the Windows Store for devices using Windows Mobile.
How it works
But let’s get to more important stuff, like how it works. After installing the program, you’ll have to create your account (and enter a master password) under which all passwords and settings will be stored. Then, whenever you come across a registration page LastPass will offer to automatically fill in text boxes for which it has saved profile information (name, email, address, etc.) and when the registration process is over it will save all entered information for that website. Then, every time you visit it LastPass will let you automatically login using the credentials you used when you registered. Note that you can have more than one account saved under the same website. Depending on the type of the website (shopping, entertainment, bank, etc.) each account is saved under a different category.
To see saved passwords, you need to access your LastPass Vault. There are two Vaults actually, the Local Vault and the Online Vault; your data is synced between the two, so that in case you need it but are not using your personal computer, you can still login to the Online Vault and access the data from there.
Your master password is encrypted using AES 256-bit algorithm, and its effectiveness is increased with the help of Password-Based Key Derivation Function (PBKDF2) which makes the brute-force password cracking process much more difficult than it normally is. To apply PBKDF2 safely, LastPass uses SHA-256 hashing algorithm. Then this process is iteratively performed a few thousand times (the number of rounds is customizable) and voila! Your encrypted key has been created. Can’t get safer and faster at the same time than this.
In addition, LastPass supports multi-factor authentication for extra safety. This kind of feature is widely used the recent years, and allows a user to further secure his account by having to use a second authentication step coming from a different device, before he can actually login. LastPass supports the following multifactor options: Google Authenticator (Free), Grid Multifactor Authentication (Free), Microsoft Authenticator App (Free), Toopher Authentication (Free), Duo Security Authentication (Free), Transakt Authentication (Free), Sesame Multifactor Authentication (Premium), Fingerprint Authentication (Premium), Smart Card Authentication (Premium) and Yubikey Multifactor Authentication (Premium).
Whenever you want to access your LastPass data from an untrusted computer, you can use One-Time Passwords provided by LastPass. In a few words, the program allows you to create passwords that can be used only once to login to your LastPass account- so that even if someone can log the password you used, it will be unusable in the future.
The Password Generator is another feature of LastPass which can be used when creating an account for a new website. Instead of typing a password yourself, you can let the Password Generator create a strong password for you. You can set its length, letter case, number of digits in it, and other filters too.
In your LastPass Vault you can keep notes of virtually anything that you want to remember- sensitive details such as bank numbers and driver licenses are two typical examples. Furthermore, you can attach images and documents to your notes so that you can access them from anywhere.
If you also would like to share login details with other LastPass users, you can do so securely through the Online Vault; you even have the power to choose if you want the recipient to obtain the password, or just be able to use it in the corresponding website. For this feature, LastPass uses Public-Key Cryptograhy- RSA, in specific.
LastPass also is in partnership with Pwnedlist, a company that specializes in collecting and verifying information about potential security breaches. Whenever a security breach in a website is confirmed and you have an account there, LastPass will immediately notify you and ask you to change your password. LastPass has a similar feature of its own which allows you to check whether a site has been affected by the Heartbleed bug.
LastPass has a lot of interesting features that could possibly make your web surfing experience even more comfortable, but without risking security even a bit. As you will see below, it shares a lot of features with Dashlane - which makes it even harder to proclaim one of them as the best.
Moving on to Dashlane.
Dashlane is a high-security, fully-featured passwords manager like LastPass. Supported systems are Windows and Mac (sorry Linux users), but you can get the app for iOS and Android devices too. The browsers it works with are Google Chrome, Mozilla Firefox, Safari and Internet Explorer.
When you first launch the program, you’ll have to create a master key which will be the only thing you’ll have to remember in order to access saved data. A plugin will be added to the browsers you selected upon installation and will denote the functionality of the manager.
How it works
The principle is basically the same is in LastPass. Firstly you create a profile in Dashlane where you enter information about yourself that can be used in a registration form, and whenever you want to register to a website Dashlane will automatically fill-in text boxes with the available information. When the registration process is finished, the program will save the credentials and log you in every time you visit the website (multiple accounts under one website is supported too). You can categorize each account depending on the type of the website for better organization.
Dashlane uses AES-256 algorithm combined with PBKDF2 similarly to LastPass, with the main difference being that Dashlane uses 10,000+ rounds of PBKDF2, but LastPass uses about half of them by default (plus their developers suggest not to raise them above 10,000). In simple words, brute-forcing is a no-go method to access your encrypted data. Moreover, the master key (which is the only practical way to decrypt the data) is stored nowhere else but in your mind; this leads to the conclusion that only you can access your data- no one else.
Although protected data is kept mainly in your computer, premium users can enjoy the synchronization feature that allows them to sync data between other computers and devices that have the Dashlane app installed. Additionally, you can view your stored details from the online interface at https://www.dashlane.com/app/en/ if you have enabled synchronization to the Dashlane servers, but you cannot edit any of that information (it’s read-only).
Dashlane analyzes the password for each website that you have saved and displays a “Safety percentage” for each one, letting you know if any of them are unsafe and need changing.
A Password Generator isn't missing from Dashlane either; it gives users the power to create strong passwords that follow a specific set of available rules and use them when registering to a website.
Two-factor authentication is supported too, with any two-step authentication app like Google Authenticator, FreeOTP and Authy.
Dashlane too is a partner with Pwnedlist, and will immediately notify you of any security breaches that have been confirmed and you have a registered account in. And the notifications are faster than you think… it happened to me (twice), and I was notified even before official announcements started to roll out.
You can keep secure notes in your database that fall into various categories: Finance, Database, Legal Documents, Memberships, Software Licenses, Wi-Fi passwords and others. What is more, you can add information from IDs, Driver’s Licenses, Passports and other documents.
Whenever you make an online purchase, the program will automatically monitor the transaction and record the receipt for future reference.
You can share your saved passwords and notes with other people securely (even if they aren't Dashlane users) as emails, and the recipient has 30 minutes after clicking the link in the email to view/save the contents you sent him before they self-destruct. If 3 days pass and the link hasn't been opened yet, the shared data is deleted from Dashlane's servers too.
Dashlane is a simple to use password manager that can hold almost all kinds of sensitive information securely. But is it better than LastPass?
If you read all of the above, you will see that both programs have are equally good when it comes to their main feautures. The latest feature that both these password managers added is the ability to change your passwords automatically. They both offer incredibly tight security that provides most of what users are looking for in a password manager.
However, LastPass is available to a wider audience, including Linux, Windows Mobile and Blackberry users. It makes quite a difference even though it might seem like a small difference at first.
Regarding their premium services, the main advantages they have is that with LastPass Premium you can download and use their LastPass mobile apps (you can’t with free) and with Dashlane you can upload your data to Dashlane’s servers and synchronize it with all your devices running Dashlane. The cost here is 12$ per year for LastPass and 30$ per year for Dashlane.
It’s easier to use Dashlane than it is to use LastPass; Using Dashlane is like driving a car, whilst using LastPass is like driving a truck. The average user will prefer Dashlane over LastPass just because of this simple yet important reason.
To sum up, they both have pretty much the same strong points and very few weaknesses that make them equally powerful. Personally, I’d go for Dashlane; it’s easier for me to handle and I can access it instantly from my computer whether I am connected to the internet or not. But in the end it’s all a matter of taste, so you could try them out both and find out yourself which better suits your needs.