Skip to content

Infinite Loop with Dashlane

Today I ran into my first problem using Dashlane,  do you remember this post where I said : “Guys you should use Dashlane because it’s awesome, especially in case of a password leak” ? I remember it well ! and I believe that Dashlane is an awesome tool to “avoid” your  passwords to be leaked. However it has some flaws !  For the story, I was playing with CUDA yesterday and I almost broke my system, so i decided to make a fresh install of OS X Mountain Lion on my MacBook Pro. Everything went well, until I wanted to use Dashlane again. I had downloaded Chrome, and Dashlane from their website ! and when I decided to log back in to access my passwords, Dashlane told me :

Enter your e-mail (login) and we will send you an e-mail with a token on your e-mail or phone number !

Wow ! What ?

ok ! it’s a good idea, but the password that I used for my e-mail account (online) was on Dashlane, and I had no access to my e-mails anymore since Dashlane had my password !  And there I was, sitting in front of my computer logged out of almost all my accounts !

I began to think, and remembered quickly that I had my iPhone with me and that I had access to my e-mails via 3g (awesome …) I tried to obtain the token from Dashlane to log back in … and it never came ! I’m still waiting for it ! I requested it at least 25 times ! nothing ! nada, rien ! geen e-mail ! I contacted the Dashlane support for more information but I never got any answers back ! I also checked my spams box but nothing in there either !

Finally I got another idea:

The computer had to be identified at some point via a file ? so why not find that file on my TimeMachine drive and replace it ?  so basically that trick worked !

I replaced the Dashlane folder from my new Install with the Dashlane folder from my time machine !  and that’s how I finally could log back into all my accounts ! This is where the folder is located :

Edit 1 : So Dashlane got bak to me about that problem  and told me that they implemented a new message in their popup.  Now when you want to generate a password for your e-mail account associated  with Dashlane show this message :

And I simply replied the following :

@dashlane The Pop up should say “it is not recommended to generate a password with dashlane” because the password should still be strong.

Because I thought the popup was not clear enough. However, it’s a good step forward !

Screenshots in Dashlane ?

While I was copying my Dashlane folder I discovered a folder containing unencrypted screenshots of me purchasing something on Amazon.  I then wondered “why does that Dashlane’s folder contain multiple folder with screenshots of my purchases, that’s kind of silly ? isn’t it ?”   So I contacted  them and we will see what happens.

Edit 2 : A t Some point Dashlane got back to me via their twitter account and mentioned this :

1) My first question was :

Why are you making screenshots while we buy things ?

This answer does not convinced me at all ! especially since I saw that those screenshots were not encrypted so I asked a second question :

2) My second question was :

Why are the screenshots not encrypted in the folder ?

and  that we need to enter our master password in the application ? :

 So I hope that at some point they’ll get back to me with an answer, or with an update !  and they did !

Edit 3:

I  got an e-mail back  with a brief description of what is happening in Dashlane :

 

I have to say that since people are connected most of their time, unencrypted screenshots are thus vulnerable most of the time ! However has they said, those screenshot do not represent your password, and are thus information that are not “really” “valuable” for a hacker. On the other hand I have to say that their team is very responsiveand seems to care about the problems that happens with their software ! I’m really  impressed about that  in a good way ! and will definitely recommend Dashlane to whomever wants to try  to keep their passwords safe.

Post a Comment

Your email is never published nor shared. Required fields are marked *