Dashlane’s Commitment to CISA’s Secure by Design Pledge

At Dashlane, security and privacy have always been at the heart of what we do. In keeping with this commitment, we are a proud signee of the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design pledge. Our participation is natural as part of our ongoing commitment to further enhance our security practices, demonstrating measurable progress toward the initiative’s key goals.

The pledge is a voluntary commitment by software companies to prioritize customer security as a core business requirement. Organizations that sign the pledge agree to:

As a leader in credential management and digital security, Dashlane is dedicated to making the internet a safer place for individuals and businesses alike. Below, we outline our approach and provide a look ahead into what continued progress could look like in the key areas of the pledge.

Pledge Goal: Increase the use of multi-factor authentication across the manufacturer’s products. Reduce reliance on default passwords.

Dashlane is leading the push towards stronger authentication and a simpler, more secure passwordless future. We were the first password manager to launch a truly Master Passwordless experience and the first to support passkeys across platforms. 

Dashlane also supports 2FA for account login via TOTP as well as 2FA to authenticate into third-party web sites, and SSO is available for business customers. On top of MFA and our passwordless, we already offer real-time phishing alerts, and plan to do more in that area. We do not have default passwords by design; users create their own Master Password with strong security requirements during account setup. 

Pledge: Measurably reduce key security vulnerabilities.

We have a strong Secure by Design mindset with encrypted storage and a zero-knowledge architecture, meaning no one, not even Dashlane, can see the content of admin, employee, or personal vaults.

We want to keep refining our secure development life cycle and iterate on secure development frameworks and best practices. We aim to offer developers secure building blocks like functions and libraries that make it impossible or significantly harder to introduce vulnerabilities.

Pledge: Increase the installation rate of security patches by customers.

Dashlane is automatically updated on customers' devices, and we run rapid release cycles and hotfixes for client applications, using best practices internally to ensure regular patching.

Looking ahead, we’re exploring ways to further automate security patch deployment where possible. We want to improve customer communication around product lifecycles and end-of-life notifications.

Pledge: Publish a clear vulnerability disclosure policy and increase transparency in vulnerability disclosure.

We plan to publish a formal vulnerability disclosure policy on our website, along with a machine-readable security.txt file for easier researcher access, and assess how we can publish vulnerability reports with CVEs publicly. We also work closely with researchers when bugs are reported in our product, which can be done via HackerOne, and participate in coordinated disclosure. 

Pledge: Improve customers’ ability to detect and respond to security intrusions.

This is an area of focus for Dashlane in 2025. We offer audit logs for our business customers, and will be enhancing the level of detail in audit logs and the insights for our customers.

Dashlane’s commitment to Secure by Design principles aligns with our broader mission to provide the credential security that every business and employee needs to thrive. We look forward to sharing our additional progress, overcoming challenges, and collaborating with the broader cybersecurity community to advance digital security standards.

We invite our users, partners, and industry peers to engage with us as we take these steps forward. Together, we can make security a shared responsibility and a fundamental pillar of software design.

Stay tuned for more updates on our Secure by Design journey, and feel free to reach out with questions or feedback. Let’s build a safer digital world together!