Dashlane is a pretty neat password manager, but I question the reliability of the security breaches it reports and wonder if its actually just randomly generating them to make you think Dashlane is doing a good job of protecting you.
What makes me think this?
Well I first got a security breach for a website thats very specific to our company, unlikely to be the target of an attack, and we administer it, and are confident its not been breached (we would be in a panic if it was), so what makes Dashlane think its been breached?
Dashlane say they use a service called Pwndlist to get information about security breaches. Pwndlist allows you to search for your email in their database. None of my emails appear in their database.
So if you ask me, these security breach alerts look like they are fake and popup randomly from time to time as an incentive for me to want to subscribe to the Dashlane service, after all, its keeping me safe right?
Update: so having had a conversation with a Dashlane dev (see comments) who has explained what happens, and why my email isn’t necessarily found in the second case, and having also investigated the website concerned in the company specific case for me, finding its not flagged, and coming to the conclusion that it may be a bug, I won’t pass judgement just yet, instead I will log any other questionable security alerts as bugs and maybe help improve the product.
I am liking Dashlane so far (aside from the questionable security breach alert, and a couple of other little issues) coming from a long time lastpass user, the user interface is refreshing. Will I subscribe to get password syncing? Probably not, I would probably make do with having to manually sync (ie re-entering commonly used website passwords on different devices, which equates to two PCs).
Good news, Dashlane have found the issue re false reporting of websites as compromised, and it turns out it was a wording issue, and it was really trying to tell me that I was using the same password on this website as I was using on a website that has been compromised.
Bad news, I have found a serious memory leak in the Chrome Plug-In Host on OSX whereby it is consuming as much as 80MB per day, after 5 days it was using over 500MB (it starts at just 50MB. Now some increase in memory footprint is to be expected, but this is continuous, you can watch it tick up memory in activity monitor. Dashlane have yet to acknowledge this is an issue.
Dashlane have acknowledged the memory issue.