DashLane vs LastPass

password-managers-logosDashLane vs LastPass: a reader asks…

What do you think of DashLane for password management? I know you recommend LastPass, can you tell me the main differences?

I’m glad you’re using (or planning on using) a password manager! These days, you can’t get by with anything less, it’s too much of a risk for getting your online identity stolen by hackers. There are plenty of good password managers, including 1Password, KeePass and RoboForm. Each of these password managers has their good points and not-so-good. I’ve looked at all of these and measured them against each other, so I think I’ve got an informed opinion about them. Contrast that with other recommendations you might get from other sources, where the person has only really tried the one they’re recommending. But like computer security programs, these services are constantly being updated and improved, so the only way to really know is to do ongoing re-evaluations. So if you’re looking for other online sources, be sure to check the date of the review, things change pretty fast.

For the top two (in my opinion that’s LastPass and DashLane), there are really only two major differences at this point in time (the date of this article):

  1. lastpass-logoDashLane is $40/yr vs. LastPass is $12/yr. I consider price to be a significant factor because we’re currently at the stage of convincing people that a password manager is mandatory, and part of that convincing is showing that they don’t need to make a huge investment, especially since it will probably be a long-term need. So over 10 years, DashLane would be $400 while LastPass would be $120.
  2. dashlane-logoDashLane doesn’t force you to create a vault for your passwords online, you can use it only locally on a single computer or smartphone. LastPass creates a secure online vault, and each device you connect will download a local copy of that vault, but keep changes synchronized anytime your device is online.

So reason #1 is obvious for folks on a budget or folks who just don’t want to spend as much money on something new. Reason #2 seems to me to be less of a factor for many/most consumers these days. My thinking follows these two arguments:

Advertisement

couple-comparing-laptop-and-smartphone-image-from-shutterstockFirst, most consumers use at least one computer and a smartphone (e.g., two computers) to access the internet, and those two devices almost always are connected to the internet. It would take a lot of work to replicate the vault database between those two devices without having an online method, which both DashLane and LastPass provide. The reasons for keeping your vault offline boil down to insecurity about your online partner (either DashLane or LastPass). If you’re insecure about that, then perhaps you shouldn’t be using the internet. Sorry to be harsh, but there are so many other ways your identity can be compromised – many of them due to your own actions or inactions – that hackers don’t really need your online vault of passwords – they can build up their own from so many other places including your own poorly-protected computer. Just my opinion, but you have to trust your partners in digital security. That would be your password manager, your device manufacturer and your computer security program maker. We are years too far into the digital age to play the head-in-sand game, digital security is something to be managed, not ignored.

hard-drive-being-destroyed-with-hammer-image-from-shutterstockSecond, even if you are someone who only uses the internet from one single device (say your home computer), at some point you’re going to suffer a hard drive crash or other disaster, and could potentially lose that vault if it’s only on your computer. Since 97% of consumers never bother themselves to backup their computers, it’s a real risk to store something only in one place. That’s the explanation for the proliferation of so many online file storage solutions (Amazon Cloud Drive, Dropbox, Google Drive, iCloud Drive, etc.) – making the concept of backup (having a copy of your files in a 2nd place) simple and transparent for users. So you really should want your vault of passwords to be backed up, and both DashLane and LastPass make that as simple as possible with an online copy of your vault. Again, if you can’t trust your password manager to safeguard your passwords, why would you trust any online entity? Why would you use the internet?

lastpass-logoTo me, the argument is simple, LastPass is less than a third the price of DashLane and offers just as much true security for your password vault. They both have good control interfaces and are equally powerful. Keeping your password vault offline is not a valid reason for using DashLane, your passwords are at risk from too many other places. Hackers are constantly dreaming up new and creative ways (think social engineering) to gain access to your online accounts, and your first line of defense is having good passwords. The only realistic way to do that is to use a password manager. And the only way to safeguard your vault of passwords is to have an active password manager constantly backing up your vault and keeping it secure by continually updating their own security to counter these creative hackers. To me that points to either of these two products, and LastPass is much less expensive.

 

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

19 Comments

  1. It’s so refreshing to read common sense advice on digital security. I’ve been using Lastpass for a few years, along with XMarks for $20 inclusive of both products. I finally stopped using XMarks because it seemed redundant given that I use my google identity on Chrome mostly and so I always have my bookmarks on any of my 4 devices. I took a look at Dashlane earlier this year and liked it but not well enough to pay the premium price. My main problem with Lastpass, and it’s not a big deal, is their support. Like so many customer support organizations, I sometimes wonder if they actually read my problem report. I get a lot of off-topic answers, but they do get back to me promptly and honestly I haven’t had to submit a report more than maybe half a dozen times.

    Slightly off topic, but I use Crashplan for backup. I backup to their servers and to a portable hard drive here at home. Wondering what you think about it (or maybe I should browse your library to see if you’ve written about it) as compared to say Carbonite? Also starting to look at Google Drive or One Drive but if I’m going to use cloud storage, I would want to have my files encrypted, not just as on their way to the server but while they reside on the server too. I’m looking at Boxcryptor. Any other ideas about encryption?

    Thanks again for a very well written, common sense piece of password managers.

    • Thanks Bill! Like you, I’ve found that many most tech companies’ customer service sucks. I think that’s what keeps folks like me in business, to make up for their shortcomings. Just sayin…

      I last looked at backup services back in November (this article: https://positek.net/computer-backup/), but haven’t looked at Crashplan specifically, it looks similar to Mozy or Carbonite, at first glance. Over the years I’ve found that fully automated backup solutions have limited real-life use. In most cases, Windows’ File History or Mac’s Time Machine do just fine for backing up, and storing the backups in the cloud has pluses and minuses. I prefer to have a good backup physically at hand on an external hard drive (or a local NAS). When a computer crashes, having a local backup means getting back up to speed much quicker, given internet download speeds versus USB or LAN transfer speeds.

      As to encrypting files on cloud-based file storage services, I think for the most part it’s overkill for consumers. “Sensitive” personal data is mostly a personal feeling. If you’re going to entrust your personal files to cloud-based storage, then you’re trusting that the service provider won’t let them be compromised. And these days, people’s personal computers are likely a greater risk for compromise than cloud-based storage (imo). There’s overhead (time/effort) of programs like boxcryptor, and it’s not worth it for the majority of files you’d store online. That said, I’ll take a look at it (it’s free for private use), and write a review on it soon. Thanks for the tip!

  2. I’ve used Dashlane for 3 years now and love the convenience of it. I’ve even got my kids using it already.
    Although it doesn’t show on their website, Dashlane offers a multi-year discount to members if they sign up for a subscription that is more than one year. My current offer is to renew for 5 years for $69.99. That means that for the 10 years that Last Pass would cost $120, Dashlane will cost me only $140, not $400 (provided the cost doesn’t increase that second 5 years). So it’s not as expensive as it first appears. I don’t know why they don’t advertise this on their website.

    • Thanks for the info Holly! So there are two unknowns: first, that the price for the 2nd 5 years won’t change. That’s no different than LastPass, since we don’t know if they’ll raise their prices either. It’s really hard to predict future pricing. The second issue is one you might want to check out with Dashlane:

      The biggest problem with software you purchase is that when new major versions of the software are released, you may get ‘upgrade’ pricing, but you don’t necessarily get a free upgrade to the new version. This can be critical especially these days with security vulnerabilities – out-of-date software can be a security concern. So you always want to be running only the latest version of whatever software you use.

      Many security software makers use a subscription model rather than selling their software outright, so that during the subscription period you can always upgrade to the latest version as soon as it’s released. Some password manager programs have followed this (like LastPass), while some haven’t (like 1Password at least the last time I checked). I don’t know if your Dashlane subscription entitles you to software upgrades during your subscription, or simply multi-computer use during your subscription. That’s something you’ll need to check out, because it would be very risky to use an outdated password manager program/service.

      For this reason, I’ve moved to subscription-based software purchasing wherever possible. That way as new versions of the software are released, I can upgrade to the latest version at no cost, anytime I want. For regular application software (like MS Office), I usually a month or two after it’s released before I upgrade, so that early adopters can identify bugs to the developer and they can issue patches to fix those bugs. But for security software (antivirus, firewall, anti-malware, anti-exploit), I will install the new version as soon as it’s released.

      The problem is that the bad guys can purchase commercial software just as easily as you or I. Bad guys buy security software, reverse-engineer it, and figure out ways to defeat it. That’s why new versions are released at least once a year. If your software version hasn’t been updated in more than a year (by the software developer), then it’s time to find another program to replace it, that’s just the nature of cybersecurity in the 21st century.

      I hope that Dashlane does in fact give you the latest version with your subscription. When I looked through their support website I couldn’t find any information on whether that’s true or not.

  3. ArindamGadgetDaily

    @Chris Dashlane doesn’t charge for app, they charge for Premium subscription only. Once you pay subscription, you are free to download the latest update anytime. Both the iOS and Mac versions are free always to download (even if you don’t pay subscription). Recently 1Password also have subscription model for single users, and there also you pay and all updates are free till u pay for subscriptions. By d way nice article. Personally I use 1password for last few yrs and seems rock solid as of now.

    • Thanks for the updated info @ArindamGadgetDaily! My understanding is that the Premium upgrade allows you to sync the passwords across your devices – an important factor for some users.

  4. Just curious on your thoughts regarding the Lastpass hacks that occurred in 2015 described in the article below.
    https://www.wired.com/2016/01/you-need-a-password-manager/

    Thanks for the nice comparison.

    • Thanks Jamison! I read about the hack in 2015 and the folks at LastPass confirmed that no unencrypted information was exposed (see their notes at https://blog.lastpass.com/2015/06/lastpass-security-notice.html/).

      My feeling is that nothing is 100% safe, and we are each responsible to ourselves for using the best security. In the case of the 2015 hack, the only risk would have been using a weak master password. Fortunately, LastPass acted quickly and forced a master password change on all potentially affected accounts.

      Also, not using a password manager is way more insecure, I don’t know of any human who can keep track of dozens of strong and unique passwords without help. There are plenty of good alternatives to LastPass, but I’ve found them to be pro-active in dealing with the inevitable breaches, including the one in 2016 the Wired.com article alludes to.

      The bottom line is that every password manager service out there is a huge target for hackers. I like that LastPass has been very up-front in both admitting to the hacks (that’s not common in business y’know), and in taking steps to ensure customers’ security.

  5. I am currently looking for a password manager on my new Amazon Fire. I have been using Dashlane for the past year or two (and finally purchased the premium). I love the syncability. However, it does not seem to be available for the Fire so I am looking again.
    LastPass sounded good, though recent reviews point to a recent upgrade that looks and sound JUST LIKE Dashlane’s recent upgrade- ugly and cumbersome. (Honestly, the screenshot I saw of LP makes me wonder if they are not the same product?)
    Anyway, I am still considering it. What I AM wondering is, would I be able to import my passwords from DL to LP? I really don’t want to start all over again with all new setup.
    Thank you

    • Hi Janet, thanks for your question. Since you are using an Amazon Fire tablet, you are generally limited to whatever apps Amazon makes available to you. Dashlane isn’t on that list, but LastPass is. I have to say that ‘ugly and cumbersome’ is kind of where we are in this technology, if you want full cross-platform capability. There are just too many combinations of types of devices our free-market system provides, which makes it much more difficult for software developers, since they have to create so many different versions of the same product to fit on all the different type of devices we choose to use.

      In general, moving from one program to another involves two steps: 1) exporting your passwords to a common file format (often a .csv type file), and 2) importing that file into the new program. All programs make step 2 easy since they want your business.

      But since step 1 means losing your business, software developers put much less effort into making that step as easy as possible. Dashlane publishes their process at https://csdashlane.zendesk.com/hc/en-us/articles/202625092-How-to-export-or-back-up-your-Dashlane-account and of course, this is something you’d do on your computer. And of course this procedure creates a ‘secure archive’ file, not an easily transferable type of file. Dashlane doesn’t mention that you can export a .csv type file.

      So instead, you’d be depending on the software developer who’s getting your business – LastPass. At https://helpdesk.lastpass.com/importing-from-other-password-managers/ they have instructions for how to import from other programs, Basically, you open your LastPass vault, click More Options, then Import, and then choose Dashlane from the drop-down box. That has instructions which say: “Open Dashlane – File – Export – CSV. Open this file with Notepad. Copy and paste the file contents into this box on this page.”

  6. Hi Chris, I feel you’re missing the mark on this one. Why would you consider LastPass and Dashlane the top two? Dashlane has an insecure password rotation method for websites and LastPass is notorious for vulnerabilities. So what would I recommend? Keeper’s Password Manager [ https://keepersecurity.com ]. They have a free version, good for one device, but like you said there are so many advantages to paying for the unlimited plan and being able to access your secrets from anywhere….Web, desktop, mobile and having them backed up. Price-wise they are less than Dashlane, and they also have a family plan. 5 users for $59/yr which we use as a family to ensure each password in our household is strong and unique and each person has access to what they need (wifi, netflix, garage door pin, their individual google account, etc). Keeper’s patented push technology makes sharing and updating records easy and quick, almost realtime. Anyway, just my two cents to consider. Thanks!

    • Thanks for your comment Clark, If you’ll look at the question that was asked, it didn’t mention Keeper’s Password Manager, so of course I didn’t mention it. I don’t think I “missed the mark”.

      You are entitled to your own opinion on what’s the best password manager for you. When I said (in the article above) “For the top two (in my opinion that’s LastPass and DashLane), there ….” I’m basing that on a number of other independent rating sources, not just my own opinion. For example, http://www.pcmag.com/article2/0,2817,2407168,00.asp.

      The point of this article was to a) stress that everybody should use a password manager at least until something better comes along, and to compare the two products mentioned in the OP’s question.

      I can’t speak to your assertion of an insecure password rotation method in Dashlane, because you didn’t give any rationale to back it up. If you could expand on that aspect I could take a deeper look – what’s insecure about it? But I can speak to the fact that, as the market leader, LastPass has been extensively tested for vulnerabilities, much more stringently than lesser-rans. LastPass has continued to fix vulnerabilities as they’ve been discovered, just like Apple, Microsoft, and virtually every software developer. There has never been such a thing as 100% invulnerable, and the more popular a product becomes, the more ethical hackers will look at it.

      No password manager is invulnerable. For example, The Hacker News recently listed security vulnerabilities for six password managers including Dashlane, LastPass and Keeper at http://thehackernews.com/2017/02/password-manager-apps.html. All this to say that security is a moving target and you can’t just do a one-and-done action to protect yourself. What I’ve found is that LastPass is on the ball with patching vulnerabilities as quickly as they are discovered, so I remain satisfied to continue using them.

      I can’t speak for Keeper’s Password Manager as I hadn’t been asked about it, nor have I looked at it yet. Now that you have, I’m happy to take a look at some point in the future (as a separate topic in a new article).

  7. Roger Tompkins

    My problem with Dashlane (and I’ve used it for three years) is that it doesn’t function on a Chromebook (beyond allowing you to see and physically copy/paste your passwords). Recently I’ve moved 99% of my computing to the Chromebook Pixel so, after a year of using Dashlane alongside LastPass, I’ve elected to let my Dashlane premium plan to expire in favor of continuing on with LastPass premium. Should Dashlane ever construct a program that will fully perform on a Chromebook I’ll look at the issue again, perhaps return to using both.

    • Thanks for your comment Roger, I wasn’t aware that Dashlane doesn’t work with Chromebook. Another reason to keep LastPass at the top of my recommendations. Thanks!

  8. Victor Figueroa

    I think decision LastPass made to double their subscription cost was not wise. Potential customers, or existing ones, will no longer be attracted by the low cost factor. They’re charging $24(yr subscription) + $48/yr (if you get LastPass Families) = $72/yr! I used Lastpass for a few years now but I think those prices are insane. Just my personal opinion.

    Tomorrow I was scheduled to renew my yearly subscription with Lastpass, but today I decided to move to Dashlane. If you have a .edu email, Dashlane offer their premium service for free for 1yr (vs 6/mth with Lastpass). Also, they have the same features as Lastpass, including the ability to share passwords with other members (Free or Premium) for only $39.99/yr.

    • Hi Victor, thanks for your input. Of course you can use whatever password manager you like. One point though, the cost is either $24/year for individual, or $48/year for you and your family. You choose one or the other, not both, so there’s no $72 option unless you purchased both (which you don’t have to).

      Even though LastPass doubled their individual cost, they are still less expensive than Dashlane. I get that it’s more than it used to be, but LastPass is still cheaper (unless you wanted the Families plan, which would compare more to Dashlane’s Business plan for multiple users). Just to keep our apples and oranges separate…

      Your last statement “…ability to share passwords with other members…” doesn’t make sense to me. Another Premium member would be another $40 (I round). A free membership to Dashlane doesn’t include sharing, and also the free membership is on one device only – that compares to LastPass’s free option.

      Both products have a free version with limitations.
      Both have an individual plan (e.g., Premium, $40 for Dashlane, $24 for LastPass).
      LastPass has a ‘families’ tier for $48. Dashlane doesn’t have that option.
      Both have a business multi-user plan (Lastpass is $29/user for teams, or $48/user for enterprise)

      • Victor Figueroa

        Good morning Chris, thanks for replying. This morning, before reading your message, I visited LastPass website and realized there isn’t a $72 plan. I misunderstood. So I apologize to everyone for posting inaccurate information.

        Dashlane Premium, however, does allow you to share unlimited passwords with other premium members, including the free members (I confirmed it with one of their customer service agent). I also confirmed it after opening a free account for my wife and sharing a lot of passwords with her with no problems. But like you said the free version does have some limitations. For example, one of them is that free members can only share 5 of their own passwords with other members (free or premium).

        Also, Dashlane’s iOS app isn’t as mature as LastPass, and its’ performance isn’t great. It’s definitely not comparable to LastPass. It actually made me miss LastPass already :-). So I may return sooner than later…

        • Thanks for the update and feedback Victor! Dashlane may be a reasonable alternative for some use cases, such as one premium member and other free members who depend mostly on the premium member’s vault for passwords and don’t have many/any of their own. I’m glad you’re giving Dashlane a fair shake – it’s better for LastPass if they continue to have healthy competition so they don’t stop improving their product.

  9. Thank you for providing this information!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.