Today I ran into my first problem using Dashlane, do you remember this post where I said : “Guys you should use Dashlane because it’s awesome, especially in case of a password leak” ? I remember it well ! and I believe that Dashlane is an awesome tool to “avoid” your passwords to be leaked. However it has some flaws ! For the story, I was playing with CUDA yesterday and I almost broke my system, so i decided to make a fresh install of OS X Mountain Lion on my MacBook Pro. Everything went well, until I wanted to use Dashlane again. I had downloaded Chrome, and Dashlane from their website ! and when I decided to log back in to access my passwords, Dashlane told me :
Enter your e-mail (login) and we will send you an e-mail with a token on your e-mail or phone number !
Wow ! What ?
ok ! it’s a good idea, but the password that I used for my e-mail account (online) was on Dashlane, and I had no access to my e-mails anymore since Dashlane had my password ! And there I was, sitting in front of my computer logged out of almost all my accounts !
I began to think, and remembered quickly that I had my iPhone with me and that I had access to my e-mails via 3g (awesome …) I tried to obtain the token from Dashlane to log back in … and it never came ! I’m still waiting for it ! I requested it at least 25 times ! nothing ! nada, rien ! geen e-mail ! I contacted the Dashlane support for more information but I never got any answers back ! I also checked my spams box but nothing in there either !
Finally I got another idea:
The computer had to be identified at some point via a file ? so why not find that file on my TimeMachine drive and replace it ? so basically that trick worked !
I replaced the Dashlane folder from my new Install with the Dashlane folder from my time machine ! and that’s how I finally could log back into all my accounts ! This is where the folder is located :
1 |
/Users/Noktec/Library/Application Support/ |
Edit 1 : So Dashlane got bak to me about that problem and told me that they implemented a new message in their popup. Now when you want to generate a password for your e-mail account associated with Dashlane show this message :
And I simply replied the following :
@dashlane The Pop up should say “it is not recommended to generate a password with dashlane” because the password should still be strong.
Because I thought the popup was not clear enough. However, it’s a good step forward !
Screenshots in Dashlane ?
While I was copying my Dashlane folder I discovered a folder containing unencrypted screenshots of me purchasing something on Amazon. I then wondered “why does that Dashlane’s folder contain multiple folder with screenshots of my purchases, that’s kind of silly ? isn’t it ?” So I contacted them and we will see what happens.
Edit 2 : A t Some point Dashlane got back to me via their twitter account and mentioned this :
1) My first question was :
Why are you making screenshots while we buy things ?
This answer does not convinced me at all ! especially since I saw that those screenshots were not encrypted so I asked a second question :
2) My second question was :
Why are the screenshots not encrypted in the folder ?
1 |
~/Library/Application Support/Dashlane/www/{...}/ |
and that we need to enter our master password in the application ? :
So I hope that at some point they’ll get back to me with an answer, or with an update ! and they did !
Edit 3:
I got an e-mail back with a brief description of what is happening in Dashlane :
I have to say that since people are connected most of their time, unencrypted screenshots are thus vulnerable most of the time ! However has they said, those screenshot do not represent your password, and are thus information that are not “really” “valuable” for a hacker. On the other hand I have to say that their team is very responsive, and seems to care about the problems that happens with their software ! I’m really impressed about that in a good way ! and will definitely recommend Dashlane to whomever wants to try to keep their passwords safe.
{ 2 } Comments
Fatal error: Uncaught Error: Call to undefined function ereg() in /home/users4/n/noktec/www/noktec/wp-content/themes/barthelme/functions.php:178 Stack trace: #0 /home/users4/n/noktec/www/noktec/wp-content/themes/barthelme/comments.php(34): barthelme_commenter_link() #1 /home/users4/n/noktec/www/noktec/wp-includes/comment-template.php(1554): require('/home/users4/n/...') #2 /home/users4/n/noktec/www/noktec/wp-content/themes/barthelme/single.php(44): comments_template() #3 /home/users4/n/noktec/www/noktec/wp-includes/template-loader.php(106): include('/home/users4/n/...') #4 /home/users4/n/noktec/www/noktec/wp-blog-header.php(19): require_once('/home/users4/n/...') #5 /home/users4/n/noktec/www/noktec/index.php(17): require('/home/users4/n/...') #6 {main} thrown in /home/users4/n/noktec/www/noktec/wp-content/themes/barthelme/functions.php on line 178