Inspired? No home

How not to treat passwords

I have been using Dashlane as a password manager as I though 1Password was a bit too pricey given there are many half-decent free alternatives.

Saving new accounts and authenticating automatically worked really well with Dashlane. I would say it is even smoother than 1Password. There were however instant turn-offs. Passwords are very obviously very important. When dealing with passwords you probably don't want to use humour or other simpler ways of interacting with your application or the way you market your product. Dashlane has other thoughts. They use gamification heavily in their application. To unlock features you need to annoy your friends on Twitter or Facebook about their application. And it continuously asks you to get more points by filling out the profile and other tasks. This behaviour should have resulted in an uninstall for me but as it was free and every day usage of logins were working well so I continued using it. Not a good idea.

I had also installed their iPhone-app. It is a horrible piece of software as was their Safari extension until very recently, using 100% cpu on my MacBook. The iPhone-app would take about 5 minutes to decrypt data. This occurred on every launch. So unusable. Thus I decided to delete it and to delete all my data that they had stored on their servers, as sync goes through their server. Data is also available by logging in on their website. So I sent a request to support: "Can you please delete my account and delete all my data.".

They did. And then I was going to use Dashlane on OSX and my data was gone. Dashlane promotes sync as an added feature and something to be enabled from the local application. It does not seem to be a key core part of how the service operate, but it is. In fact the local account is based on the account on the server and Dashlane has a kill switch to the local data. That is not the way to treat passwords. And there is no way to get it back. They have no backups locally (1Password does a backup every day and keeps it for 30 days).

Also, funny how using a password manager that is supposed to securely save all my passwords and not have me think about them anymore led me to lose all my passwords.

Lesson learned again: "If you are not paying for it; You're the product"

Written on 14 July 2012.
blog comments powered by Disqus