384
Hi! I'm Derek Snyder, Chief Product Officer at Dashlane, a password management company, ask me anything except my password!
Hi everyone! I’m Derek Snyder, the Chief Product Officer at Dashlane, where I’m responsible for product strategy, definition, and design. Dashlane keeps all of your passwords, payments, and personal info in one place that only you have access to so that you can securely and instantly use them at any time. What attracted me to Dashlane was that it was a product designed to improve people's lives and its emphasis on security.
A little about who I am: prior to joining Dashlane, I led teams of all shapes and sizes with products for both businesses and consumers at Microsoft, Skype, Getty Images, and TrackMaven.
I'm looking forward to speaking with you all and would love to hear your questions about Dashlane, sports (kidding on this one, please don't ask me about sports), my life, or anything in general (except my account info!). AMA!
Proof Photo: https://imgur.com/a/47K2CTf
More information about Dashlane: https://www.dashlane.com/
As a thank you for hosting me, enjoy a month of Dashlane Premium free on me. But be quick, this offer expires July 30th! Use code: DashlaneOnDerek and don’t forget to check us out on reddit at https://www.reddit.com/r/Dashlane/
EDIT: Thanks for all the questions! I have to head out for now but I'll be answering more questions as they come in throughout the day!
EDIT 2: Thanks for all the questions! That’s it from me for now but come check out our subreddit /r/dashlane if you have more questions. I'll keep an eye out!
dereksnyder29 karma
The brief history on this is that when we were moving from the desktop app to a web app + extension as our desktop offering, there were a number of features that needed to be ported over. We prioritized the order based on two dimensions: how much each missing feature is used and how much effort it would take our engineering team to rebuild them. Emergency was one of those really tough features because it was only activated by a very small number of our users (<5%) and also VERY expensive to migrate (we hadn't touched the feature for a long time so there was a lot of tech debt). I made the decision to sunset the desktop apps without having Emergency ready, which meant the feature would be no longer available.
To build Emergency the right way, we are going to build it on top of our Sharing features (the codebase has really diverged), and so that's why there's such a long delay in bringing it back. To be very candid, we are going to focus on building some new Sharing capabilities first before moving on to what will ultimately be Emergency's successor.
I know this is very disappointing to you since you have come to rely on Dashlane for this. All I can say is that it's on me and it was not an easy decision to make. In the interim, we have posted a workaround that involves exporting data that some of our customers have found useful.
BlueHairCritic67 karma
Why did you discontinue the desktop client? That was one of the main points for buying into your product.
dereksnyder62 karma
Few reasons:
1.) Over 80% of our active users were only using Dashlane in the browser. Turns out they would go to the desktop app mostly when something went wrong (e.g. our autofill wasn't good enough which is our problem, not theirs)
2.) It was slowing us down from developing new features in a timely manner. We are releasing much faster now that we have a single code base for all our desktop users.
3.) In the last few years, we have really grown our B2B business, and it is much easier for IT admins to preinstall a browser extension than a desktop app (along with all the end user training, etc.).
We've worked hard to build all the functionality from the desktop app into our web app. Is there something in particular missing that I should know about?
Paedar50 karma
One thing I've always wondered about password managers, but also about remotely running software (aka servers) in general is how the web of trust is properly formed. Some software is open source (I'll have to admit i don't know if Dashlane is), but even then the question rises how can I, the customer, confirm that what you say you're running on your servers is what you say you're running on your servers?
As a software developer myself this interests me professionally, but as a user of tools like password managers it probably interests me even more.
dereksnyder43 karma
Great point, actually. We have published a white paper about our security model (https://www.dashlane.com/download/Dashlane_SecurityWhitePaper_March2021.pdf), have public patents about our zero-knowledge architecture (https://patents.justia.com/assignee/dashlane-sas) , and are indeed looking at ways we can provide more transparency about how our apps are built.
Not1Password30 karma
Have you managed to convinced your parents to use a password manager?
dereksnyder9 karma
Good question!
Believe it or not, I have! But just my father. My mother doesn't do much online except for when she asks my dad to check something on "Myface" or "Facespace" (I think those are meant to be two different social networks but I'm not sure).
With Dad, I started small. He used to keep a USB key with an excel file of all his passwords in a safe, and I convinced him that the passwords were too simple and thus very hackable. We prioritized doing his investment and bank accounts first, and before long he was using it for almost everything. The last password he replaced was his email account, and I think he finally did it because he kept getting phished (if you use autofill, it knows not to autofill the password if it's not the right domain).
Veszerin28 karma
What is your most frequently used password, and how long has it been hunter2?
dereksnyder19 karma
I used to use the names of my grade school crushes. Let me send you a screenshot! Just kidding, now I use the unique auto-generated passwords Dashlane provides :-).
MikeScops10 karma
I think this a fun question because everyone has a different opinion on it. We all loved the Impala and at the same time were not sure how it relates to a password manager :s
EaterOfFromage3 karma
I liked it, and always thought the relationship was obvious - speed. It was designed to make logging in a fast and graceful process, like an impala.
dereksnyder4 karma
You know, I personally do miss it. But you wouldn't believe how much confusion it caused. Most of our customers thought it was a deer. One even referred to it as an alpaca!
-DementedAvenger-21 karma
How can we make a password manager more accessible and easy to use for seniors?
I’m the IT Coordinator at an “Independent Living Facility” (retirement home), and constantly run into problems explaining these technologies to older people.
I have emailed tons of big companies asking (and begging) for time to chat with the product teams to help develop some “Simple Mode™” or something for seniors because they don’t understand this shit, but I never get anything back. lol
It’s a huge market and almost nothing being done to simplify these things for older people.
spays_marine3 karma
The problem will be solved with new authentication standards like security keys. Old people understand keys.
dereksnyder2 karma
I tend to agree. I think the recently announced Fido alliance standard around passkeys will be really interesting, but the transition will take a while. In the meantime, I think the best thing we can do for seniors (or anyone for that matter!) is make logging in simple regardless of whether it's password-based, a social login (e.g. Facebook connect), or soon a passkey. We're working on adapting our autofill engine and vault so that it can work well on all those terrains.
BTW, one other idea we have been toying with is allowing you to "co-own" an account with someone else. So in this scenario, I could co-own my father's account and periodically login on his behalf and help tidy up all his accounts.
dereksnyder26 karma
I'd love to share but it's too sad a story. We had to send him out to live on a "farm".
mattreyu17 karma
What's your wife's password?
For real now, how do you differentiate yourself from other password management services?
dereksnyder17 karma
Funny :-). We tend to think of our product as being the easiest to use and, more specifically, one that makes it really easy to understand your vulnerabilities and act on them before they become an issue. We do this with a combination of dark web scanning (for breaches), automatic password changing, and a password health score that makes it easy to understand what small steps you need to make to improve your security.
Candid-Resolve883617 karma
I noticed Dashlane originally started in Paris, do you live there or get to travel internationally much? Are you based in the US?
dereksnyder22 karma
Yeah, that's right -- our co-founders are French. In the before times, I was there every other week or so. Now I go about once a month, and also when I need some decent bread. And yes, I'm based in New York.
Candid-Resolve883614 karma
, and also when I need some decent bread. And yes, I'm based in New York.
Decent bread is hard to find this side of the pond. :)
dereksnyder3 karma
We use Zoom constantly but it does not solve for timezones. There are times, especially when doing planning, where we all need to get in the same room.
As for the carbon impact, we buy offsets for employee travel.
dutchkillz13 karma
Hi, I was wondering what happens if I lose my master password, does that mean I lose access to all of my passwords?
dereksnyder20 karma
Great question. Because we don't store the master password (making us zero-knowledge), you might indeed have to reset your account and start over. HOWEVER, we have created a number of safety measures to keep this from happening. For instance, if you use Dashlane on your phone you can use your biometrics (FaceID, etc.) to reset your MP. If you use Dashlane at work, your IT team can reset the account for you (without breaking zero-knowledge).
dereksnyder19 karma
Well, I like to think about the CPO as being responsible for the definition and design of the product. What features should it have and why? And how should those features work so that the customer can be successful and the business can grow?
Boppyd8 karma
I know the team has shared info about your plans for a passwordless future, any hints on something we don't know yet?
dereksnyder18 karma
I'll just say that:
1.) The world doesn't want to use passwords
2.) We've said this all along
3.) With Dashlane, you only need to remember a single master password
4.) Very soon, you won't even need that
ZaZoram8 karma
Why are you better than Password Safe?
dereksnyder20 karma
I hadn't heard of them until now but at a quick glance, it looks like we support more platforms/devices, seem to have more sharing capabilities, and our UX (although I'm biased) seems to be better. But again, just at first glance.
ZaZoram4 karma
Password Safe
Have not hear of Bruce Schneier? I do hope you know who he is.
dereksnyder9 karma
Just read up on him, fascinating guy. I'm pretty sure our engineering team is a big fan of his (we obviously do a lot of work on cryptography). Thanks for the pointer.
True_Macaron_19617 karma
I'm conducting a survey for an undisclosed foreign country; could I please have the last 4 digits of your social and your Date of Birth? You could win a free iPod Nano 2GB.
iMisterD5 karma
What is the feature that you most miss on Dashlane and the one you most look forward to?
dereksnyder17 karma
I would love it if Dashlane allowed me to "co-own" an account with my wife. It would be great to be able to plop things in her vault and have her do the same for mine. In terms of what I look forward to most, we are rolling out a number of improvements for autofill that make it easy to fill a form that is not recognized by Dashlane, without having to copy/paste!
Candid-Resolve88364 karma
That would be awesome. I know you guys have the Family package but is totally different than this suggestion. I guess you and your wife could just use the same credentials etc?? Idk if that would be the same thing as you're envisioning though.
dereksnyder5 karma
Yeah, that's a good hack in the meantime but I agree with you it would be awesome to have something more official :-).
no_choice995 karma
If your focus is on security, why is it about passwords, which is an outdated technology when other more secure alternative options are already on the table?
dereksnyder17 karma
Yes, I agree with you but unfortunately the vast majority of the world still uses passwords. Our job is to help transition the world away from thinking about passwords too much to not having to think about them at all. Today, we hide them by using autofill and tomorrow we will support all sorts of authentication mechanisms. Think of us as the hybrid car that bridges the world from gas to electric.
dereksnyder3 karma
We have not yet open-sourced our product, but we likely will for increased transparency.
dereksnyder14 karma
Most people don't know that you can use Dashlane to supply your 2FA codes, without actually having to use a second device. So when I log in to Reddit, for instance, Dashlane will autofill the password but also the 2FA code. And what's really cool, is that both the password and 2FA code can be shared with other people (which is really handy for co-workers wanting to share a social media account, for instance). Spread the word!
par_texx7 karma
While neat, isn't that a security risk? Should the vault ever become compromised, you've also lost your 2FA as well.
dereksnyder6 karma
Fair point, you can absolutely use 2FA on a dedicated second device using our separate Dashlane Authenticator app. But, more generally, we have a zero-knowledge architecture which makes our product extremely difficult to hack.
Candid-Resolve88363 karma
If you use a 2FA Authenticator App though, I don't see the benefit IMO. In my perspective real 2-Factor is having two separate devices involved. This sounds like it's built into the one app/extension and not really two places of authentication.
dereksnyder11 karma
Yes I agree. True 2FA is one of the best things you can do to secure your account. The reality is, most people don't set it up because it's too hard. So I'd rather have millions of users using a slightly less perfect 2FA solution than hundreds doing it the perfect way. BTW, I agree and do reserve true 2FA for my most vital services.
stormcloudless2 karma
How to know you aren't a Russian or Chinese or Nigerian hacker squad?
dereksnyder2 karma
Well, I did provide a proof photo. The only squad I've ever been a part of is a dodgeball squad in high school.
dereksnyder2 karma
I understand where you're coming from. Dashlane has been around for 13 years and there's a lot you can find out publicly about the company and its track record.
dereksnyder8 karma
I do! For me, it's about making an impact and solving a puzzle. The puzzle with security is that a lot of it depends on individual choices. And the problem with individual choices, is that we are often resistant to do little things now for a future pay off (just talk to anyone in the fitness industry). So it's a fun thing to crack -- making a product that people will actually WANT to use and can be successful in terms of actually solving a problem -- improving their security.
jeannedashlane5 karma
This post doesn't have an official reason; but should serve as an excellent beginning to a rabbit hole on the etymology of the word Password: https://blog.dashlane.com/a-brief-history-of-passwords/
dereksnyder4 karma
Great point. I wonder where the term originated from...
We do now have passkeys coming so we'll never run out of suffixes it seems.
GoldEnigma1 karma
How did you get involved? I feel so stuck with all this debt, pretty discouraged to even try anything
croutonic143 karma
I'm a long time Dashlane user. When are you planning on bringing back the Emergency Access feature? It was such an easy way to make sure that if someone like a family member was incapacitated to ensure that their delegate could have access. Now you have to take regular manual backups of vaults and shared them via third party apps. That manual process means it never happens in practice, especially for the less technically minded user who is in most need of a password manager.
View HistoryShare Link