Hi! I'm Derek Snyder, Chief Product Officer at Dashlane, a password management company, ask me anything except my password!

I'm a long time Dashlane user. When are you planning on bringing back the Emergency Access feature? It was such an easy way to make sure that if someone like a family member was incapacitated to ensure that their delegate could have access. Now you have to take regular manual backups of vaults and shared them via third party apps. That manual process means it never happens in practice, especially for the less technically minded user who is in most need of a password manager.

The brief history on this is that when we were moving from the desktop app to a web app + extension as our desktop offering, there were a number of features that needed to be ported over. We prioritized the order based on two dimensions: how much each missing feature is used and how much effort it would take our engineering team to rebuild them. Emergency was one of those really tough features because it was only activated by a very small number of our users (<5%) and also VERY expensive to migrate (we hadn't touched the feature for a long time so there was a lot of tech debt). I made the decision to sunset the desktop apps without having Emergency ready, which meant the feature would be no longer available.

To build Emergency the right way, we are going to build it on top of our Sharing features (the codebase has really diverged), and so that's why there's such a long delay in bringing it back. To be very candid, we are going to focus on building some new Sharing capabilities first before moving on to what will ultimately be Emergency's successor.

I know this is very disappointing to you since you have come to rely on Dashlane for this. All I can say is that it's on me and it was not an easy decision to make. In the interim, we have posted a workaround that involves exporting data that some of our customers have found useful.

Why did you discontinue the desktop client? That was one of the main points for buying into your product.

Few reasons:

1.) Over 80% of our active users were only using Dashlane in the browser. Turns out they would go to the desktop app mostly when something went wrong (e.g. our autofill wasn't good enough which is our problem, not theirs)

2.) It was slowing us down from developing new features in a timely manner. We are releasing much faster now that we have a single code base for all our desktop users.

3.) In the last few years, we have really grown our B2B business, and it is much easier for IT admins to preinstall a browser extension than a desktop app (along with all the end user training, etc.).

We've worked hard to build all the functionality from the desktop app into our web app. Is there something in particular missing that I should know about?

One thing I've always wondered about password managers, but also about remotely running software (aka servers) in general is how the web of trust is properly formed. Some software is open source (I'll have to admit i don't know if Dashlane is), but even then the question rises how can I, the customer, confirm that what you say you're running on your servers is what you say you're running on your servers?

As a software developer myself this interests me professionally, but as a user of tools like password managers it probably interests me even more.

Great point, actually. We have published a white paper about our security model (https://www.dashlane.com/download/Dashlane_SecurityWhitePaper_March2021.pdf), have public patents about our zero-knowledge architecture (https://patents.justia.com/assignee/dashlane-sas) , and are indeed looking at ways we can provide more transparency about how our apps are built.

Have you managed to convinced your parents to use a password manager?

Good question!

Believe it or not, I have! But just my father. My mother doesn't do much online except for when she asks my dad to check something on "Myface" or "Facespace" (I think those are meant to be two different social networks but I'm not sure).

With Dad, I started small. He used to keep a USB key with an excel file of all his passwords in a safe, and I convinced him that the passwords were too simple and thus very hackable. We prioritized doing his investment and bank accounts first, and before long he was using it for almost everything. The last password he replaced was his email account, and I think he finally did it because he kept getting phished (if you use autofill, it knows not to autofill the password if it's not the right domain).

What is your most frequently used password, and how long has it been hunter2?

I used to use the names of my grade school crushes. Let me send you a screenshot! Just kidding, now I use the unique auto-generated passwords Dashlane provides :-).

Do you ever miss the Impala logo? I think it had a lot more character.

I think this a fun question because everyone has a different opinion on it. We all loved the Impala and at the same time were not sure how it relates to a password manager :s

I liked it, and always thought the relationship was obvious - speed. It was designed to make logging in a fast and graceful process, like an impala.

You know, I personally do miss it. But you wouldn't believe how much confusion it caused. Most of our customers thought it was a deer. One even referred to it as an alpaca!

How can we make a password manager more accessible and easy to use for seniors?

I’m the IT Coordinator at an “Independent Living Facility” (retirement home), and constantly run into problems explaining these technologies to older people.

I have emailed tons of big companies asking (and begging) for time to chat with the product teams to help develop some “Simple Mode™” or something for seniors because they don’t understand this shit, but I never get anything back. lol

It’s a huge market and almost nothing being done to simplify these things for older people.

The problem will be solved with new authentication standards like security keys. Old people understand keys.

I tend to agree. I think the recently announced Fido alliance standard around passkeys will be really interesting, but the transition will take a while. In the meantime, I think the best thing we can do for seniors (or anyone for that matter!) is make logging in simple regardless of whether it's password-based, a social login (e.g. Facebook connect), or soon a passkey. We're working on adapting our autofill engine and vault so that it can work well on all those terrains.

BTW, one other idea we have been toying with is allowing you to "co-own" an account with someone else. So in this scenario, I could co-own my father's account and periodically login on his behalf and help tidy up all his accounts.

What's your first pets name?

I'd love to share but it's too sad a story. We had to send him out to live on a "farm".

I noticed Dashlane originally started in Paris, do you live there or get to travel internationally much? Are you based in the US?

Yeah, that's right -- our co-founders are French. In the before times, I was there every other week or so. Now I go about once a month, and also when I need some decent bread. And yes, I'm based in New York.

, and also when I need some decent bread. And yes, I'm based in New York.

Decent bread is hard to find this side of the pond. :)

Right you are!

Your carbon footprint must be massive, ever consider Zoom?

We use Zoom constantly but it does not solve for timezones. There are times, especially when doing planning, where we all need to get in the same room.

As for the carbon impact, we buy offsets for employee travel.

What's your wife's password?

For real now, how do you differentiate yourself from other password management services?

Funny :-). We tend to think of our product as being the easiest to use and, more specifically, one that makes it really easy to understand your vulnerabilities and act on them before they become an issue. We do this with a combination of dark web scanning (for breaches), automatic password changing, and a password health score that makes it easy to understand what small steps you need to make to improve your security.

Automatic password changing! Now you have my attention.

https://support.dashlane.com/hc/en-us/articles/360015328420-Password-Changer-for-mobile#:\~:text=Open%20Dashlane%20on%20your%20Android,the%20bottom%20of%20the%20page.

Thanks for the response! (and putting up with yet another PII joke)

The best jokes are PII jokes.

What does a Chief of Product really do?

Well, I like to think about the CPO as being responsible for the definition and design of the product. What features should it have and why? And how should those features work so that the customer can be successful and the business can grow?

Hi, I was wondering what happens if I lose my master password, does that mean I lose access to all of my passwords?

Great question. Because we don't store the master password (making us zero-knowledge), you might indeed have to reset your account and start over. HOWEVER, we have created a number of safety measures to keep this from happening. For instance, if you use Dashlane on your phone you can use your biometrics (FaceID, etc.) to reset your MP. If you use Dashlane at work, your IT team can reset the account for you (without breaking zero-knowledge).

I know the team has shared info about your plans for a passwordless future, any hints on something we don't know yet?

I'll just say that:

1.) The world doesn't want to use passwords

2.) We've said this all along

3.) With Dashlane, you only need to remember a single master password

4.) Very soon, you won't even need that

Why are you better than Password Safe?

https://pwsafe.org/

https://en.wikipedia.org/wiki/Password_Safe

I hadn't heard of them until now but at a quick glance, it looks like we support more platforms/devices, seem to have more sharing capabilities, and our UX (although I'm biased) seems to be better. But again, just at first glance.

Password Safe

Have not hear of Bruce Schneier? I do hope you know who he is.

Just read up on him, fascinating guy. I'm pretty sure our engineering team is a big fan of his (we obviously do a lot of work on cryptography). Thanks for the pointer.

I'm conducting a survey for an undisclosed foreign country; could I please have the last 4 digits of your social and your Date of Birth? You could win a free iPod Nano 2GB.

Does the Nano have a lightning port or a legacy iPod connector?

What is the feature that you most miss on Dashlane and the one you most look forward to?

I would love it if Dashlane allowed me to "co-own" an account with my wife. It would be great to be able to plop things in her vault and have her do the same for mine. In terms of what I look forward to most, we are rolling out a number of improvements for autofill that make it easy to fill a form that is not recognized by Dashlane, without having to copy/paste!

That would be awesome. I know you guys have the Family package but is totally different than this suggestion. I guess you and your wife could just use the same credentials etc?? Idk if that would be the same thing as you're envisioning though.

Yeah, that's a good hack in the meantime but I agree with you it would be awesome to have something more official :-).

If your focus is on security, why is it about passwords, which is an outdated technology when other more secure alternative options are already on the table?

Yes, I agree with you but unfortunately the vast majority of the world still uses passwords. Our job is to help transition the world away from thinking about passwords too much to not having to think about them at all. Today, we hide them by using autofill and tomorrow we will support all sorts of authentication mechanisms. Think of us as the hybrid car that bridges the world from gas to electric.

In your opinion, what's Dashlane's most underrated feature?

Most people don't know that you can use Dashlane to supply your 2FA codes, without actually having to use a second device. So when I log in to Reddit, for instance, Dashlane will autofill the password but also the 2FA code. And what's really cool, is that both the password and 2FA code can be shared with other people (which is really handy for co-workers wanting to share a social media account, for instance). Spread the word!

While neat, isn't that a security risk? Should the vault ever become compromised, you've also lost your 2FA as well.

Fair point, you can absolutely use 2FA on a dedicated second device using our separate Dashlane Authenticator app. But, more generally, we have a zero-knowledge architecture which makes our product extremely difficult to hack.

If you use a 2FA Authenticator App though, I don't see the benefit IMO. In my perspective real 2-Factor is having two separate devices involved. This sounds like it's built into the one app/extension and not really two places of authentication.

Yes I agree. True 2FA is one of the best things you can do to secure your account. The reality is, most people don't set it up because it's too hard. So I'd rather have millions of users using a slightly less perfect 2FA solution than hundreds doing it the perfect way. BTW, I agree and do reserve true 2FA for my most vital services.

Where can I download the source code to your software?

We have not yet open-sourced our product, but we likely will for increased transparency.

So, what street did you grow up on?

Password123 Avenue

Your favorite pizza spot in nyc?

Joe's. What about yours?

How to know you aren't a Russian or Chinese or Nigerian hacker squad?

Well, I did provide a proof photo. The only squad I've ever been a part of is a dodgeball squad in high school.

Well I'm referring to the company if I use them

I understand where you're coming from. Dashlane has been around for 13 years and there's a lot you can find out publicly about the company and its track record.

Do you really love your job?

I do! For me, it's about making an impact and solving a puzzle. The puzzle with security is that a lot of it depends on individual choices. And the problem with individual choices, is that we are often resistant to do little things now for a future pay off (just talk to anyone in the fitness industry). So it's a fun thing to crack -- making a product that people will actually WANT to use and can be successful in terms of actually solving a problem -- improving their security.

Why is it password and not pass code or another analogous term?

This post doesn't have an official reason; but should serve as an excellent beginning to a rabbit hole on the etymology of the word Password: https://blog.dashlane.com/a-brief-history-of-passwords/

I give you award!

Great point. I wonder where the term originated from...

We do now have passkeys coming so we'll never run out of suffixes it seems.

How did you get involved? I feel so stuck with all this debt, pretty discouraged to even try anything

Involved with what? With Dashlane?

Why is 1Password so awesome and when are you switching?

1Password does a great job. There's room for more than one provider.