Dashlane Vs Google: Password Management Comparison
Sponsored Content: We compare Dashlane and Google Password Manager, two leading password management solutions, and take a look at their key features and benefits.
Expert Insights / Jan 05, 2021By Caitlin Jones
“Traditional” methods of saving passwords on post-its and in Excel docs, and sharing them via instant messages or emails, are not strong enough to keep your business secure. In recent years, hackers have developed increasingly sophisticated methods of stealing credentials to gain access to corporate accounts, moving from brute force attacks to targeted and highly effective social engineering attacks, such as spear-phishing and pharming.
However, advancement of attack methods is only half of the problem. The other half lies within an organization’s security culture. As a population, we’re terrible at creating strong passwords and, because of this, passwords can be the weakest link in a company’s security. A recent study from OWASP found that “123456”, “password” and “qwerty” are consistently the most commonly used passwords across the globe, even in today’s increasingly cyber-aware world. Unfortunately, password bad practice also extends to the IT world, with 50% of IT professionals reusing passwords across multiple workplace accounts.
A prime example of this is the recent hack experienced by Nissan North America. Nissan had stored the source code of their mobile apps and a number of their internal tools in a Bitbucket Git server “secured” with a default username and password combination of admin/admin. The Git server has since been taken offline and Nissan has launched an investigation – but not before the stored data had been circulated amongst hacking forums. One weak password put Nissan’s infrastructure and reputation at risk; something that could have been avoided with the implementation of a business password management solution. You can find out more about the incident here.
Password management solutions help organizations solve these security challenges by enabling them to better manage account access across the business. They do this by helping users to generate and securely store strong passwords for all of their accounts, which can be synchronized across all of their work devices. This improves the organization’s security, protecting against hacking threats, whilst reducing the complexity of creating and storing a strong password for each of a user’s accounts. To do this, password managers provide key features such as secure password storing and sharing tools, enhanced encryption, and centralized administrative reporting and management capabilities.
Most web browsers come with a built-in password management tool that helps users keep track of their account credentials. Because they’re entirely browser-based, these solutions can be up and running as soon as the user opens their browser, no matter what device they’re using, with no need to install an app or add an extension. This often makes them a popular default for password free management.
However, these free solutions often provide only very basic password functionality aimed at individual users. There are a number of dedicated password management solutions on the market designed for enterprise customers, providing key features such as secure password storing and sharing tools, enhanced encryption, and centralized administrative reporting and management capabilities. In this article, we’ll compare two leading password management tools: Dashlane, a dedicated password manager, and Google Password Manager, a free browser-based password manager. We’ll give you an overview of each solution, as well as explore their key features in depth in order to help you choose the best platform for your business. While password managers often provide features outside the ones mentioned in this article, we feel that these are the most crucial and relevant to organizations of any size looking to implement a password manager.
What Is Dashlane?
Dashlane is a business password management solution designed to be as easy to use as it is secure. It’s popular amongst both technical and non-technical customers for providing an intuitive user experience that protects valuable corporate data, lowers help-desk costs and increases employee productivity.
From the centralized management console, admins can easily onboard, offboard and manage their employees, and employees can manage their own accounts and passwords via the secure vault. Dashlane also gives employees the power to reset their own passwords, including their master passwords, so that they can recover accounts without the need for IT desk resources.
Key features of Dashlane’s password management solution include a US-patented security architecture with AES 256-bit encryption, a secure password sharing center, a centralized admin console, an in-built VPN and the ability to isolate business and personal credentials so that admins can monitor the health of passwords across an employee’s business accounts without compromising their personal privacy. These capabilities work seamlessly together, enabling Dashlane to currently help more than 15 million users from over 20,000 organizations around the world to secure their business accounts and protect their data from unauthorized access.
Dashlane offers enterprise password management in two packages: Dashlane Team and Dashlane Business. Dashlane Team provides their password management functionality, including their secure password vault, admin management and reporting, group password sharing and two-factor authentication (2FA). Dashlane Business includes all of the features of Team, plus SAML-based single sign-on (SSO) and a free family protection plan for each user.
Google Password Manager is a free password manager built into Google’s Chrome web browser. It’s popular among users for its ease of use, automatic set-up and device syncing, which, because the tool is browser-based, enables users to access their passwords across multiple devices without having to install any software or apps.
From the management portal at passwords.google.com, users can manage the accounts and passwords stored in their secure vaults. This includes adding, removing and editing passwords, as well as being able to export a list of all stored passwords in a text file format.
Key features of Google’s password management tool include easy-to-use password storage and encryption and automatic form fill capabilities, a password generation tool that makes sure that users are creating strong, unique passwords across their business accounts, and a Password Checkup tool that checks whether stored passwords have been compromised in any known breaches.
Google Password Manager is popular amongst the consumer market, and is often the default for organizations that haven’t chosen to invest in a dedicated password management solution. This means that it lacks the administrative controls and reporting features that other solutions may offer, but it enables employees to have full control and responsibility over their account passwords. Additionally, Google Password Manager does not work in other popular browsers such as Firefox or Safari.
The core component of any password manager is a secure password vault that stores each user’s login credentials and helps them retrieve their passwords more easily. Dashlane’s vault encrypts the user’s password database with a master password key, and this master password is the only one that users have to remember. Google’s password vault doesn’t use a master key to encrypt passwords; it relies on the operating system’s local encryption to keep sensitive information safe. Once the user has signed into the password manager with their master key or device credentials respectively, both managers automatically fill in online login forms using the correct credentials stored in the vault, including the user’s name and email address if required. And if the user hasn’t created an account yet, the manager can generate a random password for it. From an end user’s perspective, this means simply signing in once to their password vault at the beginning of their session in Dashlane’s case or just opening the Chrome browser in Google’s, and having easy, automatic access to all of their business accounts without the need to remember or enter any login credentials.
Dashlane’s password vault offers AES 256-bit encryption, and Dashlane offers an additional Argon2d encryption setting that adds latency to offer stronger security against brute force attacks. The solution also features automatic breach alerts; if an hacker attempts to breach a user’s vault, the user is immediately alerted. They also offer dark web scanning, which searches the internet for stolen credentials being sold and, if the scan returns positive, alerts users that they need to change their password.
Google’s password vault doesn’t include master key encryption; instead, users’ credentials are protected by the base layer of authentication that they use to log in to their device at the start of a session. Once signed on, the user can open their Chrome browser and instantly access all of their saved passwords. This means that there’s no need for the user to remember a master key, but it also relies on the user locking their device when not in use for passwords to be secured. The reasoning behind this, Google argues, is that if a threat actor has access to the machine, they’ll have the capability to install malware that gives them access to a password vault whether there’s a master key in place or not. However, it doesn’t take into account “crimes of opportunity”, e.g. the user lending their laptop to someone else who stumbles across their account credentials, or someone reading the screen over the user’s shoulder, both of whom could subsequently put them to nefarious use.
Both solutions allow users to add an unlimited number of passwords to their vault manually or import them through their web browser. Once imported, both Dashlane and Google can generate a password strength or health report that indicates whether any passwords need updating or strengthening, or whether they’ve been compromised in a known breach.
However, Dashlane’s vault includes some other helpful features. Both Dashlane Team and Dashlane Business come with an in-built VPN that encrypts and protects each user’s online activity when they’re browsing on unsecure Wi-Fi networks. Finally, Dashlane offers identity theft insurance up to $1 million to protect users if someone assumes their identity online.
Summary: Both Dashlane and Google offer user-friendly vaults for password management. Both services are easy to use, but Dashlane provides much more functionality, with stronger encryption and additional inbox scanning and VPN features, which give its vault an edge over the protection offered by Google. Both tools allow users to generate secure passwords, although Google provides no options around password length or special characters, while Dashlane provides full customization over generated password strength.
Storing shared passwords in Excel files, emails or, even worse, on sticky notes, is insecure and can be time-consuming to maintain. It also makes it difficult for admins to control who has access to which corporate accounts. Password managers simplify and secure the process of sharing credentials among users, while keeping an oversight as to who has access to which resources.
Password sharing between users is extremely efficient with Dashlane. The sender chooses the item they wish to share, selects the recipient and permission settings, and sends it over – it’s as easy as that. In order to send credentials to multiple people at once, admins need to set up a Sharing Group. Once a group has been set up and users have been added, users can share credentials with any number of people within the group at once.
Google Password Manager doesn’t currently offer the capability to share passwords securely with other users.
Summary: Password sharing and revoking is extremely easy within Dashlane. Dashlane also allows admins the oversight as to which accounts are being shared and who has access to them. Google Password Manager doesn’t currently offer password sharing functionality.
Security Architecture And Encryption
Password management solutions store encrypted version of users’ passwords in an encrypted vault. Encryption is a key feature of any password manager, and that’s because it stops bad actors from being able to view and steal login credentials and other sensitive information should they gain access to a user’s device. Without encryption both at rest and in transit, a hacker could access all of the data stored in their victim’s vault and vulnerable data in transit as it’s being added to or taken out of the vault.
Dashlane uses a unique key, or “master password” for each user to keep corporate data safe. It’s important to note that the vendor doesn’t store users’ master passwords on their servers, share them over the internet, or store them by default on any user devices. Dashlane does, however, offer a “Remember my master password” feature that allows users to store their master password locally, so they don’t have to remember it when they log into their vault.
Dashlane’s master password generates a symmetric AES 256-bit key to encrypt and decrypt each user’s password vault. AES (Advanced Encryption Standard) was the first publicly accessible open cipher approved by the NSA. It’s is widely accepted as the strongest form of encryption and has never been cracked. An additional Argon2d (or PBKDF2) encryption derivation, which adds considerable latency in order to provide stronger protection against brute force attacks, generates an authentication hash that Dashlane uses to confirm the user’s master password when they log into to the platform.
Dashlane decrypts individual passwords securely to auto-fill them on web forms without having to ask the user for their master password each time.
Google Password Manager doesn’t use its own encryption method to secure users’ passwords. Instead, it relies on the encryption built into the operating system. Once a user has signed into their device, they need only open their Chrome browser to access their password vault, in which passwords as displayed as plain text. While this may be convenient for the user, some might be concerned about the ease with which unauthorized actors can access the user’s account credentials if they have access to the machine itself. Google does allow users to enable 2FA to sign into their Google account, but once signed in on account set-up the user stays signed in by default, so this doesn’t offer much protection if the device itself is lost, stolen, or even lent to someone else to borrow.
Summary: Dashlane uses AES 256-bit encryption and PBKDF2 hashing to keep account data as secure as possible. Each user locks and unlocks their vault, safeguarded by the vendor, with their master password, biometrics, SSO or MFA. Dashlane doesn’t store master password information, so the only person who can unlock a user’s vault is the user themselves. Google Password Manager leverages the secure 2FA used to secure users’ Google accounts, but relies on the operating system’s base encryption level at sign in.
A user-friendly, central admin console with granular policy configuration and in-depth reporting is a crucial feature of any cybersecurity solution. Admins need to be able to customize policies to meet the needs of their organization. They also need visibility into how users are interacting with the platform, how well it’s operating and whether any security risks are being detected.
From Dashlane’s centralized admin console, admins can cancel or renew their subscription and easily configure policies including disabling auto-fill on certain websites, VPN settings, 2FA enforcement and setting up Business Space domains. Because Dashlane subscriptions include free personal accounts for all users, the Business Space option allows users to store their business and personal credentials separately, and admins can monitor the password health (see next paragraph) in an employee’s Business Space without encroaching on the privacy of their Personal Space. Admins can also revoke users’ access to the Dashlane platform and certain password sharing groups.
Dashlane’s admin console generates a variety of reports, including account usage, shared password group information, and Password Health score reports. Password Health provides admins with insights into each user’s password strength and includes measures that IT teams can implement to help improve weak, compromised or reused credentials. Dashlane also has the ability to track password strength and improvement over time so that admins can monitor how their security culture advances and more easily locate the source of any breaches. Employees can also see the “health scores” for both their workplace and personal passwords and update them as necessary.
As Google’s password management tool is aimed at the consumer market, it doesn’t feature an admin console. However, the manager does allows users to carry out health checks on their stored credentials using the Password Checkup tool. This indicates how strong each password is, and whether any passwords have been breached in a known attack.
Summary: Dashlane provides granular policy configuration and detailed analytics into users’ password security. Dashlane’s reporting focuses largely on password health, and Dashlane is the only password manager to track improvements in password health over time. Google doesn’t allow for detailed configuration or reporting, but does enable users to check the health of their passwords.
Onboarding & Offboarding
When it comes to business password management, it’s important that you can easily add users to the system, and revoke access when they leave. Even the most robust solution can fall short at the first hurdle if a business can’t carry out something as simple as provisioning or revoking an employee’s access to it.
Businesses should look for a platform that’s easy to deploy and doesn’t require a lot of technical resources to do so. It should also ensure company passwords stay with the company when an employee leaves. Larger enterprises are generally a little more accepting of a more demanding and complex deployment process, but employee adoption and maintaining ownership of company accounts are non-negotiables at any size.
Dashlane’s deployment is very straightforward. First, admins set up “Smart Space Management,” which assigns all corporate passwords to the organization’s business domain – this supports the Smart Spaces functionality that separates each user’s personal and business passwords. Once that’s set up, admins can easily provision Dashlane either via active directory, Azure AD, or MSI via GPO and SCCM. Once provisioned, IT teams send an email invitation to employees, who then set up their accounts with their master password and install the Dashlane browser extension, which will then immediately begin saving and auto-filling the user’s credentials as they browse.
Google Password Manager doesn’t need to be deployed because Google will prompt Chrome browser users to save as they go. From a business perspective, IT teams don’t have to do anything at all to set up Google Password Manager; it’s all done by the individual users themselves. Because Google’s manager is browser-based, there’s no app or browser extension to install. However, operating natively in the Chrome browser has come at the expense of building provisioning tools for admins.
This means that admins have no oversight as to whether users are actually using the Google Password Manager to securely manage passwords, or setting up their password manager with their personal gmail account. Using multiple accounts is the only way to isolate business credentials from personal ones in Google’s password management tool, because the solution doesn’t currently allow users to create password folders or personal spaces. Additionally, because Google Password Manager is only compatible with Chrome, it can be easy for users to lose access to passwords if they are using a different browser.
Employee departures are an inevitable part of running a business, and managing them is a key feature of any business password manager. With Dashlane, an admin can easily revoke access to business credentials, while the employee can keep their personal credentials and easily transition over to the consumer product. With Google, there’s less visibility for admins, and no way of knowing if an employee is using a personal password manager or has one set up with their work account (and thus would lose access when they leave). For some organizations, the inability to confidently say employees won’t access shared work accounts after departing may be a dealbreaker.
Summary: Dashlane is easy to set up, both for the IT team and for the end user. Google Password Manager is integrated directly into Chrome, switched on by default for Chrome users. Dashlane’s support documentation has a nifty article that takes admins through each step of deployment, from starting a trial to rolling out Dashlane across the whole workforce.When it comes to employee offboarding, Dashlane provides significantly more tools and peace of mind than Google.
All security solutions come with potential challenges that a user or IT team will need to face, be it in terms of deployment, a technical issue, or in the case of an attack that the organization needs to deal with. In any of these circumstances, it’s important that the customer is able to contact the vendor for support and it’s even more crucial that the vendor responds quickly to the query.
Dashlane offers extensive customer support though their online help center, where customers can find answers to FAQs and detailed, clear technical knowledge around the product. Customers can also contact them in English seven days a week, and in French or German from Monday to Friday via email. Finally, they also offer a live chat service with their technical team from 9am-6pm EST Monday to Friday.
Google offers an online help center where customers can find the answers to FAQs, as well as a help forum or “Community” for each of their services, such as a Gmail Community, Workspace Community and Search Help Community. In these forums, customers can help other customers with their queries. Google also offer support via live chat, email and a phone line, which operates 9am-6pm GMT Monday to Friday. It’s important to note that Google’s support is not dedicated to password management, but covers their general service offering.
Summary: White both Dashlane and Google offer extensive customer support, Dashlane provides dedicated support for enterprise password management.
Google Password Manager is free for all users and comes as a standard feature when you create a Google account.
Dashlane’s solution is scalable and flexible, and their pricing reflects this in order for them to be able to meet your business need, no matter the size of the team or organization you’re looking to secure.
In this table, we’ve listed each vendor’s main offerings along with their pricing and our recommendation as to which organizations it’s best suited to. Note that we’ve listed the cost per user per month, but Dashlane bills annually.
Solution and Plan
Cost (Per User, Per Month)
Google Password Manager
Individuals using Chrome as their main browser, looking to store their own passwords in a central vault
Organizations of any size looking only for secure password management (includes a free personal account per user)
Organizations with 50+ employees looking for secure password management with excellent customer support and SAML-based SSO integration (includes a free family account per user)
You can view Dashlane’s pricing breakdowns and package options in more detail by following the link below:
Dashlane and Google are both popular password management solutions, and for very good reason. They both deliver strong password management capability from a user-friendly interface and offer a powerful and comprehensive feature set to enable their users to organize their online accounts.
Google’s free tool enables users to store passwords efficiently in one central vault that they can access from any time, in any place, simply by signing into their Google account. However, while it can be a great option at a consumer level, Google Password Manager lacks many of the core features needed for password management at a business level, such as an admin console and secure password sharing capabilities.
It’s for this reason that we recommend that all organizations invest in a dedicated third-party password management solution like Dashlane.
Dashlane offers an intuitive password manager that actively searches for your credentials for you and also secures your browsing activity via their built-in VPN. Their platform also provides dark web monitoring, 1GB storage for files, notes and secrets, and a centralized admin platform with granular permission controls and account health overviews. On top of that, Dashlane Business includes a free family plan for each employee to use for personal use.
If you’re looking for a secure password manager for a small-to-medium-sized business, Dashlane is a great cost-effective solution. Its excellent customer support and user-friendly interface is ideal for SMBs, including non-technical companies. We recommend that all organizations looking to invest in a password management solution consider their business need and trial any solutions before buying. Dashlane offers a 14-day free trial to all users, which you can begin by visiting their website.