ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | May 08, 2023
Dashlane, the security-first password manager, today introduced Passwordless Login, a technology that eliminates the need to create a master password to access Dashlane. The company was the first password manager to offer an extension that supports passkeys and this is the next step in that evolution. With Passwordless Login, users will be able to securely access their Dashlane account without having to create and remember a single password.
As digital profiles have multiplied both professionally and personally, it’s become increasingly difficult to securely manage credentials. Gartner reported that as many as 20-50% of all helpdesk calls are related to password resets. Password managers have helped simplify this process, though users have still needed to create and remember a master password to access their vaults.
By eliminating the master password, Dashlane will empower users to create new phishing-resistant, passwordless accounts that don’t suffer from the vulnerabilities of traditional passwords and multifactor authentication (MFA). Not only does this strengthen overall security posture, it removes user friction and provides a more accessible way for people to access their accounts and protect their personal information.
“Our business has long been about helping users and organizations manage their passwords and logins. But the digital password was born in the 1960s and despite technological advancements, many people still use the same username and password format for most of their online lives,” said John Bennett, CEO at Dashlane. “While our business model has relied on users having one strong, unique master password, it’s still a password that can be weak, reused, phished, or breached. Unveiling today’s passwordless technology marks a significant milestone in our journey towards a future with no passwords.”
By relying on the strength of local device security, which includes PINs and biometrics, Dashlane is able to securely authenticate and provide access to a user’s encrypted vault, which allows Dashlane to be resistant to phishing attacks. Additionally, Dashlane uses cryptographic keys generated with Elliptic-curve Diffie-Hellman (ECDH) to assist with securely exchanging secrets between devices, making setting up a new device fast and secure and regaining access simple. Dashlane is introducing a new mechanism to let users recover their data if they lose their device. This new Dashlane Account Recovery Key will also be made available to our existing users who still use a master password to log in to Dashlane.
Dashlane’s Passwordless Login is a cross-platform solution that is agnostic to the state of a user’s hardware and software. The technology also enables:
Faster device setup flow using a registered device
The ability to set up device-specific PIN codes and biometrics (like fingerprint or facial recognition) to create an account on a mobile iOS or Android device
The ability to regain access to an account with a recovery key, in the event of a total device loss
Dashlane recently became a board-level member of the FIDO Alliance, doubling down on its commitment to work with industry partners to advance the passwordless future through the widespread adoption of passkeys and phishing-resistant authentication.
New Dashlane users will be able to sign up for an account without a master password in the coming months on their mobile device, and the capability will be rolled out to existing customers later this year. For more information on Passwordless Login for Dashlane and to see a demo of how the experience will work, please visit Dashlane’s Passwordless hub.
About Dashlane
Dashlane is a password management solution that removes complexity by pairing comprehensive security with ease of use. We are closely attuned to the needs of our users, balancing simple tools with an uncompromising approach to security–a game changer for anyone, but especially for IT admins working to secure their organization. Our team in Paris, New York, and Lisbon is united by a strong sense of community and passion for improving the digital experience. Over 18 million users and 20,000 businesses globally use Dashlane for a faster, simpler, and more secure internet.
Read More
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Globenewswire | April 05, 2023
Banyan Security, a leading provider of zero trust access solutions for the modern workforce, is proud to announce the launch of its innovative Device-Centric Security Service Edge (SSE) solution. Banyan’s offering delivers a comprehensive range of integrated security measures to safeguard the modern workforce – including Zero Trust Network Access (ZTNA), Virtual Private Network as a Service (VPNaaS), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG) – all in a unified product that is simple to implement and boosts employee productivity.
Unlike traditional security products focused on the network perimeter, Banyan’s device-centric SSE brings the user and device to the forefront of protection, enabling intelligent, risk-based connectivity and threat detection. Working in concert with the Banyan Cloud permits consistent policy enforcement without needing to route all enterprise traffic through vendor data centers or expensive on-premise appliances, which significantly improves the user experience. Moreover, Banyan’s device-centric approach treats clientless scenarios as first-class citizens, enabling seamless access combined with granular policy controls.
“The launch of our device-centric Security Service Edge solution marks a major milestone for our company, delivering on the idea of enabling workers to securely do their job from anywhere” said Jayanth Gummaraju, CEO and Co-founder of Banyan Security. “We saw a clear need for a new solution that does not suffer from the baggage of existing network-centric approaches. What we’ve built brings together device and network security in a unique way to secure all types of access – private or internet. This approach reduces the attack surface and provides a frictionless user experience, thus increasing employee productivity. We’re excited to see customers and industry partners embracing our approach, and are confident that our solution will exceed expectations, revolutionizing the way organizations think about workforce security."
Banyan Security’s strategic partners understand that a new approach is needed to effectively realize the promise of a zero trust framework.
“We are thrilled to partner with Banyan Security to deliver more value to our joint customers. The partnership provides a risk-based approach to security and simplifies the deployment of Zero Trust initiatives,” said Akhil Kapoor, Vice President of Business Development at SentinelOne. “Together, we can offer unparalleled protection and peace of mind to organizations as they navigate an ever-evolving threat landscape.”
The implications of a device-centric SSE product are revolutionary, providing organizations with considerable benefits including:
Improved User Experience – Localized, intelligent decision making minimizes latency and results in a better user experience. Rather than forcing organizations to ship all traffic to the cloud for inspection, each device makes the optimum access and security decisions. Coupling faster decision making with an always-on approach minimizes potential gaps for advanced threats to exploit.
Better Enterprise Security – The Banyan SSE solution includes multiple layers of security, providing least privileged access for users regardless of location. Additional security is provided by incorporating real-time, continuous authorization using advanced risk modeling based on user, device, resource, and threat profiles. Together these features provide superior threat protection and automated threat remediation.
Lower Total Cost of Ownership – a device-centric Security Service Edge is significantly easier to deploy and manage for most organizations. Rather than having to configure complex network environments to support the analysis and routing of user traffic, this happens locally on end-user devices based on intuitive selections made in the Banyan admin console. Advanced discover and publish capabilities further simplify deployments and results in much lower total cost of ownership for an organization versus legacy solutions.
Deployment Flexibility – The Banyan Security SSE solution architecture provides additional benefits for organizations that are concerned with data privacy and security. Unlike other SSE solutions, the Banyan Security Platform can be configured to route encrypted traffic through either the Banyan cloud infrastructure or directly through a service installed and maintained in the organization’s infrastructure. This capability allows the freedom to address the needs of any regulatory or security-conscious environment.
Banyan’s customers, aware that existing solutions were not addressing the rapidly changing requirements of a distributed workforce, have rallied behind the Banyan Security Platform.
“With Banyan Security’s device-centric SSE, we confidently replaced our legacy VPN and accelerated our zero trust architecture initiatives. Their robust solution empowers us to secure our cloud-first environment, seamlessly monitor security posture through efficient device checks, and ultimately enhance our primary customers’ security – our users,” said Cesar Esteban, Staff Security Engineer at Snapdocs. “Investing in Banyan Security has transformed our approach to cybersecurity and unlocked new potential for serving our users better.”
About Banyan Security
Banyan Security provides secure, zero trust “work from anywhere” access to applications and resources for employees and third parties while protecting them from being phished, straying onto malicious web sites, or being exposed to ransomware. A Flexible Edge architecture enables rapid, incremental deployment on-premises or in the cloud without compromising privacy or data sovereignty. A unique device-centric approach intelligently routes traffic for optimal performance and security delivering a great end user experience. Banyan Security protects workers across multiple industries, including finance, healthcare, manufacturing, and technology.
Read More
DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY
Businesswire | April 10, 2023
LastPass announced the expanded availability of its Security Dashboard and associated dark web monitoring and alerting, making it the only password manager providing proactive credential monitoring for all customers, including those using the product for free. The Security Dashboard is the central hub where customers can monitor the overall security of all vault credentials, including exposure to the dark web, which allows customers to better protect themselves from potential breaches.
“The Security Dashboard is an essential component of the partnership we have with our customers to help keep their data and private information secure,” said Christina Cho, Sr. Director of Product Management at LastPass. “We are committed to providing our customers with the knowledge and best practices necessary to make their password vault and digital presence as strong as possible.”
The expanded rollout of the Security Dashboard comes as part of LastPass’ ongoing efforts to better educate customers on password and vault best practices. Using the Security Dashboard, all LastPass customers can now monitor, review and further secure their LastPass account and data within from one central location:
Security Score: A customer’s security score is a score of 1% through 100% that analyzes use of LastPass’ security best practices, including the strength of vault passwords, use of multi-factor authentication, and dark web monitoring.
List of At-Risk Passwords: Customers can see a list of passwords that are considered weak or are reused and can easily update them using the LastPass password generator to change them to strong and unique passwords.
Enabling Multi-Factor Authentication: LastPass recommends customers enable multi-factor authentication to add an extra layer of protection to their LastPass vault.
Dark Web Monitoring: Customers can enable dark web monitoring and receive real-time monitoring of email addresses saved to their vault against a database of compromised credentials from third-party breaches. If the email addresses are believed to be at risk, customers receive alerts immediately via email and within the Security Dashboard. In addition, when customers enable dark web monitoring, a one-time retroactive check for the previous 12 months is run against the list of email addresses.
Customers who use LastPass for free and have selected their mobile phone as their device type can login via LastPass on a desktop web browser to view their Security Dashboard and turn on dark web monitoring.
Customers can find more information about the LastPass Security Dashboard here.
About LastPass
LastPass is an award-winning password manager which helps millions of registered users organize and protect their online lives. For more than 100,000 businesses of all sizes, LastPass provides password and identity management solutions that are convenient, easy to manage and effortless to use. From enterprise password management and single sign-on to adaptive multi-factor authentication, LastPass for Business gives superior control to IT and frictionless access to users. For more information, visit https://lastpass.com. LastPass is trademarked in the U.S. and other countries.
Read More