Dashlane and Yubico Partner to Launch Phishing-Resistant, Passwordless Credential Vault Login

Rhea-AI Summary

Dashlane and Yubico (YUBICO) announced on October 14, 2025 a partnership to enable phishing-resistant, passwordless vault login using FIDO2 YubiKeys and the WebAuthn PRF extension. New personal users can replace the master password with hardware-backed, device-bound passkeys that both authenticate and derive the vault encryption key, allowing multiple keys per account and passwordless setup without typing a password. The feature is available via browser extension in beta for new personal users; mobile support requires OS/browser APIs and a Yubico SDK is in development to extend support to mobile and non-Chromium browsers.

Insights

Security Product Strategist

Dashlane and Yubico launch a phishing‑resistant, hardware‑backed, passwordless vault login using WebAuthn PRF; beta starts for new personal users.

The integration links a FIDO2 YubiKey to Dashlane's vault by using the WebAuthn PRF extension so the security key both authenticates the user and supplies a cryptographic input to derive the vault encryption/decryption key. This removes the master password for new personal users and delivers a hardware‑backed, device‑bound passkey flow that is phishing resistant and passwordless.

Adoption depends on platform support and product rollout: the feature is currently available via the browser extension and in beta for new personal users, while mobile support is limited because some mobile OS APIs and non‑Chromium browsers do not expose the needed WebAuthn PRF functionality. Dashlane and Yubico are developing a Yubico SDK to extend PRF support to mobile.

Watch for three concrete items: expansion from browser extension beta to existing personal and business users, availability of the Yubico SDK and mobile OS API support, and measurable uptake or enterprise rollouts within the next 12 months. The announcement strengthens the security posture for credential vault access today but meaningful cross‑platform coverage and enterprise adoption will determine the broader impact.

Dashlane integration with FIDO2 YubiKeys gives new Dashlane users the strongest available protection for vault access and encryption with device-bound passkeys, replacing the master password

NEW YORK and STOCKHOLM, Oct. 14, 2025 /PRNewswire/ -- Dashlane, a credential security leader, and Yubico, a modern cybersecurity company and creator of the most secure passkeys, have partnered to launch phishing-resistant, passwordless login to Dashlane, offering the strongest passkey protection for vault login and encryption without the need for a master password. By integrating Yubico's signature product, the YubiKey, with Dashlane's passwordless login, new personal users are empowered with strong, hardware-backed authentication and the ability to access their vault, all with the simple touch of a YubiKey. Users can also register multiple keys to ensure they maintain access if their primary YubiKey is lost or damaged and set up additional devices without typing a single password.

"Achieving a phishing-resistant, passwordless future is dependent on whether our industry can make security and passkey authentication accessible and easy to use for everyone," said Sheryl Chamberlain, senior vice president, business development, Yubico. "Both Yubico and Dashlane have a deep history of security innovation in service of making the internet more secure, and are at the forefront of reaching the next horizon using passkeys for both authentication and encryption. As society faces evolving threats like AI-driven phishing attacks, it's more important than ever to streamline access to device-bound passkeys that address the biggest threat today in stolen login credentials."

With the release, Dashlane is the first major credential manager to adopt FIDO2 security keys as the primary method for vault access, an advancement made possible by leveraging the WebAuthn PRF (Pseudo-Random Function) extension. Instead of using the security key as an authentication factor, the WebAuthn PRF extension enables the YubiKey to both authenticate the user and unlock the vault. This is achieved by securely generating a strong, cryptographically unique-secret intrinsically bound to the passkey, which is then used as a critical input to the key derivation function that generates the final vault encryption/decryption key. This powerful mechanism facilitates a seamless, phishing-resistant, and entirely passwordless flow that dramatically enhances usability, security and user privacy.

"The password is a fundamentally flawed security control that still lies at the root of most of the breaches that occur today," said John Bennett, chief executive officer, Dashlane. "The Dashlane and Yubico integration combines the most advanced security available to protect sensitive credentials while eliminating the friction often caused by password-based logins, drastically raising costs for attackers and making good security hygiene easy for users."

A framework for cross-platform security key support

Currently available using the browser extension, passwordless login with YubiKeys is the first critical step towards establishing a cross-platform, phishing-resistant framework that scales to protect Dashlane users and enterprise customers on all platforms.

Security key-based encryption/decryption using WebAuthn PRF is currently unavailable on mobile devices as the relevant OS APIs are not available on all mobile operating systems or on non-Chromium browsers. As part of Dashlane and Yubico's partnership, development of a Yubico SDK is underway to extend security key PRF support from web to mobile, providing seamless security across platforms.

"Dashlane and Yubico are leading the push towards a broader, passwordless vision where credential vaults are completely phishing resistant across all platforms, whether you're using Dashlane personally or at work," said Bennett.

Passwordless authentication pioneers

As credential theft continues to be at the heart of the majority of breaches, Dashlane's partnership with Yubico is another milestone in its journey towards a passwordless future:

• The company became the first password manager to support passkeys and enable seamless passkey use across all major platforms and devices.
• Dashlane was also the first to add confidential computing protection to passkey storage.
• In 2023, Dashlane launched passwordless login, a platform agnostic technology for seamlessly and securely accessing the Dashlane app without creating or remembering a single password.
• Dashlane supports credential exchange for iOS 26, giving users the ability to securely import or export their passwords, passkeys and other data from other apps into Dashlane on iOS in just a few taps, eliminating the hassle and risk of exporting unencrypted CSV files.
• Today, no Master Password is needed to protect the Dashlane credential vault through the use of the WebAuthn PRF extension. Users can instead now use FIDO2 YubiKeys to log in to the vault and derive the decryption key required to unlock their vault seamlessly, as part of accessing the credential vault.

Yubico has pioneered enterprise hardware-based security keys since 2007, championing open authentication standards and delivering modern, device-bound passkey authentication security at scale. YubiKeys support multiple phishing-resistant authentication protocols such as FIDO2/WebAuthn, U2F, and Smart Card (PIV) – providing a seamless pathway to passwordless authentication for enterprises of any size. With support for hundreds of applications and services, YubiKeys deliver seamless operation across all operating systems and mobile devices. This form of modern MFA empowers enterprises to take advantage of passwordless environments across their many applications, teams and business processes – and can be seamlessly rolled out globally to employees through YubiKey as a Service.

Passwordless login with YubiKeys is currently in beta for new Dashlane personal users, with support for existing personal users and business customers to follow.

For more information, please visit https://www.dashlane.com/partnerships/yubico.

Additional resources

• Video: Passwordless Experience with a YubiKey

About Dashlane
Dashlane provides complete credential security, protecting businesses against the growing threat of human risk. The company's intelligent Omnix™ platform unifies password management and credential protection, equipping security teams with proactive intelligence, real-time response, and protected access to secure every employee. Millions of consumers and over 25,000 brands worldwide, including enterprises such as Michelin, Air France, and Forrester, trust Dashlane for industry-leading innovations, patented zero-knowledge security, and an unmatched user experience. Learn more at dashlane.com.

About Yubico
Yubico (Nasdaq Stockholm: YUBICO) is a modern cybersecurity company on a mission to make the internet safer for everyone. As the inventor of the YubiKey, we set the gold standard for modern phishing-resistant, hardware-backed authentication, stopping account takeovers and making secure login simple.

Since 2007, we've helped shape global authentication standards, co-created FIDO2, WebAuthn, and FIDO U2F, and introduced the original passkey. Today, our passkey technology secures people and organizations in over 160 countries—transforming how digital identity is protected from onboarding to account recovery.

Trusted by the world's most security-conscious brands, governments, and institutions, YubiKeys work out of the box with hundreds of apps and services, delivering fast, passwordless access without friction or compromise.

We believe strong security should never be out of reach. Through our philanthropic initiative, Secure it Forward, we donate YubiKeys to nonprofits supporting at-risk communities.

Dual-headquartered in Stockholm, Sweden and Santa Clara, California, Yubico is proud to be recognized as one of TIME's 100 Most Influential Companies and Fast Company's Most Innovative Companies. Learn more at www.yubico.com.

View original content to download multimedia:https://www.prnewswire.com/news-releases/dashlane-and-yubico-partner-to-launch-phishing-resistant-passwordless-credential-vault-login-302583379.html

SOURCE Dashlane

FAQ

What did Dashlane and Yubico announce on October 14, 2025 regarding vault login?

They announced a partnership to add phishing-resistant, passwordless vault login using FIDO2 YubiKeys and the WebAuthn PRF extension.

How does the YubiKey integration change Dashlane login for new users (YUBICO)?

New personal users can use YubiKeys to authenticate and derive the vault encryption key, removing the need for a master password.

Is the YubiKey passwordless vault login available on mobile for Dashlane as of October 14, 2025?

Not yet; it is available via the browser extension and mobile support requires OS/browser APIs and a forthcoming Yubico SDK.

Can Dashlane users register multiple YubiKeys to access their vault?

Yes; users can register multiple keys to maintain access if a primary YubiKey is lost or damaged.

Who benefits from the Dashlane and Yubico integration and when is it in beta?

New Dashlane personal users benefit first; passwordless YubiKey login is in beta for new personal accounts as of the announcement date.