Banks Can Be Robbed

Banks can be robbed.

They have been; they always will be.

With that being said, none of us has a second thought about putting our money in a bank rather than hiding it under a mattress. The same theory applies to irreplaceable items that people feel safer storing in a box at a bank than in a box at home.

Sometimes, it’s better to put all your eggs in the same basket if that basket is more secure than the one you would be able to build on your own.

In the last few weeks, we have seen multiple high-profile reminders that the digital world can be a dangerous place. The federal government’s main employee database was breached, and a vulnerability was also recently discovered in Apple’s desktop and mobile operating systems. And just a few days ago a well-known password management company announced that they had noticed suspicious activity on their network.

There is a temptation to say that “the cloud” is to blame. Many have recently made the case that putting everything in the cloud exposes us to an absurd level of risk, and that we should somehow “go back” and refrain from putting any critical data in the cloud.

This line of thinking is misguided and leads nowhere.

The Apple vulnerability has nothing to do with the cloud as it only affects your local device (phone, computer, etc.) when someone installs malware on it. The breach the federal government suffered had nothing to do with the cloud either. The data that was stolen was extracted from the servers operated by the government in their own facilities.

In reality, the various risks we encounter in the digital age began the moment all of the computing devices on the planet became interconnected via the vast network we call the Internet. The information on these devices, whether stored in the cloud, on your desktop, on your mobile device, or in your company’ secure data center, is to some extent at risk. The only way to be 100% sure that your digital information is never compromised is to disconnect all of your devices and go back to an analog, pre-Internet existence.

That’s not what we want to do, so the question then changes from being absolute to being relative. It’s not about how can I be 100% certain that my digital information will never be at risk, it’s about how can I improve the protection of my digital information, regardless where it resides. More specifically, can I take pre-emptive actions that will improve my security compared to what it would be if I did nothing?

The answer is most definitely yes.

We built Dashlane so that our users could be safer by guarding their digital identity with a secure password manager. Humans naturally follow the path of least resistance, and data shows that without tools to manage our digital identity, our logins, and our passwords, we innately resort to using shortcuts.

The most common example is the millions who use “password” or “123456” as their primary password. Another trick people use is to come up with a single complicated password that might be secure, but that is reused everywhere. A third one is to use small variations like adding the name of the site so that our brain can cope with the complexities of tens of accounts we have to log into on multiple devices. Unfortunately, all these shortcuts are extremely dangerous because they make it very easy for hackers to penetrate your accounts.

The best thing you can do, both at home and at work, is to make sure that you are using a random, unique, and strong password for all of your online accounts. At Dashlane, we take the complex task of managing passwords and make it simple enough for even the least computer savvy among us. We allow our users to access their passwords securely, no matter where they are.

A core element of our service is providing unmatched world-class security. We go above and beyond almost every consumer App in regards to security, yet even we cannot guarantee 100% protection. No company can. But using a secure password manager to protect your online identity accomplishes two important things.

First, an individual using a dedicated tool to manage his/her passwords is exponentially harder to hack that someone using the shortcuts above. Why? Because the passwords our software generates are mathematically impossible to guess, and they’re stored in a secure vault that is substantially harder to penetrate than anything a regular user could build on his/her own. Second, in the event an account is breached and a password stolen, that password has no value because it’s not being used for any other account.

Security in the digital age is not about making risks go away entirely. Security in the digital age is about minimizing those risks to the greatest extent possible and ensuring that the damage that does occur from any breaches is contained.

These principles are the foundation for our security at Dashlane. We didn’t build a product that could never be compromised, because nobody can. But we did build all of our apps and our servers in such a way that they are as well protected as feasibly possible, and that if something does occur any fallout to our users is minimal.

Because of this we are certain that our users are better off using a product like the one we built rather than trying to solve the complex problem of passwords on their own; just like they’re better off storing their money and valuables in a bank than they are storing them under a mattress.