Recently I’ve been seeing a lot of Youtube ads for a thing called Dashlane, which stores all your passwords, credit card info and other sensitive data in one place, it also helps you generate hard passwords and a few more features like that.
If I understood correctly, they say that they use military grade encryption and they store only the encrypted versions of your passwords on their servers, which can be accessed only by you using your main password which is not stored on their servers or transmitted over the internet at any point. I suppose that you have an app on your pc/phone which unlocks somehow when you type in the main password and then the app sends a green light signal to the main servers. So supposedly you are the only one with the access to the real passwords, since only you have the main password.
Obviously there’s no way to check this for sure and I highly doubt that they can’t see your non-encrypted passwords themselves without the main password which supposedly only you know. They own the encryption system, only they know how it works and they use the decryption system once your computer requests it by using the main password, so what is stopping them from accessing your data at any point via the decryption system they own without you authorizing it via the main password? Does anyone really believe they couldn’t do that if they wanted, especially if the government/military requested it? Who can guarantee that someone in Dashlane, angry employee, a criminal or whatever won’t leak all that out at some point?
Tech and banking giants like Yahoo, Ebay, Sony, JP Morgan have had massive leaks, but if a way smaller company like Dashlane leaked, not only your passwords for every site you have an account on, but your banking and other details will be available to anyone to steal.
Sounds like a crappy deal in exchange for a person having to type a few keys on the keyboard or keep complicated passwords on a piece of paper on a hard to find location in the house.