SSO/MFA, Decentralized identity and verifiable credentials, Identity, MSSP

Dashlane and Yubico Team Up to Deliver Passwordless, Phishing-Resistant Vault Access

Passwords have always been a weak point in cybersecurity. They get reused, stolen, or phished no matter how complex they are. Dashlane’s new integration with Yubico tackles that directly. Instead of logging in with a master password, new Dashlane users can now use a YubiKey, a small hardware device that verifies identity with a single tap.

This partnership makes Dashlane the first major credential manager to rely on FIDO2 security keys as the main way to access a vault. It’s a technical change with big implications: the key itself generates a unique secret that unlocks the vault locally, without sending anything over the network. That means no password to type or store, and no shared secret that an attacker could steal.

Making hardware security simple

For most people, setting up a security key has always felt too technical. Rew Islam, Director of Product Innovation at Dashlane, told MSSP Alert that that’s exactly what they want to fix. “Traditionally, setting up a security key was a technical endeavor,” he said. “Users had to know in advance that a service supported security keys as a form of 2FA, find the option in the settings, and turn it on, assuming they had a key. Dashlane is making access to our product dependent on possessing a key - the authentication is at the front door, not hidden away in settings. The mental model for the user is simpler: ‘I have my key, I have access to Dashlane.’”

Islam said this approach helps people understand security keys in a more natural way. “This is a very different proposition to setting up 2FA with a security key,” he added. “We think it will help users learn about security keys and why they are an important way to protect themselves against phishing.”

Managing scale and mixed device environments

Passwordless authentication has always promised to make life easier without compromising security, but the reality has been uneven. Islam said this integration gets closer to balancing both sides. “It definitely narrows the gap between convenience and strong authentication, but there are still trade-offs to navigate, especially for enterprises managing scale and mixed device environments,” he said. “With passkeys and FIDO2 security keys, the authentication experience can be both seamless and highly secure: no passwords to remember, no phishing risk, and no shared secrets.”

He also noted that hardware-backed security brings new operational considerations. “Organizations need to think about key provisioning, recovery flows, and how to support users who lose their key or need to authenticate across multiple devices,” Islam said. “The good news is that standards like FIDO2 are maturing quickly, and the ecosystem - browsers, operating systems - is catching up.”

A step toward the post-password model

The move also reflects how credential management is changing. “The traditional model of a password manager was to store and fill secrets,” Islam said. “In a post-password world, the ‘secret’ isn’t something you remember - it’s something your device and key prove you possess. By combining the credential vault with hardware-bound passkeys, we’re moving toward an integrated trust layer where identity, authentication, and access are unified.”

That evolution makes password managers less about remembering credentials and more about managing digital trust.

What this means for MSPs and Partners

For MSPs and security partners, Islam said the integration creates a clear opportunity. “A Yubico and Dashlane FIDO2 integration will help partners offer stronger, easier-to-manage security for their customers,” he said. “By combining Dashlane’s password management with Yubico’s hardware-based login keys, partners such as MSPs or MSSPs can deliver safer, passwordless access that protects their customers against phishing and stolen credentials.”

He added that the partnership can also drive new business. “This creates a clear go-to-market advantage, letting partners sell a complete identity security solution that’s simple to deploy, meets compliance needs, and drives new recurring revenue while helping customers stay secure.”

The feature is now in beta for new Dashlane personal users through the browser extension, with support for existing and business users coming soon. Mobile support will follow as APIs mature, and a Yubico SDK is already in development to extend this capability to mobile platforms.

For Dashlane and Yubico, this partnership isn’t just about new tech, it’s about changing how people think about security. By making strong authentication something users do instead of something they have to understand, the companies are turning passwordless security into an everyday habit.

Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds