According to the company, the collaboration allows users to “seal” their data to their devices to avoid tampering.
Intel SGX (Software Guard Extensions) is built into Intel Core processors, which allows developers to use CPU-based capabilities for safeguarding data from attack by storing data in an “enclave” on the device. For example authentication info can be stored and used on a PC instead of being transferred to a server for verification.
“On top of encrypting user data with a key derived from the user’s master password, we add another round of encryption using a key stored inside the SGX enclave,” said Frederic Rivain, vice president of engineering at Dashlane. “Note that this is our V1 of using SGX, and we will probably evolve it in the future to use it even more.”
The combination of software and hardware provides greater protection for your passwords and accounts, the companies said. Users access their accounts via a master key password (Dashlane says this is not stored on its services), which unlocks their data stored locally on the device and cannot be altered even if exported to another device. The data is encrypted with AES-256 encryption.
“The new Intel Core processors provide a powerful new way to protect your passwords,” Dashlane CEO Emmanuel Schalit added. “Dashlane is taking full advantage of Intel’s built-in hardware security to make our users’ passwords safer than ever.”
Password managers are a convenient way of securing accounts without having to remember dozens of different passwords for each account. But like any software, they can be vulnerable to bugs as well, like LastPass last year which had a vulnerability that allowed hackers to delete passwords. This has pushed password managers like Dashlane to explore new techniques to reduce the chances of breach or hacking.
- PortSmash attack exploits Intel’s Hyper-Threading architecture to steal your data
- How to password protect an Excel file
- More Spectre protection comes with some of Intel’s new 9th-gen CPUs, but not all
- Critical MacOS Mojave vulnerability bypasses system security
- Smishing sounds funny, but it’s a serious threat to your phone’s security