Online identity management vendor Dashlane has added support for Intel Software Guard Extensions (SGX). The announcement came in a press release and a blog from Malaika Nicholas, Community Manager at Dashlane. This adds hardware-enhanced encryption to Dashlane’s existing password vault technology.
According to Emmanuel Schalit, CEO, Dashlane: “Dashlane is committed to staying on the cutting edge of security. The new Intel Core processors provide a powerful new way to protect your passwords. Dashlane is taking full advantage of Intel’s built-in hardware security to make our users’ passwords safer than ever.”
The good news for Dashlane customers
For those customers running 6th generation and above Intel processors this is good news. The ability to use technology inside the processor to protect sensitive data is beneficial. However, it comes with a price that some customers may not be willing to pay. While Nicholas says Intel SGX is a 7th generation Intel processor technology, Frédéric Rivain, VP of Engineering, Dashlane told Enterprise Times 6th generation processors are supported.
Nicholas states in her blog: “When Dashlane security architecture is combined with Intel® SGX, an additional encryption key will be tied to the device and sealed to the secured chip. Once data is secured there, it’ll be out of reach to advanced malware and threats, even if your computer has already been compromised or stolen. This will provide you with an unparalleled layer of hardware-based protection against identity theft, data breaches, malware, and other cyber threats.”
There has been a significant rise in banking malware and phishing attacks over the last year. Most of these are targeting user credentials stored on the local machine. This has led to a rise in the use of password vaulting technology. This has made it harder for hackers to steal credentials but it is not infallible. Dashlane are being smart and adding deeper protection that Intel believes is unbreakable.
The bad news for customers
There are several things customers will need to think about carefully. This is an Intel only technology and tied to 7th generation processors. The protection is tied to the device. That means moving a user to another machine could become a problem. While corporate IT support teams will have access to utilities to do this, consumers may not fare so well.
A reasonable scenario is a user has a motherboard failure. They go to a local computer shop who replace the motherboard and port their data. What happens to the Dashlane password vault that was tied to the original processor? With no access to the underlying processor to unlock the password vault, how will the user unlock their data? We sent this question across to Dashlane and as yet, have no response. A similar scenario occurs when a user attempts to migrate to a new PC.
Dashlane customers using other processors will not get hardware encryption. Rivain told Enterprise Times there was no roadmap for supporting AMD SEV which is their Intel SGX equivalent technology. There is also no plan to support ARM or the IBM POWER8 processor at the moment. Rivain did say that Dashlane were looking at supporting the iPhone platform but gave no further information on that.
Dashlane is also limiting support to Microsoft Windows 10 and beyond. There is no support for Linux although Rivain told us that Dashlane were working on this. That is good news. There is a huge growth of Linux on mobile devices, servers and desktops. If Dashlane can support Linux and other processor architectures that will make their solution much more enterprise friendly.
This is a big deal for password security. Taking advantage of the encryption technology available in processors will increase security of user credentials significantly. However, that same technology needs to be portable for when there is a major crash or problem for a user. Here lies the problem. If you are tying the technology to the underlying processor for additional security, making it easy to port the password vault to another processor takes that protection away. How Dashlane solves this will be interesting.