 So thank you for all joining. The goal really today is to share how as an organization you can generate from the ground up from the people a culture of cybersecurity. And we'll talk about of course the cybersecurity landscape. We're going to talk about how the people are actually crucial to that landscape and why you can with very easy very simple reflexes you can actually generate that culture of cybersecurity to make sure that your organization is protected that you do not so much at risk in in that space. And now of course I hope that you can have a lot of Q&A and I'm happy to answer any type of questions you may have. As you can see from my accent I'm French even though I'm talking to you out of looking today so I hope you can still understand me okay and I hope the captioning will work as well. So let's start really with the lay of the land the cybersecurity landscape. So it's really about just the fact that today and threats are everywhere. There are so many issues happening out there like all the bridges you can hear from the news all the time. It's kind of super scary when you think about it. The fishing attacks, the ransom wars and you can see that those cyber criminals they're very strong. They have a real business behind the back and they're trying to adapt to whatever solution protection solution we're putting out there. So it's I always like to think about it as the game of the cat and the mouse. So we as an organization we as a cybersecurity product if I think about Dashlane we need to find the ways to be always ahead of the game always ahead of protecting our people our organization to make sure that we are safe and we can conduct our business we can conduct our activities without being bothered by by those malicious people. And unfortunately whether we want it or not passwords are one of the the keys to entering and to accessing illegally into your organization. They are like what we call here the path of this resistance for cyber criminals. It's pretty easy for them to try and get passwords as a key to enter your organization the internal IT of the organization and that's not just like a small organization like a lot of enterprise companies of course there are big targets but if you're a small business if you're non-profit it's the same. We're all at risk and we shouldn't assume that cyber criminals are just targeting like the big business out there. They're actually most of the time targeting the ones that they feel are the weakest and that's also the small businesses and non-profit organizations. And like I was saying before they're changing all the time there's so much happening in the market that there are new solutions coming out there but because the hackers need to go around those solutions those protections they will always find tricky solution and work around to to find the way to enter the your organization and it's most of the time relying on social engineering what is a what what I mean by social engineering is really like leveraging the knowledge you can get on your people to faith that they are relevant or like legal people but that's not the case and at the end of the day they're trying to get as much information about you getting your credential getting your logins your password and so on to be able to finally penetrate your IT systems and then do whatever they want in there and whether it's ransomware whether it's stealing an intellectual property whether it's like just disrupting your your operations and it's they are very creative people. So let's start with a question maybe out in the chat do you know what persons or people reuse passwords if you were to guess maybe there's something you can try and put in the chat if you want to take a guess 23 percent 44 percent 60 percent 72 percent and just give it a minute for everybody to try and get a vote. So there are actually quite a lot of different more like and CND as far as I can tell oops sorry um actually I don't remember the answer so maybe Casey if you are there you can give the information but I think it's at least um I'd like to see my notes here easier for me the answer is actually C 63 percent I was wondering for CRD but it's a very high number people reuse password because that's convenient because they don't have to bother with solutions about what uh what uh how to to share password you can do it and post you can do it by email by whatever what's happened so that's pretty easy and unfortunately that's um that's also one of the reason why it's uh it becomes a bigger risk. Okay another question how many people admitted to reusing passwords from their personal accounts for their work accounts take a guess and the problem here and we're going to cover this uh in more details is that uh when you do that if your personal account gets breached then you're putting at risk your your your work environment by the way like an anecdote which is a there was a Dropbox breach uh back in 2016 where Dropbox leaked something like 60 million accounts uh uh due to an employee that actually we use the Yale credential at the Yale passwords for their Dropbox employee session password and that leaked and then that's the way the way the the hackers got into the Dropbox system and so and so it's B 22 percent which you can say is not that much but it's still a lot of risk for organization so that's another place where we need to educate our people about the the the risk of doing that type of of things. Okay a bit more metrics uh because they they're actually they speak for themselves so in 2022 82 percent of breaches actually involve some people element to it uh so yet again cybersecurity is first and foremost about the people and how we make sure that the people are educated about cybersecurity and 63 people 63 percent of people have actually reuse passwords on other accounts which is always a risk when you do that because then if one gets stolen and you can access other systems through that uh that we use and 22 percent of workers like we just saw edited to freezing password between personal and worker accounts which is a bad idea at the end of the day. Okay so I mean as you can imagine passwords plus sticky notes or disaster waiting to happen to happen there are a few examples on the slide the first one is the hawaii emergency management agency uh I mean that's when you when you think about it it's a really crazy how you can accidentally like a broadcast false missile warning to islanders and then you blame it on an employee who puts the wrong button but actually it's about the risk and at the end of the day if you have a sticky note with passwords all around the place so you do like a zoom call and if I have my back password with a with a sticky note then that's putting that at risk so of course there's no direct evidence that the password contributed to the missile alert but think think about the reputation think about what implication of it. There was actually a similar example back in a few years ago at the the Paris l'Elysée so like the the french president office where there was a webinar with like some institution that there was the wi-fi password of the l'Elysée back in on the on the on the on the wall which you shouldn't do obviously. And if you think about non-profit because that's the the audience that we have today yeah for all of you I mean they are not immune to to to breaches uh of course on the right on that slide you have like the big corporate organization like the bell american airlines and so on but on the left it's really like in profit the american red cross where it was bridged the ymc has been bridged so yet again those breaches they can impact everybody and so you have as much interest at preventing them and building culture of cyber security as if there was like a money on the line and a big business on the line so it's really important to but not underestimate the fact that hackers will try to target you whether you're a non-profit whether you're a hospital whether you're an education whether you're uh in finance everybody is at risk so I just want to to make sure we don't think that's a that there's no risk for everybody. Okay another quiz what person of statistical data breaches do you think involves stolen or compromised passwords? Let's see 81 percent 81 percent yeah a lot of 81 percent and the answer is actually 81 percent correct answer well done everybody so um since passwords are so important obviously the what we do on cyber security needs to start with password it needs to start about indicating employees having the right password hygiene I it's a bit like uh when I think about the job of a password manager like dash 10 I always feel it's a bit like the dentist so we're going to to give you the tool we're going to do the best practices about how you should manage your password hygiene the same way the dentist will give you a toothbrush and they will explain to you how you brush your teeth and floss but at the end of the day the dental hygiene or the password hygiene it's really about the the end user the employee or the user toothbrush that needs to actually do the work so we need to really feel that we are in the place of education and making sure that we give the proper instruction and the proper tools for everybody to be in charge of owning their and their own digital hygiene okay and so why do you need a password manager in a sense from a lot of different reasons like first because passwords that are the root of access to any any of your account and of course you can have additional solution and we can talk later on about biometrics about the solution but they do not replace at the end of the day the that simple piece of text which is a password and which is essentially a the equivalent of a secret now so as we are using more and more sass like a cloud computing sass software and so we have more accounts on the systems as we have also more data as an organization about our activities and here we're talking about a donor's bi information for instance for nonprofit I suppose that's very critical but you also may have data about the people who serve and the people we help and with privacy rules and privacy regulation it's super important to to protect that information and there's also the fact that employees and volunteers will turn into the organization so how can you build like ingrained ingrained rituals about cybersecurity in your organization so that you avoid having to redo it each time there are new people around and of course if you were someone sharing the password with the next person and then they leave and then you create another risk at the board level if you think about your investors if you think about your board administration of course cybersecurity is taken very seriously because then both data privacy at risk reputation at risk and that's why we're trying to help the password manager the main goal our main goal is to help you stay secure and so that you can focus on your own mission we will provide you the tool to just do the basics of cybersecurity we want to give you more best practices so that you can also help your organization get more awareness about the importance of cybersecurity and then you can focus on what you want to do your own mission as an enterprise it's all about the people i'm going to just like say it and repeat it and insist on it but it's really about the people and about the way they use the tooling and the way they practice and the way they are owning their own digital hygiene and there are so many accounts that we have to use out there whether it's in our personal life whether it's in our work life and managing logins for the multitude of accounts and the things that we have is it's impossible at the end of the day you cannot memorize everything if i think about myself in Dashlane today i have something like 1200 credentials obviously i've been using Dashlane for quite some time i've accumulated credentials for my personal life for my work life and a lot of different share accounts from different people but i can't remember all of them so i need to find a way to use a secure method because the the alternative is not manageable and it's just insecure and impossible to do so here are some of the common password pitfalls that are the things that you should be really mindful about not doing so the first one we've mentioned it already like sharing logins among colleagues in an insecure way is really a bad idea maybe it will be okay maybe having posted note that you shared with a colleague or when you send it by slug or email is okay but the problem is not the individual act the problem is the multitude and multiplication of doing it across the organization at some point one of those passwords will leak because they will be shared too many times and you don't control who has access or who doesn't have access the second pitfall is a if you use very weak passwords then they're easy to hack today with the computing power that you have in the cloud and on the computers is if the password is super short super weak or even like it's a random word from the dictionary is so fast like it's a question of seconds for a hacker to be able to brute force it and to find that password and here we can also go into more detail if you want to in the q and a but it's really about the length the the randomness of the password so you should try to use complex long hard to hack passwords so in passwords in the web browsers sticking notes excel bullshit whatever is a bad idea obviously they're not meant to do that they're not secure storage systems so you can still do it of course it's it works but in the same way you wouldn't put gold from banks in out there like in the random room you put it in the vault so your password there are sensitive information they are very valuable they should be put in a vault that is dedicated to storing this in a secure and finally we said it already but reusing personal passwords and username for business reason is a bad idea and users like consumers are as much at risk of being hacked as businesses and usually it's even like easier for hackers to hack those big consumer websites but they will get thousands and thousands and thousands of logins and credentials from those websites and then they will try to reuse it to hack the businesses where the money is so that's what is called credential stuffing i get a i don't know like a database of billions of credentials that i've leaked from whatever website and then i use those to try and hack the systems on the on the nation so don't reuse personal data for business and so the goal of password like i said it's really to give you the tools but also to give you the peace of mind so we want to give you tools that are as seamless as possible as simple to use as possible even though to be honest password measures are still a pretty technical tool because we're talking about cyber security we're talking about complex security topics and our goal is to make it as simple as possible to hide that complexity to hide the security complexity that it feels like an obvious user experience for everybody to use the end user ui the end user flows needs to be as simple as possible so that people like using them and like adopting them and by the way that's why there is a part of about storing the password in a secure way but for most there's a day-to-day experience of okay i have a passing manager i'm browsing online and dash plan for instance will naturally do the autologi in the autofill of the credentials on the website so that you don't even have to to think about it you can be that magical moment where i'm arriving on the website the login form is automatically populated i just have to press the bottom to validate and i'm in and that way you make sure that you both get the security but also the convenience by using that passing manager so if we go back to the people and how you can educate your people to understand better the impact and the implication of cyber security first like all those metrics that you've just shared all those examples there are plenty out there but start with that start with okay if you think you are you don't matter because you are just a regular volunteer or regular employee in the organization it actually do matter because you're part of the puzzle and you're part of the risk so you need to understand the implication if you get hacked with a senior personal life or in your in your work life you will you will put at risk your organization you will put at risk also potentially your own financial email social media and so you need to help them understand the impact and using the metrics and so on that does help here and you need to educate them on the best practices i just shared a few about what not to do with passwords there was plenty out there as well and we're going to go into more details and then like i said let's give them the tools to make it easy and that's also about the education and how to use the tool the right way how to the same way i'm reading my my toothbrush example but brushing your teeth you need to do it the right way you need to take the right moment to do it so that's not something that you're born with you teach your kid to brush their teeth and to floss the same way if you get a view of the tool of a password manager i need to teach you how to use it so the most helpful you choose a password manager whatever it is a order for so i think it's really important that that type of features that are really critical to having password measures the first one is of course it needs to be simple to use if you find a solution that's too cumbersome that's not intuitive enough then your team will not adopt it and you will fail in that mission so we and that's a very harder by the way that's a very hard challenge for us password manager because yet again there's a lot of technical complexity behind password manager but we're trying to make it as simple as possible and then there's a question of of course of taste and flavors and so on but find the one that you like using and that will improve the adoption rate so really your goal is to find the solution that your team likes and they will they will use for sure convenience is a big piece of it but to feel of when you when you navigate online making sure you can sync across devices so you can have it both on your desktop and your mobile phone everywhere where you need to access your credentials you need to be magically there and they are very important for productivity obviously having robust security and the track record of not being rich as a password manager is critical so look at this and it's that's public data if you're using SSO for your organization it's a good idea to find pattern and measure that can integrate with your SSO solution it's actually making it more convenient for the employees and all the volunteers and even more secure so that's a good capability to have them darkware monitoring so unfortunately whatever you do you may at some point have your password being leaked out there by by hackers so this will land in what we call the dark web which is that third-year space where hackers like share and sell data what we do as a password manager for instance is that we will notify you if your email appears in the breach and that way you can know that that website that you've breached and you can change the password and make sure that you minimize the risk so darkware monitoring nowadays actually I think must have for for password manager and then finally if you want to get your digital hygiene in a better place if you want to learn how to improve your personal situation having some form of password score password health score is important because it will help you understand okay I have that bunch of credentials that are actually leaked I should change them to make them stronger and actually reusing that the same password between the different websites that makes let's make sure that I generate a unique password for all those websites and so on and password health is a score is a way to monitor that progress yet again people people people password hygiene starts with the people so of course you need to provide the tool you need to provide the best practices but you need to provide them by connecting with the donors with the volunteers with the partners with everybody that's yours stakeholders in the organization so that they understand what you're doing and that we're not doing password hygiene and just for the sake of password hygiene but just because it will help the organization be more secure but also be more productive because if you have to react to a breach or to a security incident it's going to disrupt your activity like like crazy so make sure you don't do one and not the other so you need to have the right tooling that's for sure but that's kind of the easy part and then you need to use the tool and make sure that the organization adopt the tool so and that's that's a place where it's not going to be a one one time thing and then you forget about it you will have to regularly come back to it and repeat and provide awareness training and and give examples of okay I don't know what are what are the employees with the best security score they have a password health score of one in person they're great that's great example let's have everybody try to to to improve by by changing five passwords and making them unique and complex and so on so really I'm thinking about for instance also one of our customers they've really embedded the personal manager at the start of their onboarding each time they have a newcomer joining the organization as part of the onboarding they will spend like half an hour educating the person about Dashlane and how they should use Dashlane and importing their credentials into Dashlane and then looking at a password score and helping them really like a hands-on practice and hands-on awareness training so of course we cannot do this for in organization for everybody but just to give you a sense of the level of education that's required for us to really generate that that that culture of cybersecurity yes it doesn't have to be difficult it's really about obvious conversations so let's let's go into a bit more details adoption number one like I said is really important and adoption can only come if people are brought in and understand why it matters understand that the rift they're they're facing when they're they're not doing things the right way and I always like to say to to customers that use your own context hopefully you have never been bridged if you've been bridged that's a great context to share for when you come out but use your own context what if the organization was bridged what would be the impact can you can you brainstorm with me about the impact okay maybe data would be leaked and we would have a donors data very sensitive data out there we would impact the reputation of the organization we will be disrupting the organization because we have to scramble to fix the security leaks but what are the implications what are the threats against the organization for instance that's an exercise that we do even as a company at Dashlane we regularly revisit our threat model what are the impactors around organization obviously we are a cyber security company so it's even more important to us but you can do the same type of exercise just to explain and highlight what are the risks to your to your to your employees to so that they understand the potential impact and our like more bottom into the adoption second phase acceptance that's really okay now I understand now I'm starting to use the tool I'm starting to get on board into improving my own situation and my own cyber security practices I understand what I should take and here you need to to train them and I could bring them up at level by level to to to being a top top top cyber security level so at first it might be just okay let's start having everything in the password manager so that we have a control about it let's look at the password health score let's try to improve it to have like a let's get rid first of the compromised password that were distributed from the dark and monitoring alerts that that's the first step let's make sure that we don't have too many reuse passwords and then progressively you can ramp up and you can like level up on the practices until eventually you may have like another one of the password health core and very unique passwords everywhere you may have a two-factor authentication activated on all the critical systems and and and so on some like a regular dark and monitoring reviews that there's a lot you can do and that's like when you need to continue it's not a one-time one-time thing we are new people joining all the time you have people that you need to off-board that you need to be careful about the data as well and even for like the people that are still there you need to regularly come back to it and say okay how are they going how are we protecting the organization and so on sometimes when I have customers are talking to me about adoption of password manager they say okay I'm actually going to start only with a with the DIT team or only with the financing because they are the critical ones and I tell them okay but if you do that and you're not actually protecting the organization you're going to protect that little group of the organization and maybe that's important but actually everybody can be an door and an entry door to the internal systems so if you don't protect everybody then you're you're missing the point it needs to be a 100 adoption by everybody and you need to adopt the password manager to all the people of the organization without exception in a sense and maybe you're going to roll out you want to deploy this by starting by the ones that are more ambassadors and more tech savvy for instance and that's a good idea as well because then it can be released for you but don't assume that because you've done like a what you would consider like the critical people in maybe IT finance the board the leadership and so on you don't know you need to then continue going to run with adoption and so you need to find a path which is the best route for you but less than one other person adoption means that you still have a risk and of course when you're even when with one other person option you still have risks so it's really important to do the whole job I mentioned that already but yeah whenever you onboard something new the moment where you onboard a person that's the moment where you can really teach them and educate them about the importance of the digital hygiene and past management so and so you start from this from the beginning you have the training program or the onboarding program that is distributed to all newcomers that any addition to the team will start from a strong footing and you will make sure that you avoid the syndrome of okay I actually had an intern for six months and he lived all the time from the organization I don't know if you remember remember the the solar wind supply chain attack so that was there was a big attack in a few years ago but solar wind which is that big technical company providing solution for a lot of people Microsoft and others they had actually an internal leak and password that was the way the hackers got more recently octa the big identity provider had a similar issue that a third-party provider not doing things the right way and that was a leak inside the organization so yet again whoever you onboard into your organization whether they are like an employee an intern the volunteer maybe a provider third-party make sure they have the right standards of practices around the security and finally continuing to monitor the health of the organization you have to link like DARPA monitoring is one password health score is the other one there are different ways of approaching it but it needs to be like an ongoing effort to monitor the the health of the organization make sure that you don't like lower your guard and that is not because people think that okay now they're using a password manager and think seems to be doing okay that it's it's the end of the journey it's a it's an ongoing motion an ongoing journey that you need to be always on top on top of I want to share I think there are two case studies the first one is Nita so they're sharing so how they've been really working on their password health score so in so in 2020 like everybody has said through COVID a lot of people moving more virtually than ever more remote and of course when people are more disconnected and increase the risk across the organization of practices like not being as good and like people being a bit disconnected and more risk so they wanted to really find a solution that allows them to to step up in that remote hybrid world like making sure that they can monitor everybody the threats again against the organization in a stronger way so having stronger password managers was an obvious place where they could ramp up so using a password manager using password health scores they've been working with the team making sure that they raised the password health which also means that they've been cleaning up the compromised password cleaning up a weak password and reuse passwords and the fact that you have a unique complex password on each of the websites doesn't mean that that website or that SAS tool cannot be breached but it means that at least you're reducing your exposure you're reducing the risk if one single service is breached that's still an issue but at least it's not going to contaminate the other system that you're kind of like having silos around all of those those those services by the fact that the keys to those services are unique and individual so that's a that's a that's a very important important one you can find when you get the slides you can find a link with more details about that that case of the about me it's an interesting one they've been really very proactive about okay let's take the organization higher in terms of a password health score and let's work as a as a team to make it happen that that a second example village rich so a non-profit very interesting organization so same thing they they felt that they needed like a better cybersecurity practices and so they decided to use dash cam to to step up and really provide the tools to be to the organization they improved the password health score since they started using dash cam by 100 to 20 percent and that's of course thanks to being able to monitor it through the password manager but also thanks to the practices that they put in place to identify and clean up like the week's pot in their password hygiene make sure that they use the the data from the password health score from the dark monitoring to to target the employees that are most at risk first and like probably if you get the whole organization to to uh improving the the the awareness improving the culture of security and and make it part of the the default practices of the organization so it's uh it's uh onboarding the past manager is also a good way to clean board the security and awareness and make sure people understand that because they are it's everyone everyone's responsibility they have the password manager on their desktop they have the password manager on their mobile with their own credential they can now have visibility and how they do their own practices and that's the way to really uh really raise your awareness which is what matters at the end of the day okay just to wrap up and hopefully uh i'm happy to answer any question afterwards but uh in a sense security today is kind of simple and used to be if i think about a few years back a cybersecurity was a very technical very complex world with a lot of heavy solutions that were a bit uh not easy for uh it and mean and for organization to to to adopt we're trying to change that the password manager are trying to make that mission easier and easier or are sort of like our motto is try to make a security simple for everybody for organization and for their people that's a way where a past manager and dashing can help uh if you want to give it a try uh there's that qr code uh that you can probably scan with your phone and that will take you to be able to start the trial with uh with dashing business you can also of course find us on dashing.com uh you can will find you'll have the data and the slides afterwards so you can also visit the the deck um but i really encourage you or whether it's by the way dashing or another password manager you should have a password manager in today's world uh all fully connected remote world where you use more and more sass solution not having a password manager is really about a year that's uh almost having in today's world so i really encourage you to to use a password like dashing all right i think i think i will just take a bit longer on the on that screen if people want to uh to scan the qr code so it was a bit hard for me to uh to follow the chat at the same time but i'm happy to uh to take any question and i hope we the team can help me also like a match Q&A questions. Yeah i'll let some of your team members unmute themselves there were a lot of questions in the chat and your team has been doing a great job of answering the questions if they want to highlight yourself if they want you to answer go ahead unmute yourself. Great um one of the first questions are what's the approximate cost of Dashlane's password manager for a small non-profit organization and so i can actually answer this quickly um we have a special offer that's exclusive just for TechSoup partners um so that would be 50 off and if you have any questions about that please reach out to someone at TechSoup actually it just got popped in to the chat thank you so much to the TechSoup crew um so a great discount for all of our very valued non-profit organizations out there um additionally our password manager safe isn't there a big risk when a site is hacked Fred do you want to tackle that one? Yeah obviously that's a critical one and so yes password managers are safe obviously are safer than uh not using password managers and there's no solution to one another person perfect there will always be hackers finding ways around password manager but just so that you understand better the way we designed it from a technical standpoint we are using a principle that is called zero knowledge architecture and what is behind that big words is the fact that we're building the solution so that the only person who can access the data is the user themselves not Dashlane not a hacker not everybody else what that means that everything will happen locally on your device you're going to start storing data into the Dashlane app on your device and we're going to encrypt that data with the key to that data to your vault which is called the master password so when you start with Dashlane when you create an account we'll ask you to generate a master password you're the only one only the user has the master password it's never transmitted to Dashlane we don't have it and so on and we use that master password as the key to encrypt your vault and and so that's really the and the crux of it the heart of it which means that whenever the data if it transit for instance when you're going to sync from one device to the other obviously the data is going to go through the Dashlane servers but they will go in an encrypted fashion and we don't have your key so we can't access the the data the only person that has the key is the end user which by the way means that for us it generates a lot of complicated flows to to build for instance when you want to share a credential between two people there's a lot of cryptographic keys happening behind the scene to make sure that only the person that shared and the person who you show you to can access the data and nobody else so it's a I can go to more technical details if you want to but that's kind of the essence of it so local encryption on the device with the key that only you have that's what ensures that nobody else but you can access the data perfect and another question from qa is do you have any advice for it managers who have a hard time convincing their board of trustees to fund cyber security projects yeah that's a tricky one because the problem is security it's a bit like an insurance investment so you hope you would never be bridged and so on so it's not like it's green value to the organization or to your own mission it's more like an insurance but at the same time they data out there in case you get rich of how much it's going to cost you and what's going to be the impact that I think it's a it's worth putting that money that at risk in the bank so the good news is that past managers are actually relatively speaking pretty cheap cyber security solutions compared to a lot of other solutions I think that's why it's they are a good idea to start with them and you already get the coverage of having like the basics protected with your end user being protected by a better password hygiene and then you can also try to fund more advanced cyber security project but start with the easy one let's say but it's a very tricky situation even for us a very simple cyber security company but when we have to fund our own cyber security project we also have to convince and get buy buy from our board. Perfect thank you and another one is I've always been concerned with using a password manager what if it gets hacked so this is similar to before but I know that you had mentioned about the security use but what say is different compared to some of the other password managers out there? Well the first thing is at least the dashion has never been bridged so that's a good news and I'm touching wood that it stays that way even though I'm realistic may happen one day because yet again cyber security is a tough industry and we're always trying to be more creative and smarter than the hackers out there but sometimes it's complicated so it's really about using very simple principle of security that are easy to build and easy to maintain and easy to monitor. So the problem is that I mean I would reverse the question in a sense what is the alternative? The alternative is to store your passwords in a Google Sheet. Google Sheets are not made for security so they can be leaked they can be actually if you mess up with the access write they can be indexed by Google search engine so there are plenty of use cases or examples of people who have leaked their credential to Google Sheets on the internet. We've seen the post-it notes and the pictures of the post-it notes out there and so on so I'm not sure there is a real alternative to trusting password manager then you need to find the right one that you trust of course and that's a question of doing your benchmark and doing your research about okay what are the trusted solution but I really think that nowadays password managers need to be a de facto must have for everybody else it's so much better than just not doing it. I'm trying to find an analogy but think about for instance some years back everybody was driving without having a seat belt and everybody felt like it was okay and then there were accidents and at some point having a seat belt became like the norm and the regulation forced you to do it and today I think nobody would think about driving on the highway without having a seat belt because you know it will protect you even though it's it's not the perfect solution you can still crash a car and you can still be injured but same thing password manager they should be the seat belt of you driving on the highway of the internet. Okay thank you and similar I know you just mentioned google but is google password manager an effective solution? It is it is for the consumer world I don't think it's enough for the organization for the enterprise world so when you when you when you use google password manager what you need to know is that you're actually giving your credentials to google so you can trust google that's fine but you know that with the solutions like google if you're not paying for it you actually as the same goes you're the product so they will use your data for marketing they will use your data for advertising and so on and that's only me because I have of course a privacy sensitive background and so on but I use google products but I don't trust google that much either so I want to make sure that I don't put all my eggs in the same basket I trust google for search engine I trust them because I use them on the internet but I'd rather keep my password in a solution that is that I'm paying for that's also a way for me to trust that they're not going to use the data for other means or the reasons and also separate things so that I don't have all my eggs in the same basket and another example is that I used to have a gmail account a long time ago but I started personally using a third party solution called fastmail that's an independent Australian company I pay for it there's a small subscription you're the subscription that I pay but that is I know they're not using my emails and my data to to market for me and to to advertising against me and the type of stuff so that's more of the consumer side but as an organization it's kind of the same thing um you never know so I think it's better to like spread your risk and and not trust that the big pack are doing it with the perfect right um and does dash lane support centralized corporate storage for shared corporate credentials so I'm not sure I understand the question but I'm going to try and answer it and you tell me if that's answers the question so there is a sharing capability in dash lane so as an organization you can have credentials that are shared between individuals or shared between groups so let's think about okay I don't know I have a Twitter account for my organization that needs to be shared by the marketing team then that with different access rights and so on you can have this story in dash lane and share whether it's with the individual or with different groups so that can everybody can access the credentials and can use it to autofill and to to access a Twitter account of the organization so that's that's the answer that's the question I think that works and in the QA if that did not answer please let us know and another one is can you address how FIDO will allow for a passwordless future yeah that's a great question and so the FIDO Alliance for those who are not aware of what it is it's it's it was started in 2013 if I remember correctly it's like a consortium of different organizations in the authentication space and a lot of people end there like Microsoft, Intel, Apple, Dash and it's part of the FIDO Alliance and the goal of that the consortium has been to try and promote better authentication solutions so it started off with a two-factor and multi-factor authentication as a way to protect on top of passwords and more recently they've been designing new technical protocols one of them is called WebAuthn which has been standardized for the web as a way to both support multi-factor authentication solutions but also as a way to potentially replace passwords in the long run by a concept that has been called pass keys and pass keys essentially there are passwords they're just like passwords that are a long string of characters that you can never remember so they're like a secret that you would be able to use on the website without even knowing that secret because the solution the technical solution will do it on your behalf so it's a great that's a great it has a lot of potential especially because it's sort of fishing resistant because you don't know the pass key you can't really leak it to a hacker that can use it to connect to the website by stealing your password but we were in the very early days there were announcements earlier this year about the first support of pass keys Dash and Auto-announced like this is our own support of pass keys we'll see how fast it goes but it goes in the right direction I think to like a building a better more secure identity world so I'm really looking forward to what how things will unfold it's going to take time because yet again we are so used to using passwords that everything is building on password today so migrating to a pass key world it's definitely going to take a lot of time but at least that way we've embarked on that journey and everybody seems to be kind of a line of okay that's the direction to go so hopefully we'll have a better future perfect and I know we're getting close on time so we've selected two more and the rest of the team will answer all other questions that are in the q&a and the first question is how do password managers work do you manually input your username and password and it saves the account for your eyes only is it a simple process typically yes the way we do it at least is whenever you're going to so let's assume I create an account on Dashlane I'm a new customer I'm starting to use Dashlane for my password management practices so of course you can obviously share passwords somewhere else like in your Chrome passenger you can import them to start with but then what would happen is that once you start rising online let's assume you come on a new on a website you're going to type your login and password for the first time in that login form at that point Dashlane will actually recognize that you've been doing that and we suggest that you save the those credentials in the in the past match and we'll do it automatically you just have to press save and we'll do it for you and then the next time you come on the same website because now we have the information we just auto fill an auto populate that login form on your behalf and then you just have to press click and then you're in there are a bit more options to make it even like an auto login so you don't even have to click on the button but that's kind of the gesture of it so as you navigate we automatically save password for you on your behalf and then we will use it use those to to login automatically then as you start populating your vault of course that's when you can start having like a password health score being computed to get a sense of okay actually I'm reusing the same password on all those different websites I should have a I should actually change those to make them more secure and that's also a place where that can help can help you generate strong unique passwords or if you go for instance to register on a new device you can ask dashlane to automatically populate all the fields for you based on your information generate automatically a strong credential a strong password sorry and then save it automatically for you I mean if I think about my own use case in dashlane I actually know none of my password the only one that I know is my master password because that's my key to enter dashlane but all the 1200 passwords that you have in dashlane I don't know any of those credentials no that's not exactly true I do know the the the password to my email account because that's also an important one so I know two passwords perfect thank you and could you talk a little bit more about the bpn function and how that takes security to another level yes so as we've been building dashlane in time we've extended to everything that's trying to secure your identity online so of course we manage a credential but you also can put your information about your personal identity in there like your identity card or your address you can put your payment information that we will auto fill for you seamlessly when you navigate online we like I said offer a solution like dapper monitoring and we decided to also offer bpn so bpn is a different sort of solution because it helps you protect your internet traffic it will encrypt the the internet traffic that's coming on your network so nobody can eavesdrop on it and they can try to access the data that is in transit as your accessing website and so in particular very useful when you're for instance on the unprotected wi-fi hotspot let's say you're in the airport you want to connect to the wi-fi airport usually that's very unprotected wi-fi so you may as well activate the dashlane bpn to protect that traffic and make sure that you're not leaking data or whoever is eavesdropping on that if you don't have a corporate bpn with the organization that's also another way you can use the bpn to have a better network traffic protection in a sense perfect and one more quick question I know we have a couple more moments and we will be sending out an email address for anyone that has following questions but Fred can you share how we should decide if you should have a business or team account or the new plan that we just launched starter yeah that's a good question so the way we thought about those different plans are the starter plan is really for you to get started with dashlane but like the name implies if you're a very very tiny organization with something like less than 10 people that's a good way to start them then the main regular plans are the team plan and the business plan the team plan is for organization that have probably fewer people but also don't already have a fully advanced IT stack and by that what that means like you don't necessarily have SSO if you don't have SSO you probably don't need the business tier which is where I really got those advanced features that allow you to connect dashlane to your SSO solution the single sign-on solution we also offer things like a scheme provisioning I'm sorry I'm getting a bit technical here but scheme provisioning is essentially a mechanism for you to automatically add the new employees into the dashlane account and remove them when they are bored so there is a lot of automation in the business tier so if you have an organization which is not as advanced in terms of IT complexity you may probably find with the team tier but of course if you have more needs because you have those solutions like SSO and scheme then probably the business tier is better for you. In the business tier one thing that I like is that we also offer a family plan for all employees so as I said one of the risks is to reuse the same account between personal life and work life so we are offering a family plan so that each employee can actually use dashlane for the rest of the family to protect themselves. Wonderful thank you I think that those are all the questions we have for today and just to share with everyone who's still on we did share the email and phone number for any questions you might have following this webinar thank you. That was excellent Frederick you answered all those questions so thoroughly I really really enjoyed this webinar and thank you for the TechSoup team who popped in Allison, Mason and Gail and your team did an incredible job thank you so much to Andre, Casey, Chris, Manon, I hope I'm pronouncing your name right Manuel, Patrick you guys are awesome and I hope you come back this was wonderful thank you so much. Thank you very much. All right have a great day everybody go vote bye bye. Bye bye.