Dashlane’s “Inbox Scan” Tool Uncovers The Passwords You’ve Saved In Your Email

Even if you create and use secure passwords with your various online sites, there are still a number of ways they can leak out. One area that’s often overlooked, according to password manager and digital wallet provider Dashlane, is email. That is, people often share their login credentials and plain-text passwords along with other sensitive data via email messages. That means if hackers get into your inbox, they can quickly gain the keys to a wide range of your accounts. And if you tend to re-use passwords, the damage could be even worse.

That’s why Dashlane this week rolled out a new tool called Inbox Scan which will automatically search your email inbox for vulnerable information, including passwords you’ve shared.

The service, available online at dashlane.com/scan, is an easy-to-use tool that scans your Gmail, Hotmail, Yahoo, or Aol email for sensitive information. To use the tool, you authenticate with your email provider in order to give Dashlane temporary (and read-only) access to your inbox for the purpose of the scan. None of your personal data is stored when the scan is complete, however.

The scan’s assessment will then provide you with an “inbox health report” which includes details on how many passwords were present, as well as additional details, like the number of accounts created, those affected by breaches, notifications of weak or re-used passwords, and more. In order to identify these latter items, the Inbox Scan system looks for those automated emails that arrive after you sign up for new services.


Your accounts are displayed to you visually as a collection of bubbles, where the larger the bubble, the more important the account. Meanwhile, red bubbles mean Inbox Scan found a plain-text password associated with that account.

As someone who has probably signed up for every online service since the Web 2.0 days and has been using Gmail since day one, my Inbox Scan report was somewhat intimidating. It would have been helpful if the tool could have eliminated those accounts for dead startups whose domains no longer resolve, for example, but I realize this is not a mainstream user’s problem.

Since Dashlane doesn’t store any of its conclusions, if you want to begin to fix the problem, you have to download the full report (a PDF) in order to parse through the data in more detail. Of course, you can also just use Dashlane’s app itself to fix your insecure, breached, or re-used passwords, too.


According to Dashlane’s CEO Emmanuel Schalit, one of his company’s studies found that only 1% of Americans believed email as the item they were most afraid of hackers stealing. But in reality, he explains, it’s the favorite target for hackers because of the volume of personal information we keep in our accounts. The idea with Inbox Scan, then, is to help close up this hole. While it’s not going to protect your inbox from actually being hacked, of course, it could limit the damage a hacker could do if they were able to get in.

The program worked well for me on Gmail, but crashed on my Hotmail, so your mileage may vary, as they say.

Still, given that Inbox Scan is an entirely free tool and is offering some fairly critical information you can and should take action upon, it’s hard not to recommend at least trying it out. The scan itself only takes a few minutes, depending on the size of your inbox, so it’s something you could do at any time.