Dashlane and Google’s YOLO Project for Passwords: WIIFM?

Dashlane and Google announced that through a combined initiative, the two companies are working on an open API for developers. It would tap in to password managers so that Android users can log in to their apps automatically. That API is called Open YOLO — YOLO meaning “You Only Login Once.”

If you’re not aware already, Dashlane is a password manager that competes with the likes of 1Password and LastPass. It’s actually my preferred password manager because of its absolutely stellar UI and functionality. But interestingly enough, it has agreed to let Open YOLO work with any password manager so you don’t have to use Dashlane to reap the benefits of the API.

YOLO in this case means ‘You Only Login Once.’ Yikes.

Security

Now you’re probably thinking about security. Do all these Android apps who use this API to log me in suddenly get access to my passwords? Why would I want to participate in that? After all, the Google Play Store and Android in general don’t have the best track records in the security department. Well, it doesn’t work quite like that.

The details for how specifically the API will work haven’t been laid out publicly yet, but I think it’s safe to say that app developers won’t actually get access to your passwords. It’s much more likely that Open YOLO will work similarly to Apple Pay. Apple Pay stores all your credit cards and lets you pay with them in stores and online, but neither Apple nor the vendor ever actually get to see your credit card information. Instead, Apple generates a random code to mask your credit card so that when it’s time to pay, this virtual code is all that’s required and then your iPhone translates this locally, securely and behind the scenes.

The Open YOLO API means that developers will likely have to add some lines of code to their app’s login screen that basically say something along the lines of “Yes, this app would like to participate in Open YOLO. Here’s all of our information necessary for processing logins, now do your side of the work.” Open YOLO would presumably gather basic information about the app, tap into your password manager for a matching password and then autofill the login — or better yet, be able to do this in such a discreet way that you can bypass logging in entirely. That’d be the dream.

Stanojko Markovikjm, Dashlane’s Android Engineering Lead, explained this to TechCrunch very similarly. “The app would be able to query other sources of credentials, such as Dashlane, another password manager, or even another browser, if it contains a credential for the app,” he said.

Open YOLO will work with any password manager so you don’t have to use Dashlane to reap the benefits of the API.

Adoption

1Password has offered something very similar to Open YOLO’s to let mobile apps pull in login information, but it hasn’t been very broadly accepted as this Dashlane and Google collaboration could shape up to be. And from my own experience using 1Password, the app integration rarely worked for me on iOS.

Of course in order for Open YOLO to work to its full potential, apps need to get on board by implementing the API and so do password managers, though Markovikjm said the major players like 1Password, KeePass and LastPass are all interested. Open YOLO kicks off as soon as the code is made publicly available.

For now this will only work on Android, but hopefully more platforms will come in the future as development of the API expands.

Open YOLO looks like a safe, secure method for users to automatically log in to their apps across all devices, especially mobile. Hopefully developers are quick to recognize the potential.

ALSO READ: LastPass Hacked: No More Passwords in the Cloud?