RoboForm & RoboForm2Go Product Review
I’ve been using RoboForm and RoboForm2Go for nearly 2 years now to manage all of my online passwords. In a nutshell, it protects my vast array of online passwords (as of this writing, I have just shy of 90) in an encrypted manor with one master password. I have I’ve found one of the easiest products to use because it not only sites down near my Windows clock, but also attaches to both Internet Explorer and Mozilla Firefox as toolbars.
Using this product, I can now just remember my one complex RoboForm password and it does the rest. RoboForm2Go enhances this by allowing me to load the same application onto my USB key and run it from there instead of loading it just on to one host computer.
Below is a screen shot of what this looks like for me in Firefox:
The first button is the RoboForm menu. It has what you’d expect – the ability to change options, close the toolbar, read the help file, etc. The second buton is a customizable search box. You can point this at any of your favorite search engines, but to be entirely honest, I normally turn this off. There are half a dozen ways to search google nowadays, I don’t need another!
The next button, labeled Logins is a drop down list of all the saved passwords you have. These saved passwords are called passcards within RoboForm. These passcards are protected by your master RoboForm password – the only one you have to remember. I’ve borrowed this screen shot on the right from the vendors web site that shows a sample list of logins. While there is an option in the list called “New” to create a new passcard, I’ve never bothered to use it. The first time I login to any web site, RoboForm pops up and asks me if I want to create a passcard.
One of the things I don’t like about this screen shot is that they don’t show you that you can organize the sites into folders. My initial list is much shorter because I have folders setup such as “Email Accounts”, “Bank Accounts”, “Social Networking”, and the like.
In any case, clicking any one of these passcards will bring you directly to the page configured for that passcard and will log you in directly to the site.
You’ll notice the next button over in my initial screen shot is labeled “Mozilla Developers”. This is because RoboForm realizes that I’m on a Mozilla.org page and that I have a saved password that I’ve called Mozilla Developers. When I’m on the page where I can login to the Mozilla Developers page, this button will become bold and I can click on it to login.
Second from the right is the Save button. This button allows you to save an online form, even one that isn’t actually a login, into RoboForm. This button is actually my secret to completing the timecard for my employer each week! I saved a single time card that entered the appropriate hours for each day of the week as well the personal information that my time card asks for, and then can use it to populate my time card weekly. I double check it for accuracy and I’m done in seconds rather than the minutes it normally takes me to type out.
The last button is my most frequently used button and that is Generate. That allows me to create password on the fly that meet the most restrictive complexity requirements of any site I’m visiting. To the left you’ll see a screen shot of what this looks like on my computer.
Notice that I can set virtually any password length and character type. When logging into any new site, what I normally do is read their maximum password length and use a number equal to or close to that, then exclude any characters they don’t allow. RoboForm then generates a pretty unguessable password such as the one shown in the screen shot. I copy the password to the clip board and use it to login once, allow RoboForm to remember it, and then I know I’m safer than using a pets name to login to Bank of America.
I’m not the only one who has credited RoboForm as a great product, they have also been positively reviewed by PC Word, The Wall Street Journal, The New York Times, and CNET’s Download.com. If you’re in the market for a great website password manager, I highly recommend RoboForm. For more information, please consult the RoboForm website.
RoboForm is a fantastic tool and the password generator is especially convenient when you just want to get through the sign up process fast. I use the Billeo toolbar nowadays though because I make lots of online transactions and it has a really helpful transaction manager. They’re having a contest and giving away an iPhone to US residents who sign up by the 26th.
Thanks for the great review Chris
@roboform
Hope no one over at Ciber minds the stolen screen shots!
Thanks for the product, Scott
Unfortunately that list of passcards that you can see in the nice screen shot is available for anyone to view, in that same form, showing what services you log into and who the users are, unencrypted, in the Roboform Data folder on your PC and on your USB key.
While Roboform encrypts the passwords, it crucially does not encrypt the list.
This is a significant problem. Anyone “finding” your USB key can tell a lot about you and the sites you use, and the subject (although not the content) of your Secure notes – what you have written about.
I look forward to Roboform’s fixing this fundamental failing before we can use it more extensively in our business.
@ETT
ETT – The thought has crossed my mind as well. On the one hand, I like that I can simply open the browser and select a passcard, or have the passcard immediately available when I go to a site that has one available.
When I put my security hat on, however, I can see that any amount of information for a potential theif is too much. Knowing that I have a gmail account or that I bank with XYZ Corp is a good start into hacking their way into what I’m trying to protect.
Thanks for your reply …
” I like that I can simply open the browser and select a passcard, or have the passcard immediately available when I go to a site that has one available.”
- well, Roboform could still do all that, and in addition could potentially do it at least as securely as most other similar security products which put all the secure data inside one single “vault” file which is entirely encrypted and whose contents cannot be read.
The current Roboform design is a bit lazy – I can see why they have done it that way, to allow them to easily sync, passcard by passcard, without thinking too hard, but they have definitely compromised users’ security by doing it.
If Roboform reworked the product a little to use one single secure encrypted vault file, then the security would be excellent because it would betray nothing at all, but, at the moment, it is just not secure enough.
Unfortunately, the publisher’s people just keep denying there’s a problem.
HMMMM… YES… This is definitely a security problem ETT. Still, you can encrypt this file and password protect it (ie folder lock) till you use it for the next time. What do you think about that?
And another thing… an unauthorised user can also rename usernames, delete them, move them… DISASTER!!!!
And I also realized that one (without loggin in) can also synchronize the roboform2go with the online password backups without using any login password. Imagine the result if this person first deletes all logins and then synchronizes!!!! I guess that this means bye bye backup…
So I stick to my initial proposal… encrypt the folder that contains this sensitive area. The cheap way to do it is using winrar and setting a password before zipping.
Reviewer wrote: “I copy the password to the clip board and use it to login once, allow RoboForm to remember it, and then I know I’m safer than using a pets name to login to Bank of America”.
I do not recommend using that “Copy” function if you intend to use RoboForm2Go on a public computer. That password you just “copied” is easily accessed by preinstalled hacking software that views your clip board.