Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

RoboForm Password Manager and more

I think that I have about 80 – 100 passwords that I use on a regular or
somewhat regular basis. I always remember my network and computer logon
passwords, but beyond that I often have to check my a) Outlook notes on my PC
at work, or b) when at home on my Mac, my little black notebook stuffed in the
bottom of drawer.

Is storing my passwords on Outlook notes safe for my bank and tax filing
accounts? Are online password managers or ‘safes’ secure? Do you have any
suggestions for how best to manage the proliferation of passwords for online
accounts?

I don’t really have a good cross-platform solution for you, though I do have
a couple of odd ideas.

However, I have developed a very strong recommendation over the past couple
of months for a product called RoboForm – which happily includes a free version!

Let me touch on your first two questions first…

Become a Patron of Ask Leo! and go ad-free!

Keeping your passwords in Outlook notes scares me somewhat. Yes, your PST can
be encrypted (make sure that it is if you continue to do this), and
theoretically it should only be accessible when you’re logged in. Hence, it’s
“safe” behind your login password. But ultimately Outlook wasn’t designed for
this, and I’d be concerned that if the PST ever fell into the wrong hands, it
wouldn’t be that hard to open it up and have access to whatever you
have inside. So, theoretically it’s an “ok” solution, but not particularly
secure.

Online password vaults make me nervous as well. There are two issues: trust
and connectivity. I’ll admit, I’m a control freak, and the thought of handing
over my passwords to some online service over which I have little to no control
scares me. I’m sure that there are trustworthy ones out there, but I’m also
sure there are some that are less than reputable. I don’t want to be the
one to find out the hard way. Online vaults also assume you can connect to
the Internet and that you can connect to them. If the service goes down for some
random reason, would you be blocked out of everything? If the answer is yes …
well, that’s a deal breaker for me right there.

What I have been doing so far is keeping all this information (and more) in
an Excel spreadsheet. (You could, of course, use a plain text file and Notepad,
or whatever else you might like.) That, in and of itself, is
incredibly insecure and dangerous. That is, until I place that
spreadsheet – and a number of other sensitive files – onto a virtual drive
using TrueCrypt. When the virtual
drive is not loaded, the contents are securely encrypted and inaccessible to
others. When it is loaded, the contents are simple visible as unencrypted
files.

“It’s easy to think of RoboForm as simply ‘yet another
password database’ – but it’s much more.”

Now, I worked that way for accounts and passwords for perhaps a couple of
years. It’s secure and relatively convenient, except for the part about having
to fire up Excel and copy/paste account names and passwords into the web pages
that required them.

Then a colleague suggested RoboForm.

It’s easy to think of RoboForm as simply “yet another password database”,
but it’s much more. That thinking actually kept me from trying it long ago – I
had a password database solution as I just outlined.

What makes RoboForm so much more than that includes:

  • RoboForm will capture passwords as you visit sites. That means creating the
    password database is not an extra maintenance step but rather a somewhat
    innocuous side effect of simply using the web. As you enter a username/password
    on a site, RoboForm doesn’t already know about, it simply prompts you to save
    it:

    RoboForm asking to save new login information

    (A side effect to this side effect, by the way, is that RoboForm can be used
    to recover passwords you’ve forgotten but that your browser’s auto-fill feature
    continues to enter for you.)

  • Once RoboForm has the password for a particular site, you can use the
    RoboForm tool bar to go directly to that site, enter the login information and
    submit it, all with only two mouse clicks. On the toolbar is a dropdown
    menu:

    Roboform dropdown menu

    Click on the site RoboForm knows about, and it automatically takes you there
    and logs you in with your credentials.

  • The RoboForm database is, of course, encrypted by default. RoboForm also
    handles the appearance and disappearance of the database gracefully. That means
    if you have RoboForm configured to look for its database on, say, a USB
    thumbdrive, simply inserting the thumbdrive will activate all of RoboForm’s
    features; remove the drive, and RoboForm quietly notices.

  • While RoboForm is not truly cross-platform, it does include a viewer that
    can be installed on your Pocket PC or your Palm device. Your RoboForm database
    is automatically synchronized when you synchronize your device, and you can
    securely view your passwords on your hand-held device.

  • Since with RoboForm you actually don’t need to remember
    passwords, you can actually switch to using significantly better and harder
    (even impossible) to remember passwords. And, naturally, RoboForm includes a
    random password generator for just this purpose.

  • RoboForm works with IE, including IE 7, and Firefox, including FireFox
    2.

There’s more, so I’ll simply encourage you to check out RoboForm. The free version, naturally, has some
limitations, specifically in the number of “passcards” that you can keep. But
the Pro version does not and, in my mind, is worth every penny.

One addendum on how I use RoboForm today.

You’ll note that I said RoboForm’s database is encrypted by default.
That means the first time you use RoboForm after logging into Windows, you’ll
need to supply the password to unlock the database. I actually skip that step
and keep my RoboForm database unencrypted – because I still keep it on
my encrypted TrueCrypt drive. RoboForm doesn’t do everything – it’s a
solution for websites that require login, and it does that very, very well.
However, I naturally continue to have other sensitive information that I keep on
that encrypted drive – and even in my Excel spreadsheet. But since that drive
is encrypted, and since I have to specify a password to mount it, there’s no
reason for me to place an additional layer of encryption with RoboForm, so I
simply skip that.

And as I pointed out above, RoboForm gracefully notices when drives appear
and disappear – meaning that as I mount, or unmount, my encrypted TrueCrypt
drive, RoboForm “just works”.

The one bugaboo that I haven’t addressed is the cross-platform issue. As I
said, I don’t have a graceful solution for that just yet. RoboForm is Windows
only, aside from the PDA readers I mentioned above. TrueCrypt is promising a
Mac OSX version in the future and already has a Linux implementation, but even
when that does arrive, it doesn’t give you the features that RoboForm does.

I’m certain that there are good Mac solutions out there (I hear good things
about 1passwd), but I’m not aware of
one that interoperates with Windows.

So you’re left with two solutions, IMO:

  • Use the RoboForm PDA solution to keep your password list with you and use
    that to manually read and type in your passwords on your Mac.

  • Use a Mac-based solution in addition to RoboForm on Windows. Yes, that means
    keeping two databases – one on the Mac, and one Windows. But building that
    database is really just a one-time thing on each platform. (And 1passwd
    indicates it can import from RoboForm, so perhaps there’s a migration or
    synchronization path there.)

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

38 comments on “RoboForm Password Manager and more”

  1. I use KeePass Password Safe. It is open source and cross platform (Windows, Linux, Mac). It fits my needs and does the job its supposed to do. It’s not quite as conventient as RoboForm, but its completely open-source/freeware and is cross platform.

    Reply
  2. Roboform does NOT do Linux and has NO PLANS to support LInux! If you want to run it on Vista, you have to have the 32 bit, as they haven’t developed a 64 bit yet.

    I’m looking for a Linux password keeper similar to Roboform also! As I am tired of all the crap Windows does!

    Reply
  3. I’ve used Roboform for several years now and it is one of the two reasons I have not moved over to Linux entirely (Mozy backup is the other). I know there are other password programs out there, but that doesn’t make me like them any better. 🙂

    However, just because Roboform doesn’t currently support Linux is no reason not to pepper them with questions about it! If they notice a strong enough demand for it, they may finally cave and develop one.

    There are rumours that someone got Roboform to work on Linux with Wine, but I’ve never gotten that to work correctly.

    Reply
  4. thank you leo for your discuss about RoboForm , but because this program is not totally free , i’m not use it , but ofcourse i saw it’s wonderful advantage , and it’s the first time to heard about “cute password manager” or “acess manager” but i will try it soon surely . thank you again leo .
    http://www.fosdir.com

    Reply
  5. the way you enter passwords into roboform is to visit the site and log in. roboform will capture the url and sign-on data (user id, password etc). it’s that simple.

    Reply
  6. I have been using the free version of Access Manager by Citi-Software Ltd. It’s very easy to use with the drag and drop feature which loads the password as you drop the user name. You can create your own password or the program will generate a unique one for you, using numbers, alpha characters (lower and upper case), and symbols in any combination. And the program provides the option of generating a printout of the password database if you choose to do so.

    Reply
  7. Roboform is safe and dead simple to use. I initially tried the free version and quickly learned what a powerful program it is. Been using it for years now and couldn’t imagine going without it today. Nothing else I tried/used was near as convenient.

    Reply
  8. I’m another one that’s been using Roboform for years now and can’t imagine using anything else. It’s ease of use and reliability makes it number one for me.

    Reply
  9. in reply to samuel davis iI have used Roboform on linux- Ubuntu, if I remember correctly. I can’t say it works on all versions- and I did have it on Firefox, not the built-in browser.
    Secondly, I’ve tried pretty much them all. I paid for the full version of Roboform and can recommend it. In fact, if you do any online banking, shopping etcetera, it is a must. It’s only failing, which is its main security feature is that lost information due to crashes, forgotten main password is unrecoverable. But passwords can be reset. Lost money/identities cannot! (Well, not easily, anyway).

    Reply
  10. try lastpass.com ! plugins for Linux and windows, it does the job great ! – imports from Roboform, FREE, and BETTER, no arrogance towards Linux.

    I switched completely.

    Reply
  11. but how can you see the passwords again once they have been turned into …… things? Ireally need to do this to get out of some sites and deactivate them but can’t “see” the password.

    In Roboform if you right click on the passcard in the drop down menu one of the options is “Edit” – that will show you the password.

    Leo
    30-Jul-2009

    Reply
  12. I figured it out – no thanks to the “help” or FAQ at Roboform. What you do is Click on your Roboform icon thing, drop down to Identities, Print List, Put in your Master Pasword, Choose Passcards from menu bar, font, columns and then Preview. Voila! Keep in a Vault!!

    Reply
  13. i dont want others to see my password …

    can u any one tel me how to protect in edit panner any one an able to see

    thanks in adavance

    Rajesh.boddu

    Reply
  14. Here’s a second (or more? I’m not clicking “see all 21”) for LastPass. I’m now using the extension-laden Chrome, with LastPass + Xmarks – both available for Firefox, so completely x-platform, if you so choose – and they’re invaluable for completely syncing all my loot.

    Reply
  15. I have been using RoboForm for years, but had always been concerned with the safety of preventing access to my log on information. That is until, I began using Cryptainer (a free encrypted virtual drive program). I have since, changed to using Safehouse for the same purpose. Using either one, I simply move the Roboform data folder into the encypted drive and direct RoboForm to get its data from there. With either encypted virtual drive program, the drive and the data it contains is not visible until I sign into the drive and install it. When I log off the drive or shut down my computer, the drive is no longer there and RoboForm has no data to work with.

    This is exactly what I do, using TrueCrypt.

    Leo
    14-Jan-2010

    Reply
  16. Leo,
    I wish you’d check out a password program that does not store anything anywhere and yet allows you to use extremely secure passwords. See cloakpass.com because it really works and will protect against most bad situations. It’s free.

    Reply
  17. Leo,
    Just finished your article about Roboform. I retired from HP about 10 years ago and keep up with current technology as much as I can. Recently found your site and subscribed to the e-mails.
    I have been using a password pgm called Last Pass. Sounds very much like robeform which I will check out to see if it is more beneficial than last Pass.

    Reply
  18. Now why would i need a PAID program to do what the Wand from the Opera browser does much better for free?
    To all who have asked: Wand stores the passwords in an encrypted file, it automatically recognizes the login pages and offer the possibility to choose between different ones or to memorize a new one, the passwords are never in the clear and all can be very easily edited. And all that is by default.

    Reply
  19. Hi all,
    what about the built-in biometric scanners? Very common in notebooks, at least for the past few years. I’m using a HP 8510 which features an AuthenTec Inc. AES2501A fingerprint sensor, accompanied by the HO software. It has all the advantages of the described products – and as a plus: it doesn’t even need a master password… just swipe your finger. Work also for the Windows logon screen, of course.
    Not very sure about hte encryption level, I guess it’s described on HP’s website.

    Reply
  20. I think all of the applications mentioned in the article and in the comments are fine programs. Correct me if I’m wrong, but I think every last one of them store your data in a database.

    A database, when written in a general manner, just doesn’t do the job.

    Several years ago I was looking for a program like mentioned in this article. I tested several then and even now I’ll give one a whirl. But nothing beats what I use…..

    ……Microsoft Access! That’s right – an application by that M company. Why do I like it so much? I was able to create all the fields and field lengths/definitions that met my specific needs. When a new field is needed – I just add it to the database. I then use what Leo has described – encrypt the file onto a virtual drive.

    If I so desire, that file can be on my desktop, my laptop, a USB drive or any combination of the three that I may be using that day.

    That’s really my biggest knock against these commerical products. While it’s true that there are features they offer that I don’t have – they are features I can gladly live without. The bottom line is that I know my information is stored securely, convenient, and easily personalized.

    Thanks Leo for another great topic to discuss!

    U Rock!!

    Reply
  21. But, Gil, KeePass’s (or just about any other program’s, for that matter) database location can be personalized to taste, too. So, what’s the real problem…?

    Reply
  22. Roboform is also available on-line. You create an online account (usual login/password) and then you can access your passwords etc by supplying your Robofrom password.
    This service is included with Roboform and automatically sychronizes with your browser. This may help others as well as the original caller using a Mac.
    I know this means giving your passwords to the cloud but you have to trust someone – don’t you?!

    Reply
  23. I have used RoboForm for a couple of years. I have it installed on one desktop, one notebook and on a USB drive which I use for my netbook and on other computers.

    RoboForm is simply great and I also use GoodSync PRO (also by SiberSystems) to synchronize my computers and the passwords between them.

    One component of RoboForm that was not mentioned in this article is the “Safe Notes” which is also useful.

    I completely enjoy reading the articles on Ask Leo. Keep up the good work!

    Reply
  24. Roboform is the best! I have the program on both my Desktop and my Laptop for over 2 years and rely on it completely. At age 72, I am very active on both my computers for business, research, shopping, as well as friends/family communication. It’s a good buy, for what it does!

    Reply
  25. RoboForm also has a portable version which can be installed on a USB thumbdrive. I find it very useful for traveling.
    The big thing that separates RoboForm from other password safes is it doesn’t just remember the passwords, it installs as a browser toolbar and takes you directly to the website and logs you in with a single click–opening the site and filling in both user name and password. The portable version does this on any computer you stick the thumbdrive in.
    As a bonus, it also generates secure passwords up to 511 characters long.
    While Firefox 3.6 says it doesn’t work with that version, I’ve had no problems.

    Reply
  26. I have used Roboform Everywhere for some time now. This is the same as the standard Roboform but as it resides on a flash drive it will work on any computer (Windows or Android) into which the flash drive is inserted. It is totally secure as only I (and certain trusted relatives in the case of my death) know the master password which unlocks the encryption.

    Reply
  27. I find Roboform a very difficult program to use. All it really has done for me so far is to slow down my access to the web. I am just about to remove it.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.