Over the years, I’ve made tens of “Cool Tools” presentations (and the like) around the country and the list of tools has varied widely as time went by. While many of the tools make it into my presentations once or twice within a span of a few months, one staple that continues to garner the largest audience interest is an inexpensive password manager and form filler known as RoboForm. It continues to surprise me how many people still aren’t using one of these great productivity boosters. If you’re not taking advantage of a password manager in this internet age, let me tell you that you’re wasting precious time and probably taking unnecessary security risks.
I’ve been a user of RoboForm for several years now. In fact, I first reviewed and raved about RoboForm in an article published a few years ago. RoboForm remains my number one must-have application on every computing platform I own or use regularly and it is the first application I install when I move to a new operating system or get a new device. While there are several password managers out there, both free and paid versions, nothing I’ve tried comes close to the versatility and power of RoboForm. It cannot be ignored that, in this day and age of key loggers and identity theft, having a secure repository of personal information is essential.
I decided to review the current beta 7.0 version of RoboForm since it’s the first real upgrade in recent years. Actually, it’s not a major upgrade; it’s more of a renovation. I’ve been using the latest version for a couple of months now and I like the new features and enhancements.
Background
For those of you that are new to password management programs and form fillers, here’s a little background on their capabilities:
As time goes by, we accumulate more and more user ID’s, passwords, secret questions and phrases, software installation keys, personal identification information, credit card and bank account numbers, website addresses, secret notes, etc. (need I say more?), all of which we need to store and retrieve securely. While a variety of methods have been devised and employed to accomplish this task, most are barely secure and totally inconvenient or incompatible with the wide variety of devices and platforms currently available. RoboForm aims to be your single and most secure repository to store all this information within (yet another) master password protected and encrypted database. Think of RoboForm as your hardened safe to store all this info which can only be opened with the correct combination (i.e., the master password).
In addition, many applications, web sites and other secure network gateways require us to change our passwords periodically and utilize strong replacements with a variety of formats and requirements. Thinking of and remembering these changing passwords can drive one crazy and, as a result, many of us resort to easy-to-hack passwords and storage methods just to keep us sane. RoboForm steps up here with a powerful password generator that meets a variety of criteria required by the site or the application.
Getting Started and Working with RoboForm
Downloading and installing RoboForm version 6.x (a free trial version good for storing up to 10 passwords is available at http://www.roboform.com) is quick and quite easy. Whether you’re using Internet Explorer, Firefox, Google Chrome or one of the many available mobile platforms, RoboForm integrates nicely and stands ready to store your user ID’s, passwords and other personal data each time you access a site. The only thing you need to get started is to specify the master password to be used to lock all of your secret information once RoboForm starts memorizing. Naturally, with a variety of military strength encryption schemes (no fewer than five encryption algorithms are available) to secure your database, you don’t want to forget the master password once you’ve specified it. Even RoboForm technical support will not be able to figure out your password if you forget it. And of course, your master password should be very strong and long because it unlocks your most valuable data: your personal information and passwords. RoboForm stores all of this securely and locally, unless you decide to use RoboForm online (discussed below.)
Visit a web site, enter your user ID and password and, depending on the options you specify, RoboForm will pop up and offer to store them in what’s called a “passcard.” The passcard is capable of storing numerous fields. So, if you need to enter more than just two pieces of information to log in, RoboForm can handle the job. If you are setting up your online access for the first time, RoboForm helps you generate and store a password based on a variety of security criteria, characters, length, etc. Thereafter, whenever you visit that site, RoboForm will offer to fill in the user ID, password and other information assuming that you’ve unlocked the database with the master password. One available setting determines how much time you have before the master password “times out” and is required to be re-entered. This way you don’t have to enter it each time you summon RoboForm to populate your login information or web-based form. Since you don’t have to subsequently type in the secure information, key loggers installed without your knowledge cannot capture your valuable data.
The other powerful capability of RoboForm is an online form filler. When you set up RoboForm, you have the option to set up profiles with your name, address, phone numbers, credit card numbers, banking information, etc. Anytime you encounter an online form for e-commerce or other sites, RoboForm will pop up and offer to populate the relevant information on the form. If you set up multiple profiles (e.g., one for home, one for work, one for your spouse), you can choose amongst them, choose amongst credit cards to use or choose which address to use. This is a huge time saver since RoboForm’s built-in intelligence is programmed to recognize and remember the most common field types used on the web. To the extent that it doesn’t, you can right-click on the form and have RoboForm save the form information for future use. I find this capability quite handy for repetitive surveys over time, forms that require shipping and billing data, and sites that request recurring demographic data.
Have you ever been frustrated after spending a lot of time on a site completing an online form or long text box and then find out that the site timed out or couldn’t save your info? You’ll find that saving the data in RoboForm first before submitting it can save you quite a bit of aggravation. Just bring up the page again and let RoboForm re-populate it.
RoboForm can also securely save and store free-form bits of information known as “safenotes.” I’ve used safenotes to store software installation keys, combinations for safes and locks, Wi-Fi network names and keys, PIN’s, frequent flier numbers, and other confidential personal or financial information.
As mentioned above, RoboForm is available on most computing and mobile platforms including the PC, iPhone, Windows Mobile, Palm, BlackBerry, Android, and Symbian. A version known as RoboForm2go works on a USB thumb drive and enables you to plug in and out of any PC without having to install the program and move your passwords onto someone else’s PC. Another available piece of software, known as GoodSync, keeps your RoboForm information synchronized between different platforms and locations.
RoboForm Online
Over the past year, RoboForm has been beta testing a version of RoboForm online which optionally allows you to synchronize your passcards and safenotes to a secure server. Accessing these very secure items online requires you to register with and to log into the site (free) with a secure password. Actually opening the secure items prompts for your RoboForm master password to be entered, thereby enabling two levels of password security. This service has been a godsend for me on numerous occasions where I was away from my PC and didn’t have my laptop or RoboForm2go USB thumb drive with me when I needed a login ID and password. The site functions much like the desktop version of RoboForm and assists you with automatically logging into sites that you’ve saved in RoboForm.
RoboForm Online gives you the added flexibility of synchronizing your passcards and safenotes over the internet across multiple devices. This is a very powerful and much needed capability, though I can understand many people’s hesitation to surrender and trust their most sensitive passwords and personal information to a third party server. My only comment is that RoboForm has the highest levels of security and encryption implemented and, with two levels of password protection, I feel reasonably secure about putting my data out there. Besides, your online ID’s and passwords are by definition already stored on many servers in the cloud which can be equally hacked by determined thieves, albeit one at a time.
Version 7 Enhancements
One of the most significant enhancements in this version 7.0 beta is the capability to save and fill ID’s and passwords in Windows (WIN32) applications, not just online passwords. In addition, when saving an online form, the details are now displayed for you so you know exactly what is being saved. Furthermore, this occurs in a non-obtrusive tool-bar rather than the old pop-up box, thereby streamlining the web browsing experience. Logging into widely known and popular websites automatically downloads site icons to make the related passcards more visually appealing and easier and faster to recognize.
Another significant enhancement for devices equipped with a fingerprint reader is the capability to enter the master password via a finger swipe. The fingerprint device stores your master password in a secure area on the device. This secure area becomes accessible to RoboForm only after you slide your finger and it is then authenticated against the fingerprint stored on the device.
A release date for version 7 has not yet been announced.
RoboForm Criticisms
RoboForm is not without its shortcomings and share of quirks. For example, more and more sites are switching to an Adobe Flash version of their login screen to raise security. RoboForm cannot currently handle most of these sites. On those sites, you have to perform a manual RoboForm lookup and type in your ID and password yourself.
On some sites, such as American Express, RoboForm inexplicably stops working properly. This requires you to have RoboForm fill out the form (but not submit it) and then you manually click on the submit button. In this case, you can re-memorize the site information in RoboForm and fix the problem for future visits.
As sites become more sophisticated with additional levels and types of authentication (e.g., captchas, pointing and clicking your PIN on an onscreen keyboard à la ING Bank, rotating challenge questions, etc.), this renders RoboForm unable to do anything more than show you your credentials to be manually entered. I’m not sure how or if RoboForm can be enhanced to overcome and automatically populate these additional safeguards, but it sure would be nice if they figured out a way to do so.
Whenever you change the master password, your passcards and safenotes should inherit and respond only to the new password. However, I’ve had a few occasions where a passcard would only open up with the old password. Finally, I’ve had occasions where I’ve had to inexplicably remind RoboForm where my data directory resided. Fortunately no data has ever been lost.
Options & Recommendations
The paid version of RoboForm, known as RoboForm Pro, is about $30 for the first license and less for additional licenses. An enterprise version is available and significant discounts are available for large license purchases. During various holidays throughout the year, a 20% discount can be found on the website. Even without the discount, for this price, you can count on saving yourself tons of frustration and aggravation compared to using manual or spreadsheet password management and form filling. Buying multiple licenses at the same time (whether or not on the same platform) will likely save you money compared with buying them over time.
I also highly recommend the powerful GoodSync software if you plan to sync your data or files across multiple platforms or devices. GoodSync is one of the most powerful file synchronization tools available and is also one of my most frequently used cool tools to keep data in sync.
For those who prefer free versions of password management tools, of course the Internet Explorer and Firefox password stores are available, though they are significantly less capable than RoboForm. The popular open-source password manager applications KeePass and LastPass are also free but, in my opinion, not as convenient as RoboForm. If you’d like additional information about password managers including the five most popular ones, visit http://lifehacker.com/5042616/five-best-password-managers.
I welcome your feedback and questions about RoboForm or other password managers. Please feel free to write me at shf@ydfs.com.
Sam H. Fawaz, CFP®, CPA works with Y.D. Financial Services in Canton Michigan and Franklin Tennessee and has been helping clients with financial planning and financial planners with technology solutions for over 20 years. He has been writing about tax, financial planning and technology solutions for over fourteen years. He can be reached via e-mail at shf@ydfs.com or at (734) 447-5305 with any questions. You can follow Sam on Twitter at http://twitter.com/themoneygeek or at his blog at http://themoneygeek.com. His company website is at Y.D. Financial Services, Inc.
TheMoneyGeek Unplugged 