Saturday, June 25, 2011

RoboForm Desktop – Keep Your Passwords Safe & Secure

keep passwords safe
Remember The Hitchhiker’s Guide to the Galaxy? Douglas Adams had one tip – always carry a towel. While that’s a great tip for “real life”, if I had to choose just one tip to give all web users, it would be – use a different password for each website. Seriously, I cannot stress this enough. If you use the same password (or two passwords) everywhere, a single security breach on one website could leave you wide open to identity theft across the whole Web. Not a pleasant prospect!

But if you use a different password for every website, how will you ever be able to remember them all? You won’t, of course, and that’s where a password manager comes in. With a password manager, you only need to remember one “master password”, protecting all other unique passwords. KeePass and LastPass users are nodding their heads knowingly at this point, but if you’ve never used a password manager before and the concept seems a bit intimidating, it’s very possible RoboForm is what you’ve been waiting for all along.

First off, you should know RoboForm isn’t free: it currently costs $9.95 for the first year, and $19.95 for every year after that. For that, you get to install RoboForm on unlimited devices, with seamless password sync and backup. RoboForm also offers a free version, but it supports only ten logins (I know people who can keep ten different logins in their head). Fortunately, the full version comes with a 30-day trial, which is plenty of time to make up your mind. RoboForm’s commercial polish shows right from the first step on the installation process:

keep passwords safe

The installer is clear and simple, while not skimping on the details. Since you’re going to be trusting the database with all of your passwords, RoboForm lets you know right from the get-go where it would be stored, and you can change its location if you want to:

keep passwords safe free

Then, right within the setup process, RoboForm has you create your new master password, the one you really must never forget. The dialog is very clear, and includes a password-strength meter. The meter, incidentally, hit the “Excellent” grade when I was less than halfway through typing my complete passphrase. This could either mean RoboForm’s standards for master password strength isn’t high enough, or I’m paranoid. I leave that judgment up to you.

keep passwords safe free

RoboForm integrates tightly with IE, Firefox, Chrome and a host of other browsers. Here’s what the included Chrome add-on looks like:

keep passwords safe free

This is what RoboForm’s main window looks like:

keep passwords secure

If you come from KeePass (like I do), you might be flustered at first by the fact that there’s no “New Record” button. If you want to save a new user/password pair using the RoboForm editor, it’s not instantly clear what you have to do. It turns out the secret is pushing the large RoboForm button:

keep passwords secure

So rather than a simple “New Record“, there are three different terms here — Safenote, Identity and Passcard. A Safenote is basically an encrypted note, completely free-form. That’s parallel to KeePass’s Notes field included with every record, but shinier:

keep passwords secure

An Identity is a complete profile used by RoboForm to automatically fill in forms. It has just about every field you could think of, starting from the obvious Name and Title and ending with obscure fields such as Pager number and NI and NHS numbers:

Image

That’s just for “Person“. There are several other field sets, such as “Bank Account”, “Passport”, “Car” and more.

Last but not least, we’ve got Passcards, which are username/login pairs for websites, the most common used for a password manager. Surprisingly, you cannot create those from within RoboForm Editor. Here’s what I got when I tried:

Image

Okay, so I used Chrome to go to a random website and signed up for a new account. When the time came to select a password, I decided to try RoboForm’s Generate feature:

Image

That’s RoboForm’s Chrome add-on in the foreground, with the site I was trying to create an account with in the background. That Fill button just didn’t work. I clicked it with all my might, repeatedly, yet the Password and Repeat Password fields remained blank. Dragging the generated password did work, but it instantly closed the dialog, so for the Repeat Password I had to open the dialog again and drag it again. Copy/pasting would have been faster.

As soon as I hit the Create Account button, RoboForm’s auto-detection kicked in:

Image

Quite slick! It had the real site name in the box, not “Random Website”. Not the URL either, mind you, but the actual site name, and it was clever enough to extract it even though the page title wasn’t the exact site name. Very nice. So on the one hand, letting you create new passcards only by actually creating new accounts in websites feels a bit restrictive — but on the other hand, it’s a fantastic way to make sure you never forget to store your new password.

The actual passcard record is very simple: It contains just a site title, URL, user ID and password:

Image

And just for comparison, here’s the same dialog in KeePass:

Image

A different level of visual complexity, indeed. And yes, if you’ve been paying attention you now know my fictitious identity at Popling.net, password and all. Go have fun, pretend you’re me.

If you’re already using another password management solution and wish to migrate to RoboForm, it’s very likely possible. Check out the comprehensive Import dialog:

Image

Note that RoboForm also offers to import bookmarks. I had it import my IE bookmarks, and the process was very smooth. I ended up with a bookmark tree looking like this:

keep passwords safe

Are there other bookmark management solutions? Sure, just like there are plenty of other password managers. But what’s interesting about RoboForm is how embracive it feels — it does your logins, forms, in-app forms (not just browser-based forms), contacts and encrypted notes. And it somehow does it all without feeling too complex or clunky.

If you’re used to KeePass, sure, it might feel awkward at first. But if you’ve never used a password manager before, RoboForm has a way of integrating itself into your workflow, and you’ll find yourself using it for all of your passwords and forms in no time. Let us know what you think of it or if you prefer using something completely different.

No comments:

Post a Comment

[Please do not advertise, or post irrelevant links. Thank you for your cooperation.]