By: Siber Systems, Inc.
We all know what password managers are meant for, and why are they becoming one of the must-haves in everyone’s software arsenal.
RoboForm is a password manager which is one of the flagship products of a Virginia (USA) based company called Siber Systems. GoodSync is another one of their successful products if you want to securely backup & restore your data.
Majority of the people have multiple accounts all over the internet for various services. Ideally, we need to secure all these passwords with strong passwords to keep them safe.
But it is difficult to remember a strong password and even more difficult to remember a lot of strong passwords. Writing down all your password on a device or a piece of paper sounds like a bad idea already.
Some of the browsers such as Chrome give the option to save the passwords with the service, but haven’t we already provided a lot of our data to Google?
Password managers are our best options and RoboForm is one of the elites of this class.
Just like any other password manager, RoboForm saves and manages passwords, but it also does a lot more than that. The manager promises to do it in a much safer and functional way as well.
The manager is available both for businesses and individuals. In this review, our prime focus will be on the password manager intended for personal use.
Since the password managers incorporate a lot more features then they used to in the beginning, this review will also involve a lot more analysis to make sure that we are able to inform you about each of them.
We will study the security architecture of the manager and tell you how we feel about the state of security on the manager. A direct comparison with the security mechanisms of other password managers becomes apparent.
Talking of comparisons, we will be comparing all the features of the manager with the similar features available in other password managers.
Yes, most of them have similar features, but some do it better than others.
In this review, we will not only asses the password manager, but also help with the process of choosing the password manager most suited to your needs.
RoboForm is one of the bigger names in the password manager world, but we will have to see if bigger is better in this case.
It is very convenient to use RoboForm, and that is because you don’t get tied down to a specific platform or client form while using the service.
RoboForm avails its services to the user via a web-based application, a desktop client, browser extensions, and mobile applications. They have got it all covered when it comes to the user’s preference.
The desktop clients are available for both the Windows and the MacOS devices. If you use one of the Linux devices, then you can use the service with the help of browser extensions and the web app.
The installation process for both the operating systems is straightforward, and the manager installs the browser extensions at the same time so that the user does not need to go looking for it later.
The password manager provides browser extensions for all the major web browsers which are Chrome, Firefox, Safari, Opera, and Edge.
Even though RoboForm gets them for you while installing the desktop application, you can also get them by yourself from the browser extensions of the respective browsers.
They have also got mobile applications for the manager on Google Play and App Store. This gives you the ability to use the password manager on the go.
However, the service can also be used without a client whatsoever. All you need to do for that is login into your web account. You will find all your passwords and the other stored information in the web application.
The web application allows you to add or remove data from your account along with the option for a few other actions.
It is not only because of the availability of so many ways to access your account that makes RoboForm a user-friendly service. It is also because of the way the user interface has been designed on all these avenues.
The client is so intuitive that it hardly requires the need to go through any tutorial to start using the manager. The fluid design of the applications and the extensions make it a walk in the park to use the service.
The data across all these clients and applications get synchronized conveniently and makes it easier for the user to switch between the portals without worrying about data unavailability.
Even if you do not have internet access, the manager works just fine and remembers the passwords of all your computer applications and saves the new ones.
You must already be aware of the fact that password managers store more than just the passwords these days.
There is a lot more than just the passwords which can be put in the category of sensitive and confidential data. Such information includes credit card details, bank account details, Wi-Fi passwords, social security number, etc.
Password Managers allow the user to store all such information so that he/she can be sure about its security. The managers also give the user the flexibility to access this information whenever needed.
RoboForm also exhibits such features and allows the user to store various sorts of information on the client. Let us have a look at the different storage categories available in RoboForm and how you can use them to your advantage.
RoboForm is a password manager, and it is evident that the login credentials get the top priority when it comes to accessing the stored information.
This section will store information about all the URLs, user ids, and passwords that you have stored in the manager for your accounts on various websites.
There are multiple ways to add a login into this section. The easiest way is to let the manager do it for you.
When you login into a website or create a new account, the manager will generate a pop-up which will ask you if you would like to save the password in the manager or not.
You can choose the ‘Save’ option so that now it becomes the task of the manager to save this information for you. The pop-up will appear only if the credentials are not already stored in the manager.
Once you have saved the details, you can login into your account with just one click the next time you visit the website.
The other way to add the logins is when you import them from another password manager or use a .csv file to save some passwords. This process is also simple, and the guide present on the support page of the manager helps you along the way.
However, the manager does not allow you to add a login by just manually typing in the details. You need to go on the website to save the details if you are not importing them.
It is disappointing to find out that RoboForm is missing such a primary feature. This is the only section which is missing the manual addition feature.
RoboForm allows you to sort the logins into various folders so that it is easy for you to navigate through the entries to find the one you want.
A general user may have hundreds of logins saved in the manager, and the folders come in handy when the user needs to deal with such large volumes of data.
This is not a frequent sight in the storage section of password managers. RoboForm allows you to save bookmarks on the manager so that you can save your favorite web pages and refer to them whenever you want.
At first, we thought that there was no point of providing an option to save bookmarks on a password manager. Most of the web browsers already do that, and there is no need for one more avenue to store bookmarks.
But on second thought, we realized that sometimes even the bookmarks come under the category of sensitive information and storing them in the password manager makes it easier to refer to the website whenever needed.
The usability of this section is bound to vary from user to user, but it won’t hurt to have an option to store bookmarks securely.
It is again effortless to add items in this category with the most straightforward way being to add one with the help of browser extension.
The support page also contains detailed guides on how to save and use bookmarks on RoboForm.
This section of the manager stores all the application passwords. These are for the user to locally use various applications already installed on his/her device.
Some of the examples of such an application can be Skype, Dropbox, etc. Even the games locally stored on the device can be protected using this section. The password for password protected folders and pdf files can also be stored in this section.
The process of adding items in this category is similar to the one used in the previous sections. When you open the sign-in form for any application, the manager automatically detects the entries.
Then it shows a pop-up which asks for the user’s permission to save the details in the manager. Then it is up to you if you want to save the password or not.
There is again no option to add the passwords and other details in this section manually. You can edit the already existing particulars, but the manager does not allow you to save a new item manually.
However, this section can also be made easily navigable with the use of folder options in RoboForm.
Most of the password managers have a section where you can store profiles and identities. The entries in these sections can store a lot of details about the user and make it easy to fill in web forms and digital forms in general.
This section of RoboForm is similar to such sections but what makes it different from the others is that it eliminated a lot of the subsequent sections which generally follow the ‘identity’ section.
Most of the password manager vaults have separate sections for financial documents such as credit card and bank account details. They also provide separate sections for important documents such as passports and driver licenses.
But RoboForm did away with the need of all such sections, and now the user must save all those important details and documents along with the identity.
There is always an option to store them separately in the notes section. We will be discussing that section in the later parts as well.
However, it is clear that RoboForm prefers that you store other details and documents in the ‘Identities’ sections of the manager.
This section of the manager can be used to save almost all the relevant details of a person. It starts with the general entries such as name and date of birth.
For contact information, it takes the office address, the home address, and all the phone numbers. You can also save financial information such as credit card number and the bank account details.
It is this section which acts as the digital wallet of the user.
Once you have saved the necessary card details in your profile, the manager will help you carry out online transactions, and that too at a much higher pace.
When the form to fill the card details appears, all you need to do is choose the card from which you want to make the payment. The manager will automatically load all the necessary information, and you can be done with making the payment in just a few seconds.
This section will also help with auto form fill feature of the manager if you have already saved in the required details.
Whenever a form appears in which you need to fill in some of the personal details, you can choose the profile from the manager, and all the details will be automatically filled for you.
You can save more than one profiles in this section so that you can have all the relevant details about your near and dear ones. You can always leave those sections unfilled about which you have no information.
For cases in which you have multiple items for the same sections, say you have two credit cards, you can add multiple items in that same section by adding one more item from the menu.
This way you will have all your cards and documents at one specified place.
We must say that RoboForm made it very easy to go through the items by removing all the unnecessary sections from the manager.
Most of the password manager provide so many sections in their respective vaults that sometimes the sections are more than the actual items in the whole vault.
However, one feature that we missed in RoboForm is that it does not gives any reminder for the expiring documents saved in the manager.
Most of the popular password managers have this feature, and we feel that RoboForm should also include it in its arsenal as the feature can be very useful at times.
This section is quite like the previous one except that it does not ask for very personal details such as the card numbers and financial documents.
The name of the section explains its function. You can have all your contacts at your disposal all the time if you remember your Master Password.
You can again have more than one entry for the same details such as adding two phone numbers for one of your contacts.
The folders also make the section a lot more manageable. You can put the contact information of your colleagues and the contact information of your relatives in different folders to prevent any confusion.
Anything outside the domain of items discussed in the above sections can be saved in this section.
Safenotes allows you to store anything into the manager no matter how silly or how important is the item.
Any data that you enter into this section will be encrypted and then stored in the RoboForm servers just like it is done for the rest of the sections.
Most of the people may complain that RoboForm lacks dedicated sections for a lot of the important option such as the Wi-Fi passwords, registeration numbers for services, etc.
But all of that information can be easily stored in the Safenotes sections under dedicated folder names. If anything, RoboForm has only made it simple to access the data saved on the manager.
Most of the password managers have so many sections that the list does not even fit the client window, and then they need to hide the sections away from the dashboard.
With RoboForm, all the data can be accessed from the dashboard of the client, and there is no need for any hidden documents.
All the password managers have dedicated sections on their dashboards which inform the user about the state of security for all the accounts.
The section also points out any repeated passwords or other such anomalies in the user’s profile.
RoboForm also contains one such section, and it is called the Security Centre. Security center analyzes the accounts and passwords and tells the user about any possible improvements.
Let us analyze this section in detail, and see how RoboForm helps to make the user accounts more secure.
The first thing that you notice on visiting the Security Center is that there is nothing much in the window.
Compared to some of the mainstream password managers, RoboForm offers significantly fewer options and features in the security section.
But this seems to be the design principle of RoboForm. We already noticed how the password manager prefers a minimalistic design and tries to incorporate everything into one section instead of serving the user with way too many options.
The case seems to be the same for this section as well. The window looks neat with lesser options. However, security is more about effectiveness rather than convenience. So, it will be interesting to see if RoboForm has been able to remain effective in this section.
The manager displays your security score on top of the Security Center window. The score is indicative of the overall security of all the accounts in your profile. Higher the score, stronger is the security.
The manager displays a small message for the user which summarizes the security status of the accounts, right next to where the security code is displayed
The security score is decided on the basis of the average of the strength of individual passwords in your account.
There are three columns below the security score, which break the overall strength individually for each password.
The first column is ‘All.’ As the name suggests, it displays all the logins saved by the user inside the password manager.
The window also displays the strengths of passwords for each of them individually along the age of the passwords.
RoboForm mentioned that they use the zxcvbn algorithm to determine the strength of individual passwords. It is the same algorithm used by most of the websites when they tell users if they have entered a strong or weak password while creating the account.
Next comes the ‘Reused’ column. And no points for guessing again, it displays all the logins which use the same password and prompts the user to rectify his/her mistakes.
It is never a wise idea to use the same password for multiple accounts as one breach may take down numerous accounts of the user. The ‘Reused’ column ensures that the user has different passwords for different accounts.
To change such passwords, the user needs to login into the specific account and then change the password. The process to change the password can be different for different services.
There is no option available to change the password directly from the password manager, and the user needs to go the long way.
However, the user can always take the help of RoboForm's password generator to create strong and unique passwords which will help improve the security score for sure.
The last column is ‘Complete Duplicates.’ It identifies all the logins with the same username and password for the same website. It points out all the logins that have been saved more than once by the user and helps declutter the manager.
But this is all that RoboForm has got to offer when it comes to strengthening the security of the user’s accounts. There was so much more that the manager could have done to ensure the safety of the user’s accounts.
They never seemed to consider the fact that even the services can get compromised. There would be no point of having a strong password if any such thing happened.
RoboForm does not inform its users of any such issues. It is also important because the rest of the major password managers are providing such services to users in one way or another.
We feel that there is a need for RoboForm to enhance the Security Centre a lot more. At the moment, it considers only the passwords to evaluate the security of the user’s accounts.
However, a strong password is just one of the many aspects which come into play when the overall security of an account is considered.
RoboForm should make efforts to include as many of these aspects as they can else it will be tough for them to compete with other password managers when it comes to strengthening the profiles.
It is vital that we keep our data safe and secure not just while it is with us, but also when we share it with others.
The conventional means of sharing information with our colleagues and acquaintances have been emailing and other instant messaging services.
These services do serve their purpose which is to transfer information from one person to another. But these services fail to protect your data from advanced breaching attempts.
When you use email or any other such service to share information, the service leaves a few prints of the information.
For example, all the email services will save the information you sent in the ‘sent’ folder of the application. A lot of the instant messaging services also save the shared media on the device in a separate folder.
It is not easy and not always possible to keep track of all such prints and get rid of them to avoid any unwanted leakage of data.
RoboForm provides you a safer alternative of the conventional information sharing services. You can share all the sensitive passwords and documents on RoboForm without having to worry about the security of the data.
RoboForm allows the user to share as well as send items to other people using the manager. We will discuss both these features separately but first, let us have a look at what all is common in the two.
Whether you send a file or share a file using RoboForm, the manager ensures that none of the content gets into the wrong hands. They undertake specific measures to ensure that the content remains safe.
All the data is first encrypted and then shared or sent by RoboForm. This involves the use of Public-Private key encryption. This method consists of the use of two keys, one publicly generated and the other one privately generated.
The encryption prevents anyone from interpreting the data.
Both sharing and sending also require the recipient to be a RoboForm user. If the recipient is not a RoboForm user, he/she will get a mail form RoboForm which will help in setting up a RoboForm account.
A person gets such a mail only when some other user adds him/her as one of the recipients of the content.
Let us now also have a look at the differences between the sharing and the sending features of RoboForm.
Items saved in the password manager can be shared very easily. The support page of RoboForm contains a step by step guide of how to share items and folders using the password manager.
The user gets the ability to revoke the access of a shared file whenever he/she wants. The user also gets to know if the recipient has accepted the sharing request initiated by the user or not.
There are various permission levels which the user can assign to the recipient.
It starts with ‘Limited’ permission. Under this permission level, the recipient will not be able to edit or share the items. The logins can be used, but the passwords will not be visible to the recipient on the clipboard.
However, there are ways to extract such passwords, and the user should not rely too much on the manager in this case.
The next permission level is ‘Regular.’ In this permission level, the receiver can view as well as edit the items shared with him. The changes made by the receiver will be visible to all the other recipients and the sender as well.
The topmost level in the permissions is the ‘Owner.’ It gives the receiver almost the same authority over the content as much as the sender has.
A recipient with ‘Owner’ permission level can edit the items, change the permission level of others, and add or remove recipients including the sender.
If we talk about the sending feature on the manager, it works just like any other messaging or email service.
Once the user sends any content to another user, the subsequent changes in the item will not be visible to the receiver. And once the item is sent, the user cannot revoke the access of the recipient.
It is more like a one-way process.
Both the features on the password manager are extremely useful and provide a better alternative to other methods.
Uncertainty is the essence of life. You can never predict what may happen next or in the future with complete surety.
Therefore, it is necessary that one must be prepared for all kinds of unwanted events. The preparations will not only eliminate some of the undesired repercussions of the future but will also impart confidence to act more freely.
RoboForm allows you to add emergency contacts in your account. This feature can be helpful in a lot of the circumstances which may demand another person to access the account of the user.
It may be because you lost the Master Password, met with an accident, or simply because you don’t have internet access at a particular time. The Emergency Access will be helpful in all such scenarios.
When you add a person as one of your emergency contacts, he/she will be notified about the request. If the other person does not have a RoboForm account, the manager will send the person an email which will help in creating a RoboForm account.
Once the emergency contact generates a request to access your account, you will be notified about the same from RoboForm.
You can set a timeout period when you add someone as your emergency contact. The timeout period is the time after which the contents of the account will be visible to the emergency contact once he/she requests the access.
During the timeout period, you can choose to either decline the request from the emergency contact or grant him/her instant access to the contents of your account.
If you choose not to take any action or fail to take action during the timeout period, the contents will automatically be visible to the emergency contact at the end of the timeout period.
The timeout period ranges from 0 to 30 days. There is always an option to revoke the access at any time or remove the contact from the emergency contact list at any time.
Once the access is granted, the items are available in a view only mode. The emergency contact will not be able to make any changes in the user’s account.
We feel that the manager could have created various permission levels for the emergency contacts in the same ways it did for the shared contacts. It would have made the feature even more functional and made the user a lot less comfortable when adding various emergency contacts.
However, the emergency contact can download the visible items in his/her RoboForm account.
A complete guide on how to set up emergency access is available on the support page of the manager.
A password manager’s job is not just to store and remember the passwords for the user, but also to keep them safe so that no one else except the user can access them.
This review will be incomplete if we don’t get into the details of the security mechanism used by RoboForm.
Let us first discuss the Master Password which is used to access user accounts in RoboForm. Master Password is the user’s key to get into his/her account.
Without the Master Password, neither the user nor the service provider can see the content stored by the user inside the manager.
The Master Password is used to generate the key which is then used to decrypt the content stored by the user. Since the manager also has no information about the Master Password, therefore, no one from RoboForm can see what the user has stored even if they have access to the servers.
When the user saves data inside the manager, it is first encrypted locally within the device and only then transmitted to the RoboForm servers through the internet.
The transmission is always through the safer HTTPS protocol to ensure that no one can get to the data in its encrypted form.
The service uses AES 256-bit encryption to secure the content inside the manager. AES 256-bit is the strongest encryption available, and it is impossible to get through it without the decryption key.
It is military grade encryption and used for various kinds of confidential activities in which security and privacy are the topmost privacy.
They do not stop at just the strongest encryption available, they make it tougher to breach the security by further using PBDKF2.
PBDKF2 salts the password hash and makes it a lot more difficult for the attacker to breach through the security establishments.
It is just not possible to decrypt the user’s data without the key after such robust encryption methods have been used.
All the encryptions and decryptions are done locally at the device level to make sure that the user’s content never reaches the internet in its raw form.
When we talk of local encryptions and decryptions, it includes both the data as well the Master Password which are transformed.
Even if the RoboForm servers get compromised somehow, the data will be of no use to the hackers as it will all be encrypted and impossible to decipher without the decryption key.
RoboForm also mentioned that they use very secure US-based facilities for their servers. They have also said that the hosting service guarantees a 99.99% uptime for the servers.
Along with the Master Password, RoboForm also gives the user an option to enable Two-Factor authentication to strengthen the security even more on the manager.
Two-Factor authentication improves the security of an account by a significant margin. It brings a dynamic factor along with it which is generally missing in the conventional password login setups.
Once you have enabled Two-Factor authentication on the service, each time you login into the manager, it will also ask you for an OTP (One Time Password).
OTPs have a time constraint, that is, they expire after a certain period of time, and therefore, the password keeps changing.
You can take help of a lot of the services which are used for Two-Factor authentications, some of the popular ones being the Google Authenticator, Authy, and Microsoft Authenticator.
There is a detailed guide available on the support page of RoboForm on how to use Two-Factor authentication along with the password manager.
The security architecture of RoboForm takes all the possible measures to safekeep the user’s privacy and the data saved on the manager.
We don’t think that any user should find it difficult to entrust RoboForm with the responsibility of keeping his/her passwords safe. The measures employed by RoboForm are more than capable of doing the assigned job.
We assume that you understand the importance of a strong password as you are so deep in a password manager review.
It is almost a norm that a password manager also provides a password generator which helps users keep their accounts safe.
Even though the purpose of all the password generators is the same, they all vary in the kind of options they provide the user while generating passwords.
RoboForm also comes with an impressive password generator which may prove to be handy in a lot of situations, especially when you are replacing the old and weak passwords with strong and new ones.
The generator can be accessed from both the browser extensions as well as the client icon on the taskbar.
When you open the password generator window for the first time, a password with all the default settings for a password is already available on the clipboard.
You can straightaway click on the ‘Copy’ button on the window and paste the password in the required column.
If you are using the generator from the browser extension, then there is a ‘Fill’ button as well which helps you directly fill the password column on the web page.
There are plenty of toggle options on the password generator window which you can use to the get a strong password with desired attributes.
The options allow you to decide the number of characters in the passwords. Fewer characters don’t make for a strong password in general. The user should try to have a somewhat longer password as it makes for a strong one.
There are switches to exclude similar characters, use of hexadecimal characters (0-9, A-F), include lowercase characters, include uppercase characters, etc.
At the bottom of the window, you can see the bit-strength of the password changing as you change the settings. This gives you a clear idea if you are going in the right direction with the settings or not.
Apart from the bit strength, the manager uses a simple way as well to tell the user about the strength of the password. The generated password is deemed strong or weak in the area right next to it.
Make sure that you use only the strong passwords to replace your old ones.
The password generator of RoboForm turned out to be a lot more functional and fun to use when compared with the password generators of the other mainstream password managers.
It feels good to have the things that we want, and even better if those things are the way we want them to be.
At this moment, we are unsure if RoboForm is the thing that you want, but we are sure that with these many customization settings available in the manager, you can make it the way you want it.
When you choose the ‘Options’ option on RoboForm, it takes you to a new window. This window will serve you with all the large and small setting options which will help you use the manager more efficiently.
The first tab in this window is ‘General.’ The user can change the language, decide if the logins from the extension should open in the same tab or the next one, change the form filling options, etc.
The next two tabs are ‘Browsers’ and ‘Toolbar.’ The first one helps the user to manage all the browser extensions while the second one helps the user make some modifications in the toolbar.
Then comes the ‘Account & Data’ tab. It may be of great use when you start using the password manager. In this tab you can import and export data. You can import data from the other password managers or by using .csv files.
Importing data saves the user from the long and tiring process of manually entering all the credentials into the manager.
This window also has the options to manage synchronization of data saved in the manager, and backup or restore data on the client.
You can change the Master Password in the ‘Security’ tab. This tab also has the option of turning on the biometric verification for the Windows devices.
The next tab is ‘Autofill,’ and the name must be enough to suggest the options available inside this window. This tab not only allows you to turn on/off the Autofill but also lets you make smaller decisions related to the Autofill feature.
The next three tabs are ‘Autosave,’ ‘Context Menu,’ and ‘Search.’ The first one allows you to manage the settings for the Autosave feature on the manager. The second one is to add or remove certain commands from the toolbar of Internet Explorer.
The ‘Search’ tab showcases the various options available for the search list actions. It is followed by the ‘Keyboard’ tab. This tab displays the various shortcut keys available to operate the manager. It allows you to make changes in the keys and set them according to your convenience.
The ‘Domains’ tab allows you to add all the equivalent domains so that the manager can recognize them.
You can add all those applications which you don’t want to use in conjunction with the password manager in the ‘Applications’ tab.
RoboForm has not left much for the user to aspire for in the customization section which is great. The manager made sure that the user has as many options at his/her disposal as possible.
Let us start from the beginning then. RoboForm is easily accessible from most of the devices and browsers. The exclusive desktop client only adds to the options which the user already had.
Then the storage section offered something new in the form of Bookmarks. The reduced sections in the vault, however, may be a topic of debate.
Some people may prefer the simple and neat storage while some may be left yearning for more dedicated sections. It came to personal preference in this section.
The Security Center may seem capable enough, but it turns out that the manager has one of the most basic security monitoring features.
There is a need for a lot many advanced features in the client. Monitoring the strengths of the passwords won’t suffice. The manager needs to look beyond the scope of passwords.
The security mechanism involves the use of best available practices, and we find it easy to say that RoboForm is one of the safest password managers.
The password generator, as well as the customization options, did not disappoint us at all. We found it easy to navigate through the manager, and the features such as Autofill and Autosave also worked perfectly fine.
So, should you buy this password manager or not?
We did all the analysis for you, but now it is your turn to weigh the pros against the cons and then decide if you should go with this product or not.
In our opinion, the password manager has got most of the bases covered, and it is most likely to get better only.