Helping people with computers... one answer at a time.

With lots of accounts on the web, good security says their passwords should all be unique. Your computer can remember them for you with RoboForm.

I think that I have about 80 - 100 passwords that I use on a regular or somewhat regular basis. I always remember my network and computer logon passwords, but beyond that I often have to check my a) Outlook notes on my PC at work, or b) when at home on my Mac, my little black notebook stuffed in the bottom of drawer.

Is storing my passwords on Outlook notes safe for my bank and tax filing accounts? Are online password managers or 'safes' secure? Do you have any suggestions for how best to manage the proliferation of passwords for online accounts?

I don't really have a good cross-platform solution for you, though I do have a couple of odd ideas.

However, I have developed a very strong recommendation over the past couple of months for a product called RoboForm - which happily includes a free version!

Let me touch on your first two questions first...

Keeping your passwords in Outlook notes scares me somewhat. Yes, your PST can be encrypted (make sure that it is if you continue to do this), and theoretically it should only be accessible when you're logged in. Hence, it's "safe" behind your login password. But ultimately Outlook wasn't designed for this, and I'd be concerned that if the PST ever fell into the wrong hands, it wouldn't be that hard to open it up and have access to whatever you have inside. So, theoretically it's an "ok" solution, but not particularly secure.

Online password vaults make me nervous as well. There are two issues: trust and connectivity. I'll admit, I'm a control freak, and the thought of handing over my passwords to some online service over which I have little to no control scares me. I'm sure that there are trustworthy ones out there, but I'm also sure there are some that are less than reputable. I don't want to be the one to find out the hard way. Online vaults also assume you can connect to the Internet and that you can connect to them. If the service goes down for some random reason, would you be blocked out of everything? If the answer is yes ... well, that's a deal breaker for me right there.

What I have been doing so far is keeping all this information (and more) in an Excel spreadsheet. (You could, of course, use a plain text file and Notepad, or whatever else you might like.) That, in and of itself, is incredibly insecure and dangerous. That is, until I place that spreadsheet - and a number of other sensitive files - onto a virtual drive using TrueCrypt. When the virtual drive is not loaded, the contents are securely encrypted and inaccessible to others. When it is loaded, the contents are simple visible as unencrypted files.

"It's easy to think of RoboForm as simply 'yet another password database' - but it's much more."

Now, I worked that way for accounts and passwords for perhaps a couple of years. It's secure and relatively convenient, except for the part about having to fire up Excel and copy/paste account names and passwords into the web pages that required them.

Then a colleague suggested RoboForm.

It's easy to think of RoboForm as simply "yet another password database", but it's much more. That thinking actually kept me from trying it long ago - I had a password database solution as I just outlined.

What makes RoboForm so much more than that includes:

  • RoboForm will capture passwords as you visit sites. That means creating the password database is not an extra maintenance step but rather a somewhat innocuous side effect of simply using the web. As you enter a username/password on a site, RoboForm doesn't already know about, it simply prompts you to save it:

    RoboForm asking to save new login information

    (A side effect to this side effect, by the way, is that RoboForm can be used to recover passwords you've forgotten but that your browser's auto-fill feature continues to enter for you.)

  • Once RoboForm has the password for a particular site, you can use the RoboForm tool bar to go directly to that site, enter the login information and submit it, all with only two mouse clicks. On the toolbar is a dropdown menu:

    Roboform dropdown menu

    Click on the site RoboForm knows about, and it automatically takes you there and logs you in with your credentials.

  • The RoboForm database is, of course, encrypted by default. RoboForm also handles the appearance and disappearance of the database gracefully. That means if you have RoboForm configured to look for its database on, say, a USB thumbdrive, simply inserting the thumbdrive will activate all of RoboForm's features; remove the drive, and RoboForm quietly notices.

  • While RoboForm is not truly cross-platform, it does include a viewer that can be installed on your Pocket PC or your Palm device. Your RoboForm database is automatically synchronized when you synchronize your device, and you can securely view your passwords on your hand-held device.

  • Since with RoboForm you actually don't need to remember passwords, you can actually switch to using significantly better and harder (even impossible) to remember passwords. And, naturally, RoboForm includes a random password generator for just this purpose.

  • RoboForm works with IE, including IE 7, and Firefox, including FireFox 2.

There's more, so I'll simply encourage you to check out RoboForm. The free version, naturally, has some limitations, specifically in the number of "passcards" that you can keep. But the Pro version does not and, in my mind, is worth every penny.

One addendum on how I use RoboForm today.

You'll note that I said RoboForm's database is encrypted by default. That means the first time you use RoboForm after logging into Windows, you'll need to supply the password to unlock the database. I actually skip that step and keep my RoboForm database unencrypted - because I still keep it on my encrypted TrueCrypt drive. RoboForm doesn't do everything - it's a solution for websites that require login, and it does that very, very well. However, I naturally continue to have other sensitive information that I keep on that encrypted drive - and even in my Excel spreadsheet. But since that drive is encrypted, and since I have to specify a password to mount it, there's no reason for me to place an additional layer of encryption with RoboForm, so I simply skip that.

And as I pointed out above, RoboForm gracefully notices when drives appear and disappear - meaning that as I mount, or unmount, my encrypted TrueCrypt drive, RoboForm "just works".

The one bugaboo that I haven't addressed is the cross-platform issue. As I said, I don't have a graceful solution for that just yet. RoboForm is Windows only, aside from the PDA readers I mentioned above. TrueCrypt is promising a Mac OSX version in the future and already has a Linux implementation, but even when that does arrive, it doesn't give you the features that RoboForm does.

I'm certain that there are good Mac solutions out there (I hear good things about 1passwd), but I'm not aware of one that interoperates with Windows.

So you're left with two solutions, IMO:

  • Use the RoboForm PDA solution to keep your password list with you and use that to manually read and type in your passwords on your Mac.

  • Use a Mac-based solution in addition to RoboForm on Windows. Yes, that means keeping two databases - one on the Mac, and one Windows. But building that database is really just a one-time thing on each platform. (And 1passwd indicates it can import from RoboForm, so perhaps there's a migration or synchronization path there.)

Article C2827 - November 2, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

39 Comments
Pete Ross
November 3, 2006 6:44 PM

I have been using Access Manager for over a year and would like to suggest it as an alternate to Robo-Form. Please check it out at http://www.accessmanager.co.uk/

Clif Notes
November 3, 2006 9:00 PM

Hi Leo, how about a completely free and unlimited version of AI Roboform? The following review will provide you with a link to an older freeware version that is not crippled after 30 days. Just remember never to update it if it offers to do so.

http://freewarewiki.com/AiRoboform

Have fun!

Kurbin
November 6, 2006 11:02 PM

I have been using IntelliLogin to manage my online passwords over a year. It's can login into my website by single one click. I'd like to recommend you to try it. Please see it at http://www.jjsoft-studio.com

Eli Coten
November 11, 2006 4:19 PM

I use KeePass Password Safe. It is open source and cross platform (Windows, Linux, Mac). It fits my needs and does the job its supposed to do. It's not quite as conventient as RoboForm, but its completely open-source/freeware and is cross platform.

alice
December 20, 2006 8:17 PM

Is Roboform Available for firefox with Linux Platform??
If any please post it here.
thanks in advance

Steve Stephenson
January 17, 2007 8:47 AM

Roboform does NOT do Linux and has NO PLANS to support LInux! If you want to run it on Vista, you have to have the 32 bit, as they haven't developed a 64 bit yet.

I'm looking for a Linux password keeper similar to Roboform also! As I am tired of all the crap Windows does!

samuel davis
January 10, 2008 2:15 AM

I have several email names and passwords. How do i put each one into my roboform?

samuel davis
January 10, 2008 2:24 AM

how do i enter reqired information into roboform

Niko
January 14, 2008 1:47 AM

If your have many passwords to remember and have a lot of sites to login, this free tool can help you. http://www.cutepasswordmanager.com

Ziggie
June 17, 2008 6:51 PM

I've used Roboform for several years now and it is one of the two reasons I have not moved over to Linux entirely (Mozy backup is the other). I know there are other password programs out there, but that doesn't make me like them any better. :)

However, just because Roboform doesn't currently support Linux is no reason not to pepper them with questions about it! If they notice a strong enough demand for it, they may finally cave and develop one.

There are rumours that someone got Roboform to work on Linux with Wine, but I've never gotten that to work correctly.

peter
June 20, 2008 11:24 PM

thank you leo for your discuss about RoboForm , but because this program is not totally free , i'm not use it , but ofcourse i saw it's wonderful advantage , and it's the first time to heard about "cute password manager" or "acess manager" but i will try it soon surely . thank you again leo .
http://www.fosdir.com

Jon
August 16, 2008 6:03 PM

the way you enter passwords into roboform is to visit the site and log in. roboform will capture the url and sign-on data (user id, password etc). it's that simple.

John Ross
September 16, 2008 8:19 AM

I have been using the free version of Access Manager by Citi-Software Ltd. It's very easy to use with the drag and drop feature which loads the password as you drop the user name. You can create your own password or the program will generate a unique one for you, using numbers, alpha characters (lower and upper case), and symbols in any combination. And the program provides the option of generating a printout of the password database if you choose to do so.

Daniel Cote
September 16, 2008 9:09 AM

Roboform is safe and dead simple to use. I initially tried the free version and quickly learned what a powerful program it is. Been using it for years now and couldn't imagine going without it today. Nothing else I tried/used was near as convenient.

David
September 19, 2008 12:06 PM

I'm another one that's been using Roboform for years now and can't imagine using anything else. It's ease of use and reliability makes it number one for me.

Paul Higgins
September 20, 2008 11:58 AM

in reply to samuel davis iI have used Roboform on linux- Ubuntu, if I remember correctly. I can't say it works on all versions- and I did have it on Firefox, not the built-in browser.
Secondly, I've tried pretty much them all. I paid for the full version of Roboform and can recommend it. In fact, if you do any online banking, shopping etcetera, it is a must. It's only failing, which is its main security feature is that lost information due to crashes, forgotten main password is unrecoverable. But passwords can be reset. Lost money/identities cannot! (Well, not easily, anyway).

Jeff
September 21, 2008 11:14 PM

I am 31 years old, Roboform is Too complicated for me. I use Cute Password Manager. It's easier than Roboform.

André
November 1, 2008 12:09 PM

try lastpass.com ! plugins for Linux and windows, it does the job great ! - imports from Roboform, FREE, and BETTER, no arrogance towards Linux.

I switched completely.

Nancy Mella
July 30, 2009 12:36 PM

but how can you see the passwords again once they have been turned into ...... things? Ireally need to do this to get out of some sites and deactivate them but can't "see" the password.

In Roboform if you right click on the passcard in the drop down menu one of the options is "Edit" - that will show you the password.
Leo
30-Jul-2009

Anonymous
July 30, 2009 12:53 PM

I figured it out - no thanks to the "help" or FAQ at Roboform. What you do is Click on your Roboform icon thing, drop down to Identities, Print List, Put in your Master Pasword, Choose Passcards from menu bar, font, columns and then Preview. Voila! Keep in a Vault!!

rajesh
October 8, 2009 2:59 AM

i dont want others to see my password ...

can u any one tel me how to protect in edit panner any one an able to see

thanks in adavance

Rajesh.boddu

Duane Lambe
January 12, 2010 8:26 AM

Here's a second (or more? I'm not clicking "see all 21") for LastPass. I'm now using the extension-laden Chrome, with LastPass + Xmarks - both available for Firefox, so completely x-platform, if you so choose - and they're invaluable for completely syncing all my loot.

Robert Clark
January 12, 2010 8:36 AM

I have been using RoboForm for years, but had always been concerned with the safety of preventing access to my log on information. That is until, I began using Cryptainer (a free encrypted virtual drive program). I have since, changed to using Safehouse for the same purpose. Using either one, I simply move the Roboform data folder into the encypted drive and direct RoboForm to get its data from there. With either encypted virtual drive program, the drive and the data it contains is not visible until I sign into the drive and install it. When I log off the drive or shut down my computer, the drive is no longer there and RoboForm has no data to work with.

This is exactly what I do, using TrueCrypt.
Leo
14-Jan-2010

Dave
January 12, 2010 9:28 AM

Leo,
I wish you'd check out a password program that does not store anything anywhere and yet allows you to use extremely secure passwords. See cloakpass.com because it really works and will protect against most bad situations. It's free.

Richard
January 12, 2010 2:19 PM

Leo,
Just finished your article about Roboform. I retired from HP about 10 years ago and keep up with current technology as much as I can. Recently found your site and subscribed to the e-mails.
I have been using a password pgm called Last Pass. Sounds very much like robeform which I will check out to see if it is more beneficial than last Pass.

Azrael
January 12, 2010 11:19 PM

Now why would i need a PAID program to do what the Wand from the Opera browser does much better for free?
To all who have asked: Wand stores the passwords in an encrypted file, it automatically recognizes the login pages and offer the possibility to choose between different ones or to memorize a new one, the passwords are never in the clear and all can be very easily edited. And all that is by default.

cornels
January 13, 2010 5:41 AM

Hi all,
what about the built-in biometric scanners? Very common in notebooks, at least for the past few years. I'm using a HP 8510 which features an AuthenTec Inc. AES2501A fingerprint sensor, accompanied by the HO software. It has all the advantages of the described products - and as a plus: it doesn't even need a master password... just swipe your finger. Work also for the Windows logon screen, of course.
Not very sure about hte encryption level, I guess it's described on HP's website.

Scott
January 13, 2010 6:19 AM

Look at RoboForm 4.6.8 Unlimited passcards

Glenn P.
January 23, 2010 7:59 PM

I use the program KeePass v2.09, which is available at:

https://www.keepass.info

It has most of the features you mentioned (not all), encrypts its database using either AES or Twofish, and -- best of all -- it's FREE!

Enjoy! :)

Gil
March 16, 2010 5:02 PM

I think all of the applications mentioned in the article and in the comments are fine programs. Correct me if I'm wrong, but I think every last one of them store your data in a database.

A database, when written in a general manner, just doesn't do the job.

Several years ago I was looking for a program like mentioned in this article. I tested several then and even now I'll give one a whirl. But nothing beats what I use.....

......Microsoft Access! That's right - an application by that M company. Why do I like it so much? I was able to create all the fields and field lengths/definitions that met my specific needs. When a new field is needed - I just add it to the database. I then use what Leo has described - encrypt the file onto a virtual drive.

If I so desire, that file can be on my desktop, my laptop, a USB drive or any combination of the three that I may be using that day.

That's really my biggest knock against these commerical products. While it's true that there are features they offer that I don't have - they are features I can gladly live without. The bottom line is that I know my information is stored securely, convenient, and easily personalized.

Thanks Leo for another great topic to discuss!

U Rock!!

Glenn P.
March 16, 2010 10:24 PM

But, Gil, KeePass's (or just about any other program's, for that matter) database location can be personalized to taste, too. So, what's the real problem...?

PC Resolver
March 17, 2010 4:37 AM

Roboform is also available on-line. You create an online account (usual login/password) and then you can access your passwords etc by supplying your Robofrom password.
This service is included with Roboform and automatically sychronizes with your browser. This may help others as well as the original caller using a Mac.
I know this means giving your passwords to the cloud but you have to trust someone - don't you?!

Anthony B. Barreto
March 17, 2010 8:07 AM

I have used RoboForm for a couple of years. I have it installed on one desktop, one notebook and on a USB drive which I use for my netbook and on other computers.

RoboForm is simply great and I also use GoodSync PRO (also by SiberSystems) to synchronize my computers and the passwords between them.

One component of RoboForm that was not mentioned in this article is the "Safe Notes" which is also useful.

I completely enjoy reading the articles on Ask Leo. Keep up the good work!

PD Barlow
March 17, 2010 4:00 PM

Roboform is the best! I have the program on both my Desktop and my Laptop for over 2 years and rely on it completely. At age 72, I am very active on both my computers for business, research, shopping, as well as friends/family communication. It's a good buy, for what it does!

James
March 18, 2010 4:38 AM

RoboForm also has a portable version which can be installed on a USB thumbdrive. I find it very useful for traveling.
The big thing that separates RoboForm from other password safes is it doesn't just remember the passwords, it installs as a browser toolbar and takes you directly to the website and logs you in with a single click--opening the site and filling in both user name and password. The portable version does this on any computer you stick the thumbdrive in.
As a bonus, it also generates secure passwords up to 511 characters long.
While Firefox 3.6 says it doesn't work with that version, I've had no problems.

Benjamin
April 9, 2010 2:39 AM

What about password i use LoginTrap.It’s prog can capture every login events by using iSight.It really good prog.

Baby
June 3, 2010 7:28 AM

Just tried LoginTrap, thank you. Really good!!!

JohnM
September 16, 2012 5:07 AM

I have used Roboform Everywhere for some time now. This is the same as the standard Roboform but as it resides on a flash drive it will work on any computer (Windows or Android) into which the flash drive is inserted. It is totally secure as only I (and certain trusted relatives in the case of my death) know the master password which unlocks the encryption.

John Witmer
April 10, 2013 1:08 PM

I find Roboform a very difficult program to use. All it really has done for me so far is to slow down my access to the web. I am just about to remove it.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.