Friday, April 27, 2012

Roboform Is No Longer King of Password Managers.... LastPass Is A Tool You Need Today!

 I have long advocated the need for using a password manager. (I wrote about these and other productivity tools earlier this year. Click here if you would like to review this earlier post.) There are a wealth of reasons for this advice. First, the sheer number of authentications even a casual web user must grapple with can easily grow to thirty or more logins. An astounding number of users still attempt to "solve" this issue by using the same password, or perhaps a minor variant when necessary (i.e. adding a "1" or capitalizing, when a particular site insists on one or more of these rules for acceptable password creation). If you are among this group you are far from alone and what follows is of particular value..... 

CNET  recently wrote this article explaining how the majority of Windows passwords can now be cracked in less than 14 seconds! Identity theft seems to be a daily news topic and even Apple Mac users who have thought themselves immune to malware and virus threats have recently been reminded that they too are targets. You need to take prudent steps to protect yourself and employing a password manager is one important aspect of your online security health.

Online security experts often offer a number of authentication recommendations. Most of the advice is sage and will go a very long way towards ensuring you aren't a victim of identity theft. Following these steps also minimizes any potential damage (and liability) which may occur should one of your accounts happen to be compromised. Among the most important rules:


  1. Use strong passwords. So called dictionary attacks makes it increasingly trivial to hack into an account secured by a user password, or even minor variant, which can be found in a modern dictionary. So if your idea of a "good password" is using the word, "simple" or "simple123" even a rookie hacker is likely to be reading your email or checking your bank balance in a matter of minutes if they are so inclined.
  2. A close corollary to the first point, use pass phrases if at all possible! It is orders of magnitude more difficult to divine a pass phrase such as "simple solutions to 123 cake recipes" than "simple123."
  3. Far better than a dictionary prone phrase, is a truly strong, twenty (or greater) character password such as, "Uq7ZT2D8YeNIS9lO2tbz." This character string contains UPPER case, lower case and numeric characters. The odds of such a password being discovered using even today's sophisticated hacking tools and powerful hardware are extremely slim.
  4. Again, the value of such a strong password is greatly enhanced if you generate UNIQUE passwords for each of your various online accounts. If someone discovers the password for your old Hotmail account you haven't even reviewed for a month, the damage is very containable IF this same password isn't also the key to unlocking your online bank account or ROTH IRA!
  5. This is almost a given, but using easily discovered personal data in your authentication scheme is an extremely bad idea. In today's electronic universe of social networks and search engines, it doesn't require a rocket scientist in most cases to unearth your mother's maiden name or the fact  your cute lovable pet's, moniker.
  6. Which brings me to one more security point worth mentioning. Even if you follow my advice and practice good password policy, if you answer those security questions with easy (or in fact true) responses, you still leave a rather big security hole in your online fortress. Especially for highly sensitive sites such as your bank and/or investment accounts, consider answering, or resetting, the security questions to information that is not available anywhere. In this case, telling a white lie or two is the better part of valor. There is nothing that requires you to answer these questions with the truth! It is really only necessary that you know the answers! So if one question is, "What street did you grow up on?" Avoid telling the truth. If you lived on "Eastside Avenue," respond instead with, "Westside Street." (Just remember what subterfuge you employed so if the worst happens and you truly do need to reset one of these sensitive accounts, you don't outsmart yourself! See Safe Notes, below.)
The nearby advice is all sound. There are additional nuggets of online protection which are well worth your consideration, but one thing all of these rules have in common is they are virtually impossible to follow if you are relying on traditional ways of generating and recalling your authentication information. Unless you truly have an eidetic memory, you need help! This is where Roboform, LastPass and other utilities fill a very real need.

I am going to focus on Roboform and LastPass. These two tools have more in common than not in terms of what they offer. Importantly, these companies have extremely good security themselves! After all, creating highly secure authentication and then entrusting this data to a less than trustworthy third party really defeats the purpose of the exercise! These two companies offer truly secure password protection with high levels of encryption while still allowing you access to your password accounts across all of your connected devices (if you need and want this functionality). Others may have similar services and security, but I can vouch for these two alternatives.


First let me highlight some important functionality both services provide:

  • Strong password generation. Effortlessly, create truly strong passwords, unique to each site you visit. 
  • Automatic log in. When you visit a site, these programs will offer to automatically authenticate you with the proper user name and password information you have created.
  • Form filling. You can rely on these programs to fill out a multitude of online forms, saving you a great deal of repetitious data entry (and possibly data entry errors). You can also easily set up Identities, allowing you to fill out forms as appropriate (perhaps with individual information in some cases, company information in others, ....). Optionally, you can securely add credit card data and other personal information, further speeding the form filling process on most sites.
  • Ubiquitous access. If you find yourself using multiple devices as I do, you know how challenging it can be to access various accounts on multiple devices. Roboform and Last Pass both offer premium "Anywhere" Access. (More on this later.)
  • (Safe) Notes: If  you have very sensitive information you want to keep handy and secure (perhaps those fake answers to security questions we discussed earlier), it is easy to create a secure note with this information which will always be available with a mouse click.
  • Single password access! Yes, you will still have to commit a single master password to memory! No getting around this, but it is just one password and it is used to provide you "master access" and encrypt all the rest of your information from the rest of the world. One password is all you have left to remember. (You SHOULD provide this master password and instructions, to a loved one, executor, or caregiver. Should something happen to you, this password truly is the key to castle and having it in  proper hands can be among the most important estate planning actions you take!)
  • Integration with all modern web browsers. I have found a challenge or two using some obscure tools in various browsers, but key functionality-- managing and accessing web sites-- works well in modern versions of Internet Explorer, Firefox, Chrome, and Safari. Both companies offer plug ins for all these modern browsers.


Hopefully, I have convinced you of the value of these tools and the need to add one of these to your daily computational toolbox if you haven't already. I have been a long term user of Roboform. It is the grandaddy of password management. However, I no longer see any reason to pay this company's fees. Last Pass offers virtually all the functionality and security  of Roboform without the expense.

As of this writing, Roboform Desktop costs $29.95 (free trial available). Lastpass is free to download and use. Confusingly, Roboform has another, separate program, Roboform To Go, designed to allow access to account information on a USB key ($39.95) AND Roboform Everywhere which is an annual fee based service which synchronizes your passwords, allowing access on Android, iPhone, iPad and other platforms using "free" Apps. Roboform Everywhere is available for $9.95 the first year, but renewals are pricier, costing $19.95 a year at the time of this writing.

Situations vary and you may not need, or want, all the functionality of Roboform's three products. If you do, it will cost you $80 the first year and $20/year thereafter. If you would like to review a comparison chart of the company's various offerings, click here.

On value, LastPass is the clear winner. LastPass can be downloaded at no cost. There are no gotchas. No limited functionality, no trialware, nada. If you want synchronized, everywhere, access, plus premium technical support, LastPass Premium costs $12/year. This fee is billed at one time and is refundable if you aren't satisfied with the service. Installation of LastPass on mobile platforms is also free (as are Roboform's mobile Apps).

The nearby video will provide a quick primer in using LastPass. If you would like to see some of this program's additional features in action, click on this link for a complete set of tutorial videos. With my annual RoboForm renewal days away, I decided to download and evaluate LastPass again. My conclusion, this program is every bit as powerful and functional as Roboform at a fraction of the cost. LastPass also transparently keeps you in full control of your data. You can easily export all of your information and use it as you see fit.

Siber (spelling changed from original post), the maker of Roboform, makes saving and exporting your data more difficult. In fact,  exporting my logins, identities and Safe Notes from Roboform for use in LastPass was more challenging than I ever would have expected. It seems Siber consciously has made it difficult (impossible without some trickery), to get your data in a format which can be used by its competitor. (Shame on you!!!) For the record, moving from Roboform to Last Pass can be accomplished. The trick is downgrading from the current release of Roboform to an older version (which is no longer available on the company's official web site)! Once you have completed this step, the process isn't too painful, but there are still a couple of hurdles. If you are interested in learning how most easily to make the move from Roboform to LastPass, share your thoughts in the comment field, or contact me directly. I will be happy to share the specific steps necessary and if there's enough interest, I will write a formal follow up article.

If you don't have a Password Manager, stop what you are doing and download LastPass today. There is no cost and much to gain. Anyone who has suffered identity theft can vouch for how costly and painful this can be in life. Even if you haven't fallen victim to this dreadful modern day disaster, I bet you have scratched your head more than once trying to remember a forgotten user name and password!



Enjoy! If you find this post of interest, please share through Google+, Twitter and Facebook! We welcome your comments (which you can provide via the comment form below).






 
I currently participate in Associate Programs and certain item links included within this post may tie to these affiliate programs. By using these links, you help support Music Row Tech, I appreciate your support.




Companies:   LastPass, Siber  


This commentary is not meant as an endorsement of any company or to provide financial advice.  If the author has any financial interest in any company mentioned at the time of this article’s posting, it will be explicitly noted. I welcome feedback and comments. 




31 comments:

  1. I'm not sure how much I take this article seriously when you can't even spell the word "Siber" correctly. Seems like you are working for lastpass or something. I don't really care about either of these companies but this article has typos and seems to be a paid off article.

    ReplyDelete
  2. I appreciate your comments. The misspelling is entirely my error and I intend to correct the post to properly reflect the company's proper spelling. Thank you for pointing out my error. I do not accept evaluation product or any form of compensation for my reviews. If I own any form of equity interest in a company which I comment upon, I openly state my holdings in the post. As to specifics, I actually have personally used Roboform on multiple platforms for about a decade. During this period, I also recommended this product to dozens of clients (as well as friends, associates and family members). An upcoming personal renewal of Roboform Everywhere inspired me to look at the product's competition. LastPass has improved substantially since my last experience with the software and its current pricing model is much simpler and less expensive than RoboForm. LastPass remains my personal and professional recommendation in this category.

    ReplyDelete
    Replies
    1. Thank you for your detailed article. I too have been a satisfied RF user for many years and have previously only dabbled with LastPass (after they acquired Xmarks a couple years back), yet I never felt the urge to switch to LastPass just to save $8 a year (- and I could never really figure out what those other more expensive RF services were even needed for when $20 provides access from "Everywhere"). However, after looking for ways to safely share hundreds of my Logins with my life and business partner, I took another look at LastPass and it appears that they've come a long way since 2010. Their product offers excellent value and can indeed contend with RF now. LastPass also offers an option for sharing individual sites (Login passcards) and includes some other features that RF does not. RF however has employee/supervisor dual password option for entire profiles which even LastPass Premium ($12/yr) lacks. So, I'm still undecided if I'll switch to LastPass, as I need to share hundreds of Logins (even LP Premium won't share Groups, and enhanced folder sharing is only supported by LastPass Enterprise at $24/yr), plus, as others have found, exporting RoboForm data has become a hassle.
      What brought me to this website was a search for transferring data from RoboForm to LastPass. RF v6 seems to be the answer here, as this obviously worked fine when I played with LP previously. In correction to your article I'd like to state, however, that for the time being RoboForm v6 IS still available on their website: http://www.roboform.com/download/v6 - so there is no need to mess with ad-supported "old version" downloads!

      Delete
  3. I believe you have some inaccuracies in your review. I'm a RoboForm Everywhere user and it only cost me $10 for the first year and $20 for additional years. I recently saw an upgrade special and upgraded for $12 per year. I use Everywhere on 1 desktop, 2 laptops and my iPhone and I only bought the 1 Everywhere license.

    I think your statement about it being $80 the first year is very inaccurate and I therefore question the rest of your article as being biased.

    ReplyDelete
  4. This is a good article, better than most about lastpass compared to roboform. Good to point out the exporting limitations on roboform, that's the biggest con.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. Why did you remove the last two comments?

    ReplyDelete
  8. Rolf from the NetherlandsOctober 5, 2012 at 9:14 AM

    Good article or not... I appreciate the time he put into writing it. I used Roboform in the past, when I was stuck to Windows. But now I am a happy Mac user I think Lastpass is a great tool, with plugins for all major browsers, iPhone and iPad. They sure can make some improvements, but it is a good start.

    ReplyDelete
  9. I currently am using Roboform and have liked it other than a bug that they refuse to acknowledge. If you create folders in your password list to organize your passwords (Banking, Restaurants, Games, etc.), then try to get to the passwords, the sub-folders will open to the left of and disconnected from the parent folder. You can't get to them unless you configure Roboform's menu close enough to the left of your monitor to force them to open to the right side. They annoyed me when I had paid for the software and they suddenly went to an annual subscription. I took that subscription because it was cheaper than LastPass ($9.95 vs. $12.95). They further lost me when they stopped responding to my requests for assistance with the bug. The software informed me this morning that I have a week to renew. That doesn't leave alot of time for research, much like when they went to the subscription model. That's very little warning and a further reason to leave.

    Your description of the cost to get all the services from Roboform is inaccurate. Roboform Everywhere is all the services for $9.95 the first year and $19.95 (when I subscribed) for successive years.

    I am concerned when you say that importing my Roboform passwords into LastPass is difficult. I don't know why you wouldn't create an article and link to it for how to do the import. You said you had tips. Would you please share them?

    ReplyDelete
  10. Thank you for writing this article. I'm struggling with which password manager to use and your comments were helpful. I'm still looking for more specifics for my use cases and will continue my research.

    ReplyDelete
  11. I stumbled upon your article as I have been struggling to decide which of these two to use. I have used a highly developed personal structure for passwords for years that still bothers me. It is time to suck it up and choose one of these companies. The commentary after the article was rather entertaining too. Some people have nothing better to do than whine I guess. Thanks so much for sharing your thoughts.
    Rachel

    ReplyDelete
  12. Whats interesting about this article is that while Lastpass has much of the same functionality as Roboform, it is not as user friendly. LP does a TERRIBLE job at filling in forms and every time I try and save a new password, it prompts me to save a new profile. LP is a good product but somewhat buggy.

    ReplyDelete
  13. You can also organize the ideas in unique ways to see them better, which means that those who can understand visuals better will benefit greatly from this software. Project portfolio management software is an important software for any company and it allows you to be able to see a different things in new angles and create many different schedules, reports and so much more.read here

    ReplyDelete
  14. Your blog provided us with valuable information to work with. Each & every tips of your post are awesome. Thanks a lot for sharing. Keep blogging.. Free of charge App To Hide Pictures -PC - Don't Hang Around Browsing, Study About Cell Desktops On this web page password protect photos iphone

    ReplyDelete
  15. Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. copyright songs

    ReplyDelete
  16. I use ROBOFORM & LASTPASS - concurrently - both - paid versions, on all our computers and cell phones. So, from parallel usage everyday here is my assessment.

    ROBOFORM ===
    I prefer ROBOFORM. The cost doesn't bother me at all. I'm buying security for all my important knowledge. It is worth every penny!!
    1) ROBOFORM downloads the logins & safenotes & identity information onto each of my devices - encrypted. This means that I can access my safenotes even if I don't have an internet connection (I have hundreds of Safenotes for myself, my wife, my family, and all my clients)
    2) ROBOFORM is MUCH easier to organize files into folders. Both programs can create folders, but the process of ROBOFORM creating and managing the folders is much much easier.
    3) Filling forms with ROBOFORM is much easier and more flexible than LastPass.
    4) ROBOFORM & LASTPASS both have an online storage of all of my information (encrypted). I can access it anywhere on any computer. On my client's computers I can even add a Roboform app in the browser to use my ROBOFORM without actually installing it on the client's computer.
    5) My wife and I share the same ROBOFORM account (and the same LASTPASS account). The means that I have all of her logins & she has all of mine. If I die she can instantly get to everything she needs to.
    6) ROBOFORM does a MUCH BETTER job of logging into Google & Gmail websites (I have over 30 that I have to log into). LASTPASS broke it's login to Gmail about 2 years ago. It logs in sporadically. VERY frustrating! ROBOFORM logs into everything smoothly.
    7) BOTH can autofill on my cell phone, though I do use LastPass more for my cell phone autofill in apps.
    8) ROBOFORM's Editor view to manage all my logins, safenotes, and Identities is so VERY MUCH better than LastPass. That is important to me. I have about 1,500 Roboform files. The Editor View is compact, smooth, logical, and much easier to edit files than LastPass.

    LASTPASS ===
    I added LastPass about 8 years ago when I thought we were switching to Apple Macintosh. At that time Roboform didn't work on Apple. It does now! I kept ROBOFORM for what I thought was a transition period. The old ROBOFORM did allow for an easy export of the files in way that made it easy to import into LastPass. Apparently ROBOFORM did away with the Export for awhile, but has brought it back. You can export ROBOFORM into a CSV file.
    Things I like about LASTPASS:
    1) my wife prefers it. I love my wife (a LOT)! So, I keep LastPass.
    2) I use LastPass on my Android phone more than I use Roboform, though I do use both. LastPass has a fingerprint login on my cell phone that works smoother than Roboform's fingerprint recognition.
    ... that's about it. I MUCH prefer ROBOFORM

    ReplyDelete
  17. GENERAL PASSWORD RECOMMENDATIONS:
    1) Check your password strength at: https://www.grc.com/haystack.htm (Google for "haystack password") ... find out how safe your passwords are. LENGTH is important + Lower Case + Upper Case + Numbers + Symbols. The site explains and demonstrates the importance of each for strength.
    2) I teach clients about passwords.
    --a) USE A PASSWORD PROTECTION APP - like ROBOFORM or LASTPASS. Do NOT use a document that you put your passwords into. That is horrible security.
    --b) 3 CATEGORIES of Passwords - 1. Emails 2. Banking 3. General Logins
    --c) PASS PHRASES - each of the 3 needs to have a different passphrase. Make your Passphrase something easy to remember: "Ilikepeppermint" It needs some length.
    --d) EDIT THE PASS PHRASE so it contains Upper + Lower + Numbers = 1LikeP3pp3rmint
    --e) ADD SYMBOLS to the end: 1LikeP3pp3rmint#!# ... use the same ending on all your passwords. Easy to remember.
    --f) PERSONALIZE by website or email account: add to the front of your standard password something to specify the website. Example - 1st, 3rd, 5th letter of the website = AMAZON = aao1LikeP3pp3rmint#!# .... very easy to remember and different for every website. Try the example on the GRC Haystack.
    --g) 3 DIFFERENT PHRASES!: Do NOT use the same phrase for Banking that you use for General or Emails!!

    Hope all that helps.

    ReplyDelete
  18. Hello there, I do think your website could be having web browser compatibility issues. Whenever I look at your blog in Safari, it looks fine, however when opening in I.E., it has some overlapping issues. I merely wanted to provide you with a quick heads up! Besides that, fantastic website! Their website: How To Lock Files The Spartan Way

    ReplyDelete
  19. This was a shocking post. It has some look at here fundamental data on this subject. digitogy.com

    ReplyDelete
  20. Brute force attack works by trying to track down every possible code, combination, or password until you find the right one. reset windows 10 password

    ReplyDelete
  21. Amazing post! I appreciate your hard work. Thank you for sharing. I have also share some use full information.
    Drone pro review
    mosquitron reviews
    eco beat earphones review
    Coolair review
    Coolair air cooler review

    ReplyDelete
  22. Awesome article. I enjoyed reading your articles. this can be really a good scan for me... RoboForm

    ReplyDelete


  23. Wow! Very Great Blog.
    https://hitplugins.com/izotope-ozone-advanced-keygen/

    ReplyDelete
  24. MRT Dongle currently enjoys the status of success, as many of the current devices currently repair repairs with the use of this application. Also, it is used for recovering the lost IMEI of mobile phones as well.
    MRT Dongle Keygen

    ReplyDelete
  25. Thank you for share ii like it

    ReplyDelete

Thank you for sharing your thoughts with other Music Row Tech readers and subscribers.