RoboForm is a very popular and highly regarded password manager, so we were a little disappointed to find that while it works admirably at managing your passwords and form-fill data (hence the name) on the desktop, its mobile implementation is very clunky (especially on Android devices.) This is something that will likely change when RoboForm fixes its Firefox for Android add-on, but for now we struggle to find a compelling reason to choose RoboForm over its FOSS or more featured commercial competition.
Pricing and Features
The basic subscription plan is “RoboForm Anywhere”, which works on all your desktop computers and multiple mobile devices. RoboForm Anywhere costs $9.95 for the first year, and $19.95 per year thereafter.
It is also possible to buy a one-off licence for RoboForm 7 which covers a single computer. This costs $29.95 for Windows and Mac OSX PC’s, and $39.99 for RoboForm2Go for Windows (a portable version of RoboForm designed to be carried on a USB key.)
At the time of writing a limited time exclusive offer is available for a 2 year RoboForm Anywhere subscription for $14.95, or a RoboForm 7 Desktop license for $14.95.
There is a generous 30-day unrestricted free trial, after which you can continue to use RoboForm for free as long as you have no more than 10 logins. Free users still receive 24/7 technical support (but see later), unlimited form filling, and no ads.
Features of RoboForm include:
- Auto-generation of secure passwords
- Auto form completion
- Import existing passwords from your browser
- Ability to share website login details securely with another person
- ‘Start Page’ browser launch
- Multifactor authentication for login from new device
- Biometric (fingerprint scanner) support for desktop and iOS (not Android)
- IV Smart Card support for the desktop
- On Screen Keyboard – great for foiling keyloggers
- Available in 30 languages
Aesthetics, website and customer support
The RoboForm website is well designed, cleanly laid out, and easy to navigate. It is chock-full of detailed setup guides, manuals, tutorials (with video tutorials) and FAQs for all RoboForm’s features on the various platforms it supports. There is also a great deal of attention paid to explaining how licences and upgrades work.
Less attention is paid to explaining technical aspect of the service, and in particular the security and encryption side of things, which are somewhat glossed over by the documentation.
Live chat support is available, although it appears to be offline much of time. There is also a “24/7” ticket email support system, but in practice we found turn-around time for this could be over 12 hours, which does not impress us.
Security and Privacy
As with most password managers that aren’t LastPass, the first thing to note about RoboForm is that it is a closed source commercial product. We therefore simply have to take it on trust that RoboForm protects your privacy the way it says it does.
With that out of the way, RoboForm protects your master password using AES, Blowfish, RC6, 3DES or DES encryption algorithms. AES is the default, but we appreciate the fact that those who prefer to go the non-NIST approved route can choose RC6.
As we can see, AES key length is based on the length of your Master Password
In sharp contrast to 1Password (for example), RoboForm is somewhat shy about revealing exact details about how its security works. We do know, however, that in use the Master Password is stored in RAM, but that “RoboForm will only decrypt data on the fly as required and will not store unencrypted data and / or master password ‘as is’ in RAM.”
In other words, it almost certainly derives an encryption key from the Master Password that it stores in RAM. We would prefer a few more specifics, but in principal this setup seems fine.
Importantly, RoboForm does not store your Master Password in any way. This means that if you forget it, then tough luck. But this is much more secure than any system that allows password recovery.
Unlike some other password managers, cross-device syncing is only available via the cloud (using SSL encryption), and no local syncing options are available. You do have the option, however, of authorising new devices using 2-factor authentication (2FA) only, in the form of one-time codes sent to your phone.
We have encountered worse Android permissions, but we still don’t see why a password manager app needs access to all this information
Using RoboForm (desktop)
RoboForm on the desktop is available for Windows, Mac OSX, and Linux, and supports most popular browsers on most platforms, including Firefox, Chrome, Opera, Internet Explorer, and Safari. There is also a portable USB version for Windows (RoboForm2Go) which supports a more limited number of browsers, and a Windows Metro/RT app.
RoboForm can import previously saved passwords and form details from a variety of other browsers and password managers (if exported as unencrypted CSV files)
The RoboForm Editor allows you to manage your passwords and other saved information. Bookmarks and Applications allows to jump straight to a webpage and or desktop program and login automatically, Identities saves form-fill information (for various configurations), Contacts and Safenotes allows you to store confidential information securely
At the center of the desktop RoboForm experience is the Browser bar add-on. From here you can access all of the password manger’s features, search for saved details, and login with a single click
When you enter password details into a new website that RoboForm does not have your details for, its password/form entry capture will detect this, and offer save the details for you. We do find the Firefox bar (above) a little visually clunky, but it can be quickly toggled on and off by right-clicking anywhere on browser window and selecting ‘Show RoboForm Toolbar’
We prefer the implementation in Chrome, though, where the toolbar pops down when the RoboForm icon is selected
RoboForm’s features can also be accessed by right-clicking its Notification Bar icon
Hovering over this icon, instead, allows you to quickly search for saved passwords
RoboForm Start Page is designed to replace your browser’s default start page with a list of your favourite websites, which can be clicked on to automatically log you into the selected website. This page allows for a fair degree of customization
As with all good password mangers, RoboForm can easily generate strong passwords
RoboForm works not just with web passwords, but will offer to save the passwords of your desktop applications
RoboForm works well on the Desktop, performing its job with aplomb. We prefer the way in which the RoboForm taskbar works in Chrome to how it does in Firefox, but this is minor gripe.
Using RoboForm (mobile)
Mobile apps are available for iOS, Android, Blackberry 5.x, and Windows Phone. We tested the Android version.
It is possible to download the raw .apk file for Android directly from the website, which is a great bonus for those security conscious types who prefer to avoid using the Google Play Store. We wish that more security products offered this option.
The Android app allows you to access all your passwords, Identities, and Safenotes etc. Clicking on an entry will take you to its associated website in the apps built-in browser, and log you in automatically
The built-in browser isn’t bad, but it’s unlikely that you’ll want it to replace your more fully featured regular browser
And this where the problems start, because although RoboForm is supposed to include a Firefox for Android browser add-on, we could not get this to install (we tried on both a Samsung Note 4 phone and a Nexus 7 tablet.) There is also no support for Chrome, although an add-on is available for the Dolphin browser.
This means that for most (non-Dolphin) users, there is no browser or other Android integration, so accessing passwords outside the RoboForm app involves opening the app, finding the correct entry, long-clicking it and selecting ‘Show’, then cutting and pasting the details into where you need them. Cumbersome hardly seems to cover it!
There is also no support for fingerprint scanners in Android, although Touch ID is supported on iOS devices. RoboForm for iOS uses a version of Safari that is integrated into the app, but does not integrate into with Safari itself outside of the app.
RoboForm has told us that “we are aware of the issue with RoboForm for Android on Firefox browser and our developers are currently working on a permanent solution.” When the problem is fixed, RoboForm will likely be much more useable on Android devices, but for the time being, RoboForm does not provide a great experience for most users.
- Good desktop implementation
- Does most things we expect from a premium password manger
- No Master Password recovery (good for security, but don’t forget it!)
- Biometric support (not Android)
- Good import options
- Linux, Blackberry 5, and Windows Mobile support
- Can download Android app (.apk) without need for Play Store
- Start page
We weren’t so sure about
- Encryption & security not well explained (but probably fine)
- No local WiFi sync
- Too many Android permissions for our liking (RoboForm should at least explain why it needs them)
- Closed source
- Very slow support
- Poor mobile integration (especially on Android, although this may change when the Firefox plugin is fixed)
As with every dedicated password manager we have reviewed so far, RoboForm works extremely well on the desktop, and we commend it for supporting Linux systems. What is becoming clear as we perform more password manager reviews, however, is that mobile implementation is often the key factor in differentiating products in this keenly competitive market space. Unfortunately, this is an area where RoboForm fails to impress, and as it stands, offers little to recommend it over FOSS alternative KeePass. Good Firefox integration in Android may change our minds on this front, though… when it becomes available.