Siber Systems created RoboForm more than a decade ago to automate the process of filling out forms online -- until the CEO decided that he wanted to use it to automatically fill in user account names and passwords as well. The feature, which started as "a utility, a hobby for the CEO," is now the primary reason why people buy the product, says Bill Carey, vice president of marketing. The company claims to have more than 3 million users worldwide.
Although RoboForm supports a wide range of operating systems, browsers and mobile devices, only the native Windows version of the program offers the complete range of features. RoboForm sells two Windows versions: RoboForm for Windows and RoboForm2Go, a Windows-based application that can run from a USB key when inserted into any Windows computer. A native application for Linux is not yet available. Siber Systems plans to release a native version for Mac OS X later this year.
RoboForm runs from the Windows task bar or from a browser toolbar extension (the application automatically installs extensions for Firefox or Internet Explorer; the Chrome extension has to be downloaded and installed manually). You have to use a bookmarklet to use it with Safari, Opera and other browsers. The Firefox toolbar also can be installed into Firefox Portable Edition for use on a USB drive.
After you install RoboForm and set up a master password, the program begins asking if it may collect user names and passwords as you enter them into Web sites. (It can also import data from some sources, such as browsers.)
A pop-up window appears when you visit a site for the first time and prompts you to save the log-in credentials into a newly named passcard. Thereafter, whenever you visit that site, you can click the Login button and choose the appropriate passcard, or navigate to the site and click on a context-sensitive shortcut button in your toolbar to log in.
For example, if you're already on the log-in page for, say, Facebook, you just have to click on the button (which will say "Facebook") on the toolbar to log in. (Make sure the correct account credentials are selected -- if you have multiple accounts it presents them all.)
On each Windows computer you use, RoboForm stores an encrypted copy of your password data locally and keeps everything in sync by way of a master copy stored on its cloud-based service, RoboForm Online.
RoboForm for Windows sells for $29.95 for the first machine and $9.95 for each additional computer. RoboForm2Go sells for $39.95 per USB drive, or $19.95 if you also buy RoboForm for Windows. Software applications required to use RoboForm with mobile devices are free.
Siber Systems also offers apps for a variety of mobile phone platforms, including iPhone/iOS, Android, BlackBerry, Windows Mobile (up to version 6; they are no doubt working on Windows Phone 7), Palm and Symbian. These allow access to the online copy of your password data but do not include local backup copies or offline access to your data.
I tested the free RoboForm app for the iPhone on an iPad. To access your data you enter a four-digit pin instead of your master password.
Because Apple doesn't allow add-ons to Safari on the iPhone, the RoboForm app includes its own bare-bones browser window. You select the target Web site from RoboForm's list of sites and the app opens a second tab through which you log into and view that Web site. It's not the same as using your native browser, but it's workable.
I had no trouble logging into most sites but could not log into a Gmail account. Resynchronizing the data did not help. According to support manager Andrew Steed,Google treats the HTTP request I saved when accessing the Google log-in screen from a desktop differently when it's coming from an iPhone or iPad -- presumably because it normally would redirect you from Google.com to a log-in page tailored for your mobile device. To get around this, I manually entered the generic address www.google.com into the passcard's URL field, which then redirected the iPad to the appropriate log-in screen. I was able to log in just fine.
Such are the idiosyncrasies that can crop up when you're sharing a common password database across devices.
RoboForm works just fine once you're up and running, but getting all of the pieces and parts downloaded, set up and synchronized can lead to some head-scratching moments -- a point that Siber Systems acknowledges. A spokesperson says this will be addressed when a version 7 (now in beta) is released later this year.
1Password is a great solution for Macs -- the browser toolbar makes password entry a two-click affair, and the Mac application itself makes it easy to create and maintain passwords, identities, secure notes and other data.
However, the browser pop-up in the Windows version, which is still in beta, isn't quite as easy to use as the toolbar in the Mac version, and the 1Password application for Windows didn't let me automatically log into Web sites by double-clicking on a site, as I could with the Mac version. 1Password lacks key features for anytime, anywhere access. It's not compatible with the BlackBerry; accessing your data on the Dropbox Web site is a clunky, multistep affair; it does not offer the ability to run from a USB key; and you can't create one-time use passwords for logging into your password database.
RoboForm is a solid product for Windows, and although there's no native application for Linux or Mac OS X and no ability to store and synchronize a local copy of your password data on those systems, the browser toolbar add-in for the Mac is quick and easy to use. As with 1Password, you pay a license fee per Windows PC or USB device, which can add up if you want to use the product on several different platforms.
Clipperz is a free, but much more limited, password manager. It's Web-based, so you can access it from anywhere, so long as you're online. It allows you to store a local backup copy of your data, and it can run from a USB key.
However, the local copy doesn't automatically keep in sync, and the process of using bookmarklets to create direct log-ins for Web sites by copying and pasting HTML code between the Web site and the Clipperz Web site is a less-than-polished approach that should be automated. Clipperz does the job, but when compared to other products in this category it looks unfinished.
I consider LastPass to be the overall winner. Security products should be easy to set up and use, and as unobtrusive as possible, or people just won't use them. LastPass does well on all counts while working on Windows, Mac, Linux and most smartphone platforms.
It was the only product to automatically populate and submit my credentials to a Web site as soon as I surfed to a Web site -- no button-clicking required. It has a few nice features, such as an analysis of your existing passwords for weaknesses and an option to automatically delete passwords stored insecurely by your browsers. It can store a local copy of your data on all mobile and personal computing platforms, and it offers the added protection of two-factor authentication.
I didn't like the fact that LastPass requires your user account ID to be your e-mail address -- something that's easily guessed. Because of that, a strong master password is a must. But the price, free or $12 per year for the LastPass Premium subscription, is very reasonable.