Review of RoboForm Pro - Secure Password Management, Web Form AutoFill & Safe Notes All in One
Please note that a review of the most recent version of RoboForm can be found here: RoboForm Pro Review: Never Forget Your Online Passwords Again!
RoboForm does only three things: automatic logon through passcards containing logons, web form auto-fill using data from identities, and storage of text in safenotes. By focusing on only these core areas, RoboForm has an opportunity to do these three things well, and it takes full advantage of that opportunity. In addition to its core functionality, RoboForm includes support for supervisor/employee password sets, as well as secure note taking.
RoboForm works on Microsoft Windows XP, but also on both 32-bit and 64-bit Vista. It works well with User Account Control (UAC), not requiring a prompt for elevation other than to install or uninstall the application.
For non-English speakers, RoboForm includes support for many languages, including German, French, Italian, Spanish, Dutch, Swedish, Norwegian, Lithuanian, Chinese, Korean, Danish, Czech, Slovak, Slovenian, Hungarian, Croatian, Polish, Brazilian, Hebrew, Turkish, Russian, Ukrainian, Serbian (sb- and sc-), Japanese, Finnish, and Arabic. I did not evaluate the quality of support for languages other than English.
The street price is just under $30 for the professional version (Roboform Pro), and several options are available if you choose to buy more than one license. There is a free version as well, but it provides only a limited number of identities and password sets (called passcards). This review covers Roboform Pro, unless otherwise stipulated.
RoboForm’s key strength is that it is very easy to use, and tends to “just work.” This, along with the built-in help system makes it an excellent candidate for a non-technical user. One downside to RoboForm’s ease of use is that field mappings between a web form and an identity are not customizable, other than the addition of new fields. However, in testing, this did not prove to be an issue and the ability to add new field mappings does allow some flexibility. Performing mappings yourself will require some knowledge of HTML, as you will need to extract the internal field names used by the web form. Overall, RoboForm’s core functions perform so well, it is difficult to find a clear weakness.
Price to Value (4 out of 5)
For $30, I got what I expected from a web password manager and form-filler application.
The free version of RoboForm provides a lot of the same functionality as RoboForm Pro–prospective users should try the free version to see if it covers their needs before spending $30 on RoboForm Pro.
Installation & Setup (4 out of 5)
RoboForm starts the setup process by explaining its core functions and the terminology (passcard, identity, safenote) for those functions. After I finished the install, RoboForm asked for a master password (not required), and then opened the web browser to a tutorial.
If you have a registration code, RoboForm does not ask for it at setup time. You must navigate to a web page later on to activate the product. It would be more streamlined if RoboForm offered to let me activate the product after installing it; this may be confusing to users who paid for the product, yet don’t see the extended functionality in the Pro version.
User Interface (4 out of 5)
RoboForm is very easy to use. It will auto-detect when you enter a login for a website, and offer to save it. Logging into the website the next time is as simple as selecting it from a list, or using search if you are managing a lot of logins. Auto-filling a form is as simple as clicking a button.
One extremely useful aspect of the RoboForm user experience is the integrated help, which is discussed in more detail in the Help section below.
RoboForm takes up a lot of space in the browser toolbar. I would prefer to be able to turn off some of the less frequently used buttons to reduce the amount of space it takes. If you don’t use other toolbars or browser plugins, this will likely not be an issue for you, but if you do, space can get crowded.
Product Features (4 out of 5)
RoboForm allows you to put in a lot of identity-related information if you choose. The available fields are very comprehensive, and I never ran across a case where a field was not available. If you do, RoboForm allows you to define a number of custom fields. To do this, however, you will have to understand how web forms work, as RoboForm requires you to put in the HTML form field identifier so that it can automatically map the field.
During my tests, RoboForm did an excellent job of automatically saving account information when I logged into websites such as Yahoo, MSN, American Express, and Costco. It also did an excellent job of filling in address and credit card information from a sampling of eCommerce sites.
RoboForm provides good browser integration–I never had to leave the browser to do what I wanted to do. It provides search functionality, which works as you type, making it easy to locate specific items such as a login or an identity from which to fill forms. Coupled with RoboForm’s ability to navigate to a site and in one step log you in, this search functionality is very handy.
For websites with multiple domains (for example, Citibank has citi.com and citibank.com), you can define those sites’ names in RoboForm as the same. RoboForm will then recognize the different sites as the same, so you don’t get stuck setting up your account information multiple times. RoboForm also comes with many website equivalencies predefined.
Security & Privacy (4 out of 5)
RoboForm supports multiple encryption methods, and correctly chooses AES as its default method. It also provides support for employee/supervisor passwords, giving employees access to use passcards, but not to view or edit them.
There are a few aspects of RoboForm’s security that concern me. First, RoboForm does not tell me (nor allow me to choose) the keylength for the algorithm I have chosen. No matter how technically good an algorithm is, it is only as good as the given key.
Additionally, RoboForm does not appear to use the cryptography algorithms provided by Windows and instead uses its own implementation. I would have a higher level of trust in the effectiveness of the encryption if it used the functions provided by Windows.
Overall, though, what RoboForm provides is good for a home user; businesses, however, may require a stronger guarantee that security is implemented correctly.
Help & Support (5 out of 5)
The help in RoboForm is very good. Not only are there full guides available online (which open as soon as you install the product), but every feature has context-sensitive help that pops up when you use it. This makes it easy to use, as there is no rummaging around in help files to figure out how a feature works. Once you are familiar with how RoboForm works, you can tell it not to show you a particular help box in the future. Nice.
Every item in RoboForm’s options menu also has context-sensitive help accessible from a little “?” button in the dialog box. In all cases the help text is clear and meaningful.
If RoboForm improved its UI for defining site name equivalencies (or, better yet, could auto-detect them and offer to merge logins) and for defining custom field mappings, I’d give it slam dunk status for its core functions.
In the security area, I would like to see some control over bitlengths, an option to encrypt data so if it leaves the machine it is not usable, and use of Windows cryptographic functions.
Overall, RoboForm is an excellent product. It doesn’t try to be more than what it is–a proven, capable web-password management utility that just works. I would be comfortable recommending RoboForm to my mother.