RoboForm
I don't know about you, but I think anybody that would use RoboForm has to be out of their minds! Maybe for casual "fan site" sort of things (e.g. Slashdot), but not for serious usage. Turn my passwords over to a third-party I don't know? Wait, I'll have to stop laughing before I can tell you NO!
Harshblogger said:
All the passwords entered into RoboForm are stored in a password protected and encrypted file on your computer in a not their server. You are not handing your password to a third party unless you log in and actually hand someone your computer. Yodlee (at www.yodlee.com ) is a service that stores your passwords on their server.
Kevin said:
I'm sure for some people this would be a wonderful service. I'm sure they could do far worse things with their passwords such and writing them on a Post-It note stuck to their monitor.
Your passwords may not be stored on their servers, but you are still effectively handing them over to this third-party. Your passwords aren't magically going from a locally stored file and into the form on another site. Somebody/something has to read and unencrypt that file in order for it to populate the form. Sorry, but I'm highly skeptical of anything that handles my passwords in some automagic fashion. Like I said, I'm sure this would be wonderful for some people as it would be a security improvement.
I don't know anything about Yodlee, but it sound like a similar service and I wouldn't use them either.
Hasrhblogger said:
That is my point. It is not a service but a piece of software. Yodlee stores your passwords on their servers. It is transmitted over the internet. With RoboForm the information is stored on your computer. In order to retrieve the information someone would have to gain access to your computer (either physically or by internet), copy your password file, and steal your password for RoboForm. That is very unlikely. What is more likely is that you visit a website that takes advantage of one of the know vulnerabilities in IE to install a malicious key logger on your computer. The key logger then sits there and recorded all your passwords and transmits them over the internet to the unscrupulous hacker. This happens all the time. However, if you use RoboForm you never type in your password (they are filled in for you) and the key logger will be unable to capture it. That is added security. I'm not trying to convince you to use RoboForm. I just think you are placing undo criticism on this deceit piece of software.
Kevin said:
I don't really know much about RoboForm other than what one can glean from the homepage in 5 minutes or less. So I'll accept your assertion that this is a "piece of software" that is installed on my local machine and my passwords don't pass through their servers. But assuming this the commercial enterprise which it appears to be what are they gaining from it? Your personal information when you sign-up which they can then resell to some spammer? I have no idea and frankly I don't really care because like I said before: I'd never use a service (or software) like this. Even if this is a local piece of software, what assurance do I have that when I use it to populate a form that it's also not maliciously sending it someplace else?
As for being stung by "one of the know vulnerabilities in IE", that's not an issue. I use FireFox exclusively, which also has its faults, but they are fewer that those in IE and they gets patched much quicker. Only the uneducated still use IE.
After you've now replied twice to me to defend RoboForm, one has to wonder what your stake is in this and/or whether you are an employee. If you think this is a good application, then feel free to use it. I on the other hand do not trust RoboForm or any other third-party to potentially access my passwords. End of story. Have a nice day. :)