Page 1 of 2 12 LastLast
Results 1 to 15 of 28
  1. #1
    2 Star Lounger bmeacham's Avatar
    Join Date
    Jan 2001
    Location
    Austin, Texas, USA
    Posts
    191
    Thanks
    4
    Thanked 4 Times in 4 Posts

    Question Concern about password manager

    I just installed Roboform Everywhere and have a concern. If someone gets access to my computer, they can just log into all the sites for which I have saved a password! That seems awfully insecure. I take pretty good care of my laptop, but it might get stolen. Then I would have a real problem. I am considering uninstalling Roboform. Please tell me your opinion about this concern.
    Bill Meacham
    bmeacham98 AT yahoo.com

  2. #2
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,075
    Thanks
    0
    Thanked 259 Times in 248 Posts
    I don't use a password manager but seems to me there'd be a Master password needed to access the program's data.

  3. #3
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,435
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Bill,

    I don't have RF Everywhere but I do use RF Desktop and it requires a master password I'd assume that RFE does also?

    If so loosing your laptop should require the finder to know 2 passwords! Your Laptop's logon password and your RFE master password. These should both be of sufficient length and complexity to make this almost impossible. If you have bitlocker available you can add another level of complexity as clearing the logon password isn't all that hard for the knowledgeable PC user. HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,583
    Thanks
    5
    Thanked 1,058 Times in 927 Posts
    First rule of PC security is if you lose physical control of the device you have no security.

    Joe

  5. #5
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,794
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Quote Originally Posted by RetiredGeek View Post
    Bill,

    I don't have RF Everywhere but I do use RF Desktop and it requires a master password I'd assume that RFE does also?

    If so loosing your laptop should require the finder to know 2 passwords! Your Laptop's logon password and your RFE master password. These should both be of sufficient length and complexity to make this almost impossible. If you have bitlocker available you can add another level of complexity as clearing the logon password isn't all that hard for the knowledgeable PC user. HTH
    The laptop's Windows logon password is easily bypassed by any moderately knowledgeable thief.

    Jerry

  6. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    I wouldn't be without my password manager - I can't possibly remember all the details about all the sites I use. I have a long and complex password and a re-lock timeout of 5 minutes, plus lock on Windows logout / sleep. I sleep happily!

    cheers, Paul

  7. #7
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,435
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Jerry,

    Didn't I say that?
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Florida
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I imagined that what you are talking about is sitting down at your device, logging in and then- whatever- use your imagination.

    the steps you might take are:

    1. right click on the roboform symbol, at the top of the menu box select 'logoff' a symbol of a key.
    2. ditto step one, part one, then select options, then select security, finally set up your "auto" log off. However you want it to be.

    The whole idea of a master password manager is convenience. If you sign in to RF and then get up and walk away, then beware.

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Roboform Everywhere uses a master password. You can set roboform to logoff with a variety of options. You set these options by going to Roboform Options/Security.

  10. #10
    2 Star Lounger bmeacham's Avatar
    Join Date
    Jan 2001
    Location
    Austin, Texas, USA
    Posts
    191
    Thanks
    4
    Thanked 4 Times in 4 Posts
    Thanks to all for your replies. I'll delve deeper into RoboForm's setup.
    Bill Meacham
    bmeacham98 AT yahoo.com

  11. #11
    Lounger rodsmine's Avatar
    Join Date
    Dec 2009
    Location
    Seattle, WA, USA
    Posts
    35
    Thanks
    4
    Thanked 4 Times in 3 Posts
    Actually, RG, RoboForm Desktop does not _require_ a master password. When it asks you for one when you install or update, clicking cancel at that window installs it without a master password.

  12. #12
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,435
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Quote Originally Posted by rodsmine View Post
    Actually, RG, RoboForm Desktop does not _require_ a master password. When it asks you for one when you install or update, clicking cancel at that window installs it without a master password.
    Rodsmine,

    Yeah but who would do that? headbang.gif Oh yeah, all those people getting millions from Nigerian diplomats! ROTFLOL.gif
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  13. #13
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,154
    Thanks
    31
    Thanked 307 Times in 267 Posts
    Quote Originally Posted by RetiredGeek View Post
    ...Yeah but who would do that?...
    Actually I regularly have to help customers who have forgotten passwords.

    There are ways of discovering passwords previously used on a PC.

    Am not going into detail (don't want to make it any easier for the baddies) but it is not terribly hard to recover any passwords you have used on your computer - it only requires certain knowledge about how Windows stores passwords and how to access those stored passwords.

    Advise against using "RoboForm" or any other "login manager" - they are too easy to "crack".

    Rather, keep a notebook for your computer in which you write down details of each login, but keep the notebook separate from your computer (especially if it is a laptop or other mobile device).

    Since you must use a "password manager" such as RoboForm, etc., at least if you have maintained a separate notebook you can go in and change passwords in the sad event that your laptop (or other device) is stolen.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  14. #14
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by Coochin View Post
    Advise against using "RoboForm" or any other "login manager" - they are too easy to "crack".
    Seriously? So you have software to easily crack AES 256 bit encryption coupled with a few thousand PBKDF2 iterations? You should post a technical article about that, I am sure it would have a huge impact in the field of cryptography.
    Rui
    -------
    R4

  15. #15
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Pittsford,NY
    Posts
    874
    Thanks
    517
    Thanked 35 Times in 27 Posts
    I hope this is not off-topic, but I thought I'd post what I, a retired non-techie, do vis a vis a password manager etc.

    I happen to use LastPass, but the principles are the same I believe:
    I have a master password for LastPass.
    All my sites that use a password are encrypted in Steganos Locknote.
    I use LastPass to "remember" the sites I want to log-on to automatically.
    For the other, I look them up in Locknote and copy the unencrypted password as neccessary.

    I keep a copy of everything that is in Locknote (copied to a Word document, in the clear) that I keep in my bank safe deposit box.

    That way, if I pass, my wife and/or 2 kids (none of whom is very technical) can "take care of business."

    Still here, and gaining much useful information here at WindowsSecrets.

    Best,
    Dick

    PS,
    Periodically I run the "security check" that LastPass offers; and I make sure that I have no duplicate passwords, and they are all "strong."

  16. The Following User Says Thank You to Dick-Y For This Useful Post:

    glendad (2014-11-07)

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •