RoboForm is a highly polished and comprehensive password manager that, despite being closed source (but end-to-end encrypted), manages to impress.
- Country US
The primary personal RoboForm product is RoboForm Everywhere, Their cheapest plan costs $1.99 per month, which is billed annually. This plan provides an individual with full access to all RoboForm’s core features. A family plan extends the Everywhere plan to cover up to five people.
RoboForm also offers a free plan. This lacks the online backup, share logins, and some support features. Its main limitation, though, is that it does not support syncing across devices.
This is quite a big limitation, but the fact that RoboForm imposes no time limit or restriction on the number of passwords which can be stored makes it a perfectly functional free password manager for those who mainly only use a single device.
What is not mentioned on the website is that if you sign-up to RoboForm Free, you will be upgraded to RoboForm Everywhere free for 30 days. Payment is by card (including Amex), PayPal or USD paper check or money order.
In addition to the personal plans, RoboForm offers business plans. At the heart of these are a centralized management console for deploying passwords among team members, managing permissions, and such like. This review, however, focuses on the personal Everywhere plan.
Features (RoboForm Everywhere)
- Client-side (e2ee) encryption
- Cross-platform syncing
- Browser integration
- Fill passwords in applications
- Online backup
- Share logins securely
- Identities/form filling
- 2FA support
RoboForm is available with full functionality for Windows, macOS, Android and iOS/iPadOS. There is even an Apple Watch app, although we haven’t tried it.
Linux and ChromeOS users can use special versions of the browser add-ons, but don’t have access to the Security Center. Of course, owners of newer Chromebooks also have the option to use the Android app.
In addition to all this, passwords, notes, contacts, and anything else stored in your RoboForm account can be accessed via a web console on any platform that supports a web browser.
In Windows, RoboForm integrates with the Firefox, Chrome and Edge browsers, providing a toolbar for accessing all RoboForm’s functions.
In Windowed mode this toolbar sits conveniently out of the way below the browser window, but in full-screen mode it takes up some space at the bottom of the browser.
It’s a matter of personal preference, but we find this a little intrusive. Fortunately, you can disable the toolbar, and the regular browser add-ons provide all the functionality of the toolbar while staying unobtrusively out of the way when not in use.
In macOS, RoboForm just uses regular browser add-ons for Firefox and Chrome. It also offers an add-on for Safari, which sits discreetly in the macOS menu bar.
Most of RoboForm’s core functions are available from the toolbar and browser add-ons. This includes a secure password generator which can be tailored to create passwords for sites with strict requirements.
We discuss mobile browser integration later in this review.
Free customers can backup their databases locally, but Everywhere users also get automatic online backup.
There is nothing, however to stop free users from auto-backing up their RoboForm containers to their Dropbox folder...
Share and Send logins securely
A much-publicized feature is the ability to easily and securely share logins with other RoboForm users. If the recipient is not a RoboForm user then they will receive an email inviting them to join (a free account is fine for receiving emails).
If you Sync a login it will be synced to recipients if you change it, and access can be revoked at any time. Alternatively, you can choose to Send a login, after which it is no longer under your control.
Bookmarks, Safenotes, and Contacts
In addition to logins, RoboForm can store and sync bookmarks, stand-alone “Safenotes”, and contacts across platforms and browsers. Notes can also be attached to logins and most other types of entry.
Identities is a web form autofill feature with all sorts of useful templates, such as personal details, address, bank details and car details. As its name suggests, you can setup as many “identities” or personas as you like for this in order to autofill forms in different ways.
Privacy and security
RoboForm is developed by US company Siber Systems. Thanks to the shocking levels pervasive mass surveillance performed on customers of US technology companies (US and non-US citizens alike, as exposed by ex-NSA whistleblower Edward Snowden), we generally recommend against using US companies if privacy is high concern.
End-to-end encryption (e2ee)
In theory, jurisdiction shouldn’t matter too much because all passwords and other data is encrypted and decrypted client-side only. In other words, it never leaves your devices unencrypted. So without your password it is useless, even should the NSA get its mitts on it!
The only fly in the ointment is that all RoboForm software uses proprietary closed source code. This means we just have to trust Siber Systems that its software is secure and everything is on the level.
There is no particular reason not to trust it, except that a general distrust of US (or any, for that matter) tech companies is healthy.
As already noted, your passwords and other data stored in RoboForm containers is securely end-to-end encrypted so only you (and those you chose to share them with) can access them. They may be stored on Siber Systems servers, but Siber Systems cannot access them.
It does, however, keep various logs relating to volunteered customer data and payment details. In addition to this, the following are kept:
“Unique ID (GUID), Computer ID (generated via one-way function from some of the computer attributes), Disk ID (generated via one-way function from Disk ID of a system disk) for license activation and periodic license check.”
So Siber Systems definitely knows quite a lot about its customers. If you are after anonymous password management then RoboForm is not for you. But given that it cannot actually see your passwords we don’t think the data Siber Systems logs is really much of a privacy concern for most people
Much like KeePass .kbdx files, RoboForm keeps all your data in a self-contained container. This means that no matter where the container is placed, it remains securely encrypted.
Each container is encrypted using AES-256. Keys are encrypted using PBKDF2 iterated 4000 times, with an SHA-256 hash function and long random salt (32-byte). Transfers to the RoboForm Server are secured using HTTPS.
Data is shared using public-key cryptography, where users’ public keys are stored and synchronized on the RoboForm Server so that other users can send them logins or folders using their own private keys.
A white paper explaining tall RoboForm’s cryptography practices is available here.
Two-factor authentication (2FA)
If you wish to secure your data with more than just a master password, then RoboForm supports two-factor authentication via a one-time password (OTP). This can be sent by email, SMS, or Google Authenticator (by far the most secure option, although authenticator alternatives such open source andOTP should also work).
The RoboForm website provides a huge amount of professionally presented information. At the heart of this is an exhaustive online manual which details all RoboForm's features, and is tailored to every fully supported platform.
In addition to this, there is an extensive Help Center featuring a very large number of articles covering pretty much every subject we could think of.
If you still need help, then form-based email support is available to all users 24/7365. Everywhere customers receive priority online support and Live Chat support during EST office hours.
Ease of use
You can import passwords from Chrome, Firefox, the iCloud keychain, and from most password managers via exported CSV file. Bookmarks only can be imported from Safari. Passwords can be exported as a CSV file.
Windows & macOS
As we have already seen, most RoboForm functions can be accessed from the browser toolbar and/or browser add-ons. The beating heart of RoboForm on the desktop, however (except for Linux machines), is the Security Center.
From here you can fully access all features and functions of RoboForm.
Android and iOS/iPadOS
The Android and iPhone apps are basically identical to each other, with the iPad app having only minor modifications to cater to its larger form factor. The apps can be secured by a PIN code and/or fingerprint unlock, sync with all other devices connected to your account, and provide full access to all RoboForm’s features.
If you select login from within the app it will open in the built-in browser (see below).
An interesting mobile-specific feature is the ability to pin favorite items (such as logins) to the Start page.
Mobile browser and OS integration
RoboForm integrates with the Android 8+ Autofill Framework Service and the iOS 12+ Authentication Services framework for seamless autofill on newer devices in most browsers and many apps.
Alternatively, and particularly useful for users of older devices, a dedicated browser within the RoboForm app comes with built-in autofill functionality.
RoboForm is a comprehensive, stylish, and highly polished product that brings everything (including the kitchen sink) to the password manager table.
It also uses strong end-to-end encryption and seamlessly syncs across all your devices, requiring no additional input other than installing the software in the first place.
It's not free, but the pricing is very reasonable. Our only real concern is that it is a closed source commercial product, so if state-level actors are part of your threat model then you may wish to look at open-source KeePass or Bitwarden instead.
But if being closed source doesn’t worry you, then RoboForm comes highly recommended.