Here’s what I use
Getting right to the point, for the last 5 years I’ve used RoboForm Desktop as my password manager.
RoboForm has a “Desktop” version (where passwords are only stored on your computer) and an “Everywhere” (passwords sync’d to the cloud) option. I recommend only using the Desktop version (see below).
Here’s why I use it
One of the best things you can do is use a different password for every website account. Why? If (or when) a site has data breach, you won’t have to go into a panic trying to remember where else your password was used. You’ve effectively limited the scope of damage to that single site!
If you had one password for everything, you’d have to work very hard changing passwords everywhere, and chances are a less frequently used site would be forgotten leaving it exposed to a malicious individual.
However, there’s no way I’d want to copy/paste passwords — I need it to be FAST and that’s why I love the form filling feature of a password manager. With one click it can fill in the login details and that’s it. Now my passwords are long, random, unique, and securely stored on my own machine.
Password Manager Comparison
|Store passwords on local PC||Yes||Yes||No|
|Store passwords in cloud||Yes||No||Yes|
|Automatic form filling||Yes||No||Yes|
I’m not a fan of storing sensitive info on remote servers (i.e., “in the cloud”) and passwords definitely fall within this realm. Just look at a few data breaches in 2015:
- US OPM
- IRS (334,000 records)
- Experian (15 million SSNs, customer data)
- Home Depot (53 million credit card and email addresses)
- LastPass (encrypted “user vault” data)
That last one (LastPass) is a perfect example of why I say “No!” to storing passwords on remote servers. Encrypted passwords belong on my own machine, and that’s a major factor why I picked RoboForm.
Being in the IT industry I understand that security is hard, costs a fortune, and mistakes are made. Even if a company does everything perfectly, new security vulnerabilities are coming out daily and while we can fight against this trend we should also plan around internet security just being broken.
Here’s how to use it
After installing RoboForm, start by doing these 3 things:
Create a fake “identity”
Some websites ask, but have no need to collect personal information. Think of social media, forums, and similar sites that will never have a legitimate need for your address. Since you’re forced to enter in something, why not just submit your fake identity?
- Head over to Fake Name Generator and pick a fake profile
- Next, go to Roboform > Identities > New
- Enter in your fake details and Save
You will want to use a valid email address, however you can easily get a temporary one through mailinator.com. Just enter any random email address
@mailinator.com and you’ll be able to check it when those registration confirmation emails come in.
Create a real “identity”
Great! You’ve got the hang of it now since creating your first profile. Our second profile will contain real info and used for billing & shipping forms, etc.
Use the same process as above, but enter in your real information.
Create your first “passcard”
The best way to create a passcard is to head over to the website, login, and notice a RoboForm save prompt shows in your browser. Just click Save.
Next time you need to login, just click the Login button (it will automatically show the correct one based on web address)
Primary machines get a full copy of RoboForm Desktop ($30 for the first license, $10 for subsequent licenses)
Ancillary machines (HTPC, family computer, test virtual machines) get RoboForm Desktop free version — I’m rarely storing more than 10 logins so that limit isn’t an issue.
It’s safer to turn off your browser’s prompts to save various passwords and use RoboForm exclusively for password management.
Anyway, give it a try and see what you think.