Siber Systems RoboForm Enterprise v7

Price: From $59.95 per user (volume discounts available)
Pros:  Improves password security through ease-of-use, policy control, and safe storage
Cons: No centralized audit or reporting, enterprise upgrades not yet finished

Nobody loves passwords. End users despise draconian rules that force them to define dozens of passwords. Compliance officers lose sleep over unsafe practices often used to remember passwords. Even with self-reset portals, help desks still devote far too much time to passwords. And yet, freely-defined, universally-supported passwords continue to dominate authentication.

In its Guide to Enterprise Password Management (SP800-118), NIST discusses how to mitigate password challenges, including single-sign-on, password synchronization, and local password management. While local password managers can quickly reduce the values that each user must recall, those user-installed programs can still be vulnerable to endpoint compromise, improper use, and human error.

To help IT departments deploy local password management in a safely-controlled fashion, Siber Systems has combined its consumer password manager – RoboForm – with centralized policy definition and backup/recovery. Here, we review the result: RoboForm Enterprise.

Saving passwords safely

Consumer password managers are plentiful – basic utilities are even free or embedded in browsers. The premise is simple: one robust but easily-recalled password locks an encrypted storage area ("safe") containing all of the other credentials that one individual needs for Web/application authentication. In this way, long/complex passwords can be easily defined and employed by the safe's owner, but hidden from prying eyes or disk-scouring malware.

Over the years, password managers have gotten easier to use – for example, binding passwords to associated Website URLs, auto-opening login pages, and auto-filling forms with saved values. Most managers can now save other data as well, such as credit card and bank account numbers, and incorporate freeform notes (e.g., secret questions/answers).

RoboForm can do these things – and more. Unlike Internet Explorer or Firefox utilities, RoboForm can auto-save/fill passwords using both browsers and many other Windows applications. Specifically, RoboForm can auto-fill HTML and Basic Authentication forms, including multi-step logins used by financial providers. However, Java and Flash forms must be filled manually (via copy/paste). Users with MacOS and Linux hosts are out of luck, but those with smartphones will find there are simplified, free RoboForm apps for most mobile OS's.

RoboForm associates each configured or auto-saved username/password (Passcard) with a defined Identity that can be used to auto-fill forms with addresses, phone numbers, titles, account numbers, etc. RoboForm even supports multiple Identities to easily differentiate between household accounts held by several family members or personal vs. business accounts. Finally, every Identity and Passcard is bound to a defined Profile, creating a one-click toggle between "Home" vs. "Work" or "Admin" vs. "User" or any desired grouping.

Under the covers, RoboForm safely stores each Passcard, Identity, and Safenote (freeform text) as a separate file, encrypted with your choice of 256-bit AES, Blowfish, RC6, 3DES, or DES. All files are written to a configurable folder, typically on a local hard drive, but possibly on a USB stick or network store. Once encrypted, those Passcards, Identities, and Safenotes can only be decrypted if and when a corresponding "master password" is supplied.

RoboForm Screen Shot 1

Keys to the kingdom

Whether using a local password manager, such as RoboForm, or a single-sign-on (SSO) server, there is always risk associated with storing many credentials in one consolidated location. Specifically, security hinges upon master password strength and confidentiality. If a user configures an easily-guessed master password, shares it with a friend, or types it on a host infected with a keystroke logger, there go the "keys to the kingdom."

With SSO, the stakes are raised by storing and maintaining an entire organization's credentials at a central server. A local manager like RoboForm reduces that risk by distributing password maintenance and storage. If the RoboForm files saved on one user's PC were ever compromised or corrupted, only that user's credentials would be jeopardized. However, a fully-distributed approach also means there's no single server to enforce password strength, track password updates, or provide hardened password storage.

To clear that first hurdle, RoboForm Enterprise combines RoboForm with a Policy Editor that administrators can use to specify dozens of program settings, including several that promote master password strength and confidentiality. For example, the Policy Editor can:

  • Set minimum master password length, upper/lower case, and digit requirements.
  • Stop end-users from removing their master password (unprotecting data).
  • Stop end-users from changing their own master password.
  • Back up master passwords (in encrypted form) in a specified recovery folder.
  • Set an auto-logoff period after which the master password must be reentered.

Noticeably missing from RoboForm are stateful policies, like the ability to require periodic master password updates or to prevent similar password reuse. In other words, the Policy Editor can establish and update policies, but it cannot monitor or audit deployed policies.

We tested the "enterprise beta" version of RoboForm, which included three newly-introduced master password alternatives:

  • UPEK-based fingerprint readers: This prevents master password sharing by using fingerprints to unlock RoboForm. We did not have compatible hardware to test this.
  • Dual Passwords: This prevents application password disclosure by letting admins create Passcards that others can use for login (by supplying their own master password), but not view or edit. We needed Siber Systems help to even try this subtle, not-yet-documented, but very promising addition.
  • Windows Login: This eliminates RoboForm master password entry by substituting Windows authentication. When a Windows user logs into her PC, her master password is auto-cached, unlocking RoboForm (at least until auto-logoff occurs). This alternative operates so transparently that we didn't even notice it at first.

These new alternatives make RoboForm more business-friendly. For example, combining Dual Passwords and Windows Logins let IT define Passcards that can only be applied when employees are logged into the company domain, and thus auto-revoked if an employee's Windows account is ever disabled. However, we found these to be works-in-progress, largely absent from manuals, FAQs, or the Policy Editor. Presumably those omissions will be rectified before the beta is done.

Next page: Taking control