back to article You CAN'T bust into our login app's password vault, insists Roboform

Password management company RoboForm has tweaked how the mobile version of its password manager works in response to criticism by a security expert. Yet the firm rejects further criticisms that its technology might easily be circumvented. IT security contractor Paul Moore discovered a pair of what he argues are potentially …

  1. Steve Knox

    Low Standards

    While it's feasibly possible, it's very unlikely that the average person finding a phone with RoboForm installed could execute the precise steps needed to do what Mr. Moore is doing with the emulator.

    Well, if that's the standard, then RoboForm's app is completely uselsss.

    If defeating "the average person" is all you want to do, just put a suitably complex unlock code on your phone and store your other passwords in a text file; no need to download an app.

    If you want to secure your passwords from more than "the average person", I'd recommend anything but RoboForm, as their spokesman has just confirmed their standards don't extend that far.

  2. Novex

    Cloud = No

    It's just as well then that I didn't install the Android app after I recently purchased a Moto G. I realised they were asking us to put our encrypted passwords on their cloud server, in full breach of Rule 1 of passwords: never give them to anyone else (even if they're encrypted). It seems I was right to doubt the app as it potentially could be leaking the master password to them, meaning, even if they didn't have a back door built into the encryption (which I hope they don't) they certainly seem to have one 'by accident'.

    I like Roboform as an application on my PC / USB stick where I control the data, but I do NOT like their Roboform Everywhere shit.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cloud = No

      Err, you still use Roboform on other devices after reading this ...?

      1. Novex

        Re: Cloud = No

        I am looking for something else, but I need an alternative that fulfills at least the following:

        1. Is straightforward to use both as a browser filler and an independent password store;

        2. Has all of Desktop (Windows), USB Stick (Windows) and Smartphone (Android) variants;

        3. Doesn't require cloud for sync between PC/USB and Android;

        4. Is verifiably secure;

        5. Can be trusted.

        It doesn't have to be free, but shouldn't be ridiculously expensive either.

        Edit: I tried Keepass, and passed on it. While the local database seemed to be OK (though the import from Roboform was poor), I couldn't find a Firefox add-in that worked satisfactorily at filling in the login forms.

        1. No. Really!?

          Re: Cloud = No

          Have you tried 1Password? Would it fit your needs?

          It has a lot of features and OSs covered - though it's not cheap (but is frequently on sale)

          1. Novex

            Re: Cloud = No

            I think that 1Password looks like it might be a suitable option and I'll get round to evaluating it in the coming days. Thanks to you (and others) for this suggestion.

        2. AlexV

          Re: Cloud = No

          I'd suggest you take another look at KeePass. It meets your requirements, and if you use it's AutoType functionality instead of a browser add-in you'll probably be much happier with it. It's a conceptual shift from the browser(add-in) requesting data from the database to instead having KeePass itself typing the data into the form as if by keystrokes. You as the user have to initiate the action with a system-wide hotkey, the browser can't just fetch what it wants out of the database when it wants it.

          I would, however, recommend installing the WebAutoType KeePass plugin (disclosure: I maintain it) so that KeePass can find entries matching agains the URL of the page you are looking at, not just the title.

          1. Rimpel

            Re: Cloud = No

            I don't know when you last tried a firefox add in for keepass but keefox works very well imo, It can fill in login fields, detect when you are logging in/registering to a new site and offer to save the password in keepass, and generate new passwords to the clipboard.

  3. jubtastic1

    Sloppy coding

    It looks like the app doesn't check whether the pin hash exists so a 'pin is correct' test fails and unbelievably, it defaults to true.

  4. RamblingRant

    @Steve Knox

    Agree 100%.


    I use 1Password and at the moment, I wouldn't touch anything else. Dashlane is a close second, but it's not mature or well-rounded enough just yet. LastPass is pretty good too, although their bookmarklets are insecure and I personally don't like auth/decryption being handled in the same location as the data (the portal). There's nothing particularly wrong with that method, I just prefer most of the process being handled offline while still leveraging the benefits of cloud sync.

    Re #4 (verifiably secure) - You're never going find anything which is absolutely and conclusively "secure", what matters is security in response to risk. This is where 1Password shines. The design and implementation are measured responses by experts to whom the word "security" means more than wrapping text in AES. There are "risks" with 1Password, I actually demo'd them before I purchased it (see blog under "Forgot your password? You're doing it wrong") but when you quiz AgileBits (makers of 1Password) they respond honestly and transparently. Trust is everything in this industry. Try the 30 day trial, ask AgileBits the same questions I asked of SiberSystems... compare the responses.

    Re #5 (Trust) - This is difficult. If you're going to use a PW manager, you have to trust someone. I'm a firm believer in Kerckhoff's principle which (paraphrasing) says a system should remain secure when everything about it is known to everyone, other than the key. If a company will not openly discuss the way they protect your data, walk away. It doesn't necessarily mean it's inherently insecure, but it could be an indication that they haven't quite grasped the concept fully. If you spot something, no matter how trivial... ask questions. If something doesn't make sense (for example when "we never get the key" suddenly becomes "we get the key, but we don't keep it"), seek advice or walk away. Most importantly, look for security reviews... not just reviews. What prompted the early release of this blog was a tweet by TechRepublic (see bottom of article) which said "Roboform is enterprise-worthy". Trouble is, it was a comment by a respected journalist... so convincing users otherwise is difficult.


    You're pretty much right. It doesn't so much default to true... it simply checks if the param exists and loads the PIN entry screen. If it doesn't exist, it loads the app as normal.

    1. Novex

      As per my reply above, I'm going to look into 1Password as an alternative. Thank you for the suggestion.

  5. Mitoo Bobsworth

    Roboform not 'on form'

    Something not quite right with their overly defensive P.R. response, despite proof of execution. A more trust inducing way would have been holding their tongues, verifying the exploit, correcting it post-haste and, oh I dunno, THANKING THE GUY for pointing out a critical flaw.

    1. Anonymous Coward
      Anonymous Coward

      Re: Roboform not 'on form'

      My thoughts exactly. When you wheel out "Security is very important to us and we take all allegations seriously," as a first response from the marketing guy, its all going to go downhill from there.

      1. teebie

        Re: Roboform not 'on form'

        "We are investigating the report, and will issue a statement when our tecnhical staff have fully evaluated it. In the meantime, to avoid embarrassment, we have distracted our VP of marketing and business development with a number of shiny objects, hidden his PC and changed his twitter password"

  6. Anonymous Coward
    Anonymous Coward

    These are not the roboforms you are looking for

    You can go about your business...

  7. Takfly

    One can only assume that they thought he was using an emulator due to the "emulated" folder in the list of available storage media.. if that's the case then there is huge concern that a company in the business of generating mobile security related software doesn't understand the basics of the Android operating system.

  8. Zot

    I use FTP to store stuff on the Internet

    I use a complex FTP password and WinRAR encrypt anything associated with my business and upload that as just one backup scenario.

    Is that a bad idea? I'm genuinely asking, as you guys are the best crowd to ask, and I don't trust businesses running cloud services. It seems they run school-locker security levels, and just stand around in suits gathering money for the service.

    1. RamblingRant

      Re: I use FTP to store stuff on the Internet

      WinRAR encrypt isn't particularly strong, and using FTP regardless of password size is insecure because passwords and data are transmitted insecurely (plain text). Use SFTP instead, if supported.

  9. Anonymous Coward
    Anonymous Coward

    useful alternatives to the usual - gpg4usb or locknote

    A handy alternative, portable and flexible, is to use an encrypted text file and whatever format you want. I hate having to split my hundreds of credentials into URL, username, password, notes, PINs, etc, they simply don't all break down that nicely leading to a bit of messy shoehorning.

    LockNote - - Windows only, open source but no longer developed, may now have bugs, self-modifying .exe, very simple, portable and quick to use.

    gpg4usb - - Windows and Linux, Mac shortly, a memory based text editor with gpg support built in, portable, simple to use. Create a keypair for storing passwords. Enter details into the text editor, these are only in memory until you click save. Simply encrypt to the key and then click save, you now have your passwords securely stored. To review/edit load the file and supply the password for the key in the usual manner, the decrypted file is only in memory, not cached anywhere, you can then edit or discard once you have the info you need from it. Separate the private key from the rest of the setup if you want something even more controllable or else keep them together and use a decent key password and treat it all as a black box password manager.

    1. RamblingRant

      Re: useful alternatives to the usual - gpg4usb or locknote

      Sorry DMDeck16, but that's a really bad idea... and probably not for the reasons you'd think.

      Your data is most at risk when in plain format... for example, when you need to sign in somewhere. The associated strengths of LockNote/GPG4USB or indeed any app you choose pale into insignificance as soon as you've decrypted your data.

      Although all password managers use different storage techniques (passcards, databases, keychains et al), they all share something in common... they store each record separately.

      By keeping all records in a single text file, you're encrypting & decrypting masses of data which for 99% of the time, you don't need. For instance, logging in to Facebook via Roboform decrypts only the credentials required for Facebook. Putting the rest of your credentials in memory only increases the risk.

      If you go down the route of "store each LockNote/GPG4USB file separately", you're basically creating your own password manager. Trust me, the chances of you doing a better job than (for example) 1Password are slim to nothing. That's not a slight at you personally either... but good password management is about more than applying AES to everything in sight.

  10. Anonymous Coward
    Anonymous Coward

    RamblingRant, I disagree. The risk profile of your data rises and falls continuously throughout its lifecycle. Being "in plain format" is but one of many points on that line. The data could be most at risk when it was created because an admin watched you do it, when you enter it because you have malware, because the organisation you're creating a login for has abysmal security, or, in this case, because you're using Roboform on Android and a serious vulnerability has been discovered.

    I only access this data on computers that I control because that is the scenario I have addressed for me. Your attack scenario therefore supposes that a computer that I control has malicious software running which specifically thwarts address randomisation and slurps plain text data at the precise moment that I am reading or editing my credentials. I can tell you that the chance of that is zero. This is my solution, my implementation and my risk analysis of my situation. There is no general case.

    Everyone has to make their own security assessment and be realistic about it. If you're accessing logins via a password manager on third-party computers you've got a whole raft of other concerns above this to worry about. If you're using them in the same way I do then the likes of gpg4usb or locknote have their place as very useful tools.

    I am also not convinced that all password managers do store records separately. It's a bold claim and likely overstated anyway - as the Roboform example shows implementation flaws trump architectural flaws.

    1. RamblingRant

      Some great points and without wishing to argue, let me put your "that'll never happen" comment under scrutiny.

      Have you considered your source of IV, MAC protection, block algorithm, memory dump mitigation?

      You don't need a piece of malware written specifically to thwart your defences... it's often the seemingly minor things which catch you out.

      For example, what happens if your PC crashes while your data is in memory? All those lovely creds along with a detailed trace are almost certainly written to your drive. Now you have to find where they are and safely destroy them. You can't control every aspect of even your own environment... it's one of the reasons "roll your own" attempts fail.

      I'm not saying you're wrong, just that it's a bad idea in general. If it works for you and you're mindful if the risks, you're still safer than most.

      Security is always excessive until it's not enough. There has never been a valid "that'll never happen" or "chances are zero" argument... and there never will be.

  11. Anonymous Coward
    Anonymous Coward

    Yes I agree with you generally it's a good idea to mitigate those risks, and a well designed password manager can help but the key is usually in the implementation of not only the tool itself but the way in which the person uses it. The problem is who defines what is a well designed password manager? None of the users are in a position to test the claims made, and even open source solutions are opaque to 99.9% of pepple (Heartbleed shows even the 0.1% can be oblivious to serious vulnerabilities).

    I actually use STRIP - - as a secondary copy, that has the advantage of being cross-platform and mobile. It's been going years so has had plenty of chance to understand implementation. On their page you can see it was independently tested and found to be the only one which did things right, with the other ones often suffering from crap implementation bugs such as the Roboform one. In one case the data was stored in plaintext on the device and the PIN entry was just fluff. I like the fact it syncs over my network, not the cloud (although that is an option).

    In my case using gpg4usb it's done on the machine I control which is also encrypted with most stuff removed, crashdumps disabled and free of malware. It works for me but your points are valid, if I was take this to another machine the combination of keyfile and password makes it a bit more secure than a password but a crash could drop a dump with some passwords onto the machine.

    In light of that I think I will revert to STRIP as the primary repository and use LockNote as a static backup in case the STRIP database ever gets damaged. I'll also contact the dev and find out how it keeps data in memory when in use and whether it's a record by record decryption as viewed.


  12. Anonymous Coward
    Anonymous Coward

    Non-cloud version is fatally flawed too

    They're using 40-bit DES which makes offline cracking of any roboform key a 2-3 day wait.

    Explanation and code samples here:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like