05 October, 2010

LastPass vs. RoboForm Password Managers

Updated Feb 18, 2011: I've received a few comments from people about the cost to upgrade from RoboForm version 6 to version 7. The issue is that apparently their original purchase was for a lifetime of upgrades. The RoboForm website indicated that any version 6 purchases made after Sep 1, 2010 are eligible for free upgrades to version 7. I don't have my original purchase receipt, so I can't verify the legitimacy of the claim myself. That being said, I cannot imagine a company surviving by charging a 1-time fee of $30. Regardless, the RoboForm product is one of the few products I would pay for again over using any of the current open source solutions available. (BTW: I'm still using version 6, as I have not ran into a situation that requires me to move to version 7.)

I've been a user of RoboForm for nearly 4 years, and its allowed me to have secure and unique passwords for all my websites, while only requiring me to remember one. In January 2007, I wrote a post on how easy it is to use RoboForm, and how much simpler it has made it to manage passwords.

As with any tool, we find their short-comings or flaws, so when something new comes along we try it to see if it works better. I installed LastPass last week, and disabled RoboForm, to see if LastPass could better meet my needs.

Let me give you a comparison of these two products, as they are quite similar in most cases. LastPass and RoboForm both work as a toolbars for Firefox, IE, and Chrome web browsers on Windows, while LastPass also works in Safari and on OS X/Macs and Linux. Both products also offer applets for popular Smart Phones. (While I didn't test LastPass on Safari or Chrome, nor on OS X/Macs and Linux, RoboForm is still new to Chrome and seems a bit buggy.)

They both have automatic form filling (by allowing you to store common used data) and secure notes features. RoboForm and LastPass also provide secure password generators. Both tools also let you organize your passwords through placing them in folders you define. While you'll pay $30 for RoboForm, LastPass is free, which is attractive for new users. RoboForm also charges $10 for each additional license, where again LastPass is free.

So we see both products' features are very similar, their implementations are quite different. For example, while RoboForm stores your passwords in individual encrypted files on your hard drive, LastPass stores all your passwords on their servers. Due to LastPass storing your password files on their computers, you can easily access all of them from any web browser. With RoboForm, you can either copy the individual files to another computer, or you can use their sync function. The sync function is GoodSync product specifically locked down to only work with RoboForm data.

Assuming that both products are secure (which I do), and they both work on your platform, then the most important criteria is usability. Does the product get in the way or enhance your productivity? (I realize I may be somewhat bias'd due to how long I've used RoboForm.)
  • Login to access passwords. The first time you try to access RoboForm, it prompts for your passwords before completing the command. With LastPass, you must click on the login button on the toolbar. If you're not online, you cannot access LastPass passwords.
    Advantage: RoboForm.
  • Password Organization. Because RoboForm is an installed application on your computer, you can drag-and-drop the password files to move them among folders. With LastPass you login to the LastPass site and open each password individually to change its storage location.
    Advantage: RoboForm.
  • Recognizing Password Forms. Both products are designed to work with standard forms and server dialog prompts. I had one instance where LastPass didn't recognize the form to capture/save or fill-out it out. This failure will keep me from adopting it, as I use the website nearly every day. This particular login form was embedded into the page with an iFrame -- RoboForm worked fine. Without this failure, I would likely rate their functionality as tied.
    Advantage: RoboForm.
  • Saving New Passwords. Whenever you login to a new website, RoboForm will prompt you to save the data for future use. If you don't want to save it, you need to click Cancel. LastPass adds a strip below the browser tabs with the ability to save the new data. It also offers the ability to never prompt you again for a given website.
    Advantage: LastPass.
  • Access/Use Passwords.
    • Open a new site and login. I use this function more than any other -- these are my bookmarks. (I bookmark very few other websites except those that require a login.) The default behavior for each product seem to work as advertised, though each are different. When selecting a RoboForm password from the toolbar, it opens and logs you in within the current browser tab. LastPass will open a new tab. I tried changing the default behavior with each (to work like the other), and neither worked as I expected.
      Advantage: Tie.
    • Login to a webpage you open. LastPass will pre-populate the login screen and you just need to click the login button. If there are multiple login credentials that can be used (for example if you have 2 Gmail accounts), a strip appears below the tabs with a button to select a different login. RoboForm does not pre-populate any form it recognizes, but the login button on the toolbar will allow you to select from multiple logins when needed. When selected, RoboForm will complete the form and submit.
      Advantage: Tie (they both require at least one button click).
    • UI. Both toolbars are very similar, though their behavior for long lists are different. If the list of passwords for LastPass exceeds the height of the screen, you must click the up or down arrow to scroll to a password. Roboform starts a new column, eliminating the need to scroll.
      Advantage: RoboForm.
  • Password Sync. This is the feature that got me to look at LastPass. The fact that all the LastPass passwords are stored on their central server means there's no syncing. No matter where you access LastPass, you will always have the same passwords. While the GoodSync product is quite good, the fact that you have to manage passwords across computers makes it inferior.
    Advantage: LastPass.
  • Access Anywhere. As stated previously, because of the central storage of passwords on the LastPass servers, you can access your passwords anywhere -- even without installing the toolbar. RoboForm requires an install, which last time also required a reboot, then followed by having to sync your passwords to the new computer. Your sync password by default is not the same as your login password, so therefore you also need to remember a second password. Additionally, you also need to have an available license to install RoboForm on a new computer.
    Advantage: LastPass.
If you're still with me, you can see each product has its strengths and weaknesses. As I stated previously, due to the fact that LastPass does not recognize the login form for a site I frequent (a business app), I will not switch away from RoboForm. If it weren't for that, I'd probably still be using LastPass to see if I can adapt to the differences and reap the benefit of having access to my passwords anywhere.

15 comments:

w said...

Great review! I have been struggling to go with one and have been comparing both on my PC. I agree that the LP model for accessing anywhere without having to carry a USB is great. To be fair, RB has a similar online version that integrates with browsers like LP (still requiring Goodsync).

I like RB2go as a portable option - LP requires you to use the portable Firefox app and use their tool through the USB - pretty slow. RB2go works just like the PC-installed version.

I found LP a bit unreliable on form-filling as well. RB seems more reliable in doing this task.

LP has a nicer interface.

For those who don't want to store even encrypted passwords on a server, that eliminates LP. But RB does require more effort to make sure passwords are synced if you don't use the Goodsync/server option and have to copy the password file onto a USB or other PC.

I always laugh at the cost aspect. These are your passwords we're talking about-letting a few bucks determine your decision would seem awfully trivial were your banking account got hacked because you chose a solution you didn't believe in (but was free).

So with RB online, I think the "access anywhere" advantage of LP reverts to TIE.

Also, I have had to re-install RB a few times and have NEVER been asked to pay again.

When I tried to find out where LP stored my file (in case I wanted to uninstall it) it was a real pain to find. RB was obvious because I told it where to put it.

Lastly, LP seems a bit overly complex in it's decryption process. They keep your encrypted passwords, but you keep the "key" on your PC. If you're offline, you can access one version of your "vault" as opposed to a different looking version of your vault via the web. And I just can't get past that USB option that requires you to run the add-on from a portable Firefox app.

My conclusion: if you really use the form filling feature (a life saver when filling out credit card data and job applications), I like RB, despite the nominal fee. I also like the portable version better than LP's option.

If you have no issues with your passwords on another server, need to have it free and don't mind the hit or miss form-filling, LP is it.

MJP - MotW said...

Formfilling of Roboform was superb while formfilling with LastPass works only about 10% of the time - german user.

Kristen Emery said...

ChrisdotTodd,
How do you feel about the new fee for upgrading from Roboform Pro version 6 to version 7? I thought I had purchased a lifetime user license over three years ago (see this link - http://goo.gl/efptE)only to find out that I must now pay 29.95 for the desktop version plus $29.95 for Goodsync (this used to be free). These are currently discounted by $10 each for current owners of Roboform Pro - version 6.

Or I can sign up for Roboform Everywhere for $9.95 a year.

I can understand their need to change the terms of the user license - I only ask that they be upfront and honest about it. Pretending that they did not promise lifetime upgrades is going to cost them customers. And I am now switching over to LastPass. Less than total honesty is not a good sign in a company that you must with your passwords.

Michaelk said...

As a long time keepass & roboform I thought I'll give a try but it did not meet my expectations.

roboform & keepass are still unthreatened.

lastpass does not seem to work for networks which do not have internet connectivity (intranet?)

How do you edit/access/modify a password while being offline?

The we have the issue of TRUST.... Since the code is not opensource how do I know that there is no back-door in the cryptography algorithm?

You have to have a lot of faith in trusting a company with all you secret data....

Would you save your login to wikileaks in lastpass? :-))

CL said...

I am still very leery of having my passwords to financial accounts on somebody else's server. That goes both for LastPass and Roboform.

I have been using Windows Live Sync to synchronize my Roboform database between computers. The connection is peer-to-peer, so they aren't stored in the cloud.

The negative aspect of this is that Windows Live Sync is dropping support for XP very soon, which is forcing me to either consider upgrading my PC sooner than I'd like (don't want to put Win7 on a 5 yr old PC) or consider LastPass.

Avi said...

Thanks for your thorough review , Chris.
Re your last 2 comments about keeping Roboform synced on different computers: I've had great results with Dropbox (a superb utility for other things too, IMHO). I just keep my Roboform data folder in my Dropbox, for seamless usage on various different computers.

Any thoughts on whether the upgrade to RF 7 is worthwhile?

CHRISdotTODD said...

I use Dropbox myself, though I hadn't considered it for the synchronizing of passwords as you suggest.

In regards to version 7, I haven't looked at it, as I've been pleased with version 6. I'd be curious to hear what others think.

Chris Todd said...

Here's a short review I had done on Dropbox last April 2010: http://www.chrisdottodd.com/2010/04/share-files-across-computers-across.html.

Darius said...

You should add that to upgrade to Roboform 7 you have to buy it again if you have a older version 6.

thom said...

I've also been angered by RoboForm abrogating their agreement to provide free updates (I'd bought three licenses over the past six years, as well as additional licenses for other RoboForm products), and after upgrading to Firefox 4 I find that RoboForm 6 no longer integrates.

So, since RoboForm 6 no longer meets my needs and I'd have to pay more if I wanted to keep using their product, I'll likely move to LastPass rather than stick with a company that I feel has been duplicitous in dealing with their longtime customers.

Bruce said...

"Assuming that both products are secure" That seems like a bad thing to assume. That should be one of the most important factors to be considered. You know what they say when you assume...

cfc2000 said...

I agree - Roboform has been duplicitous. I also have paid for licences for three computers for R6. If you "upgrade" to FF4 you will need R7 and have to pay all over again. Interesting that some commenters think that 30 dollars is "notional". I don't find myself in that happy financial position. Five times 30 dollars is not notional to me. BTW if you are worried about security, don't use either product, as if your laptop is stolen, it''s relatively easy to decrypt either password manager.

slimshady22248202 said...

Great Review, I Love It! I was searching for something like this since I have both on my computer and then I was hit with the Version 6, Forced upgrade To Version 7 and then you have to pay for the upgrade 29.99 and then the Good Sync Since I paid already and it said lifetime upgrades. I agree with most people this is not a good business practice to promise something and then charge you plus charge you with Good Sync So altogether that is 60.00 and I think I will go with Last Pass for right now. I disagree with this policy of charging you after saying it was a lifetime upgrade!

Michael said...

As a long time user of RoboForm, lets be clear about the costs of upgrades and their upgrade model.

If you paid for version 6 desktop, then there is indeed a cost to upgrade to version 7 desktop. (I never read the EULA from version 6 honestly to see what they meant by 'lifetime upgrades'. After 3 years of free version 6 upgrades, paying to go to 7 didn't bother my much but YMMV.)

The cost to upgrade is NOT the price of a full licnese however. It's $19.95 for the first license, and $9.95 for each additional. (http://www.roboform.com/php/pums/rfprepay.php?lic=upgrade_rf7&upgrade=yes&lang=en)

If you want to use Desktop and sync passwords peer-to-peer you can either buy Goodsync from them (at $29.95) or you can use a variety of other methods as noted like Dropbox or Live Mesh. The Roboform 'database' is a directory saved in you profile that are all file based and therefore easily replicatable. You just don't get the smoothness of the integrated GoodSych.

If you want Lastpass style, cloud based storage, then RoboForm now offers their RoboForm Everywhere for $19.95 a year (currently as of 9/5/11 on sale for $9.95 for the first year). For Everywhere you can download the installer and install the app on unlimited computers, smartphones, etc. for one price. The same files are then synched down to your device (at least your computer anyhow, haven't looked hard at the phone options) just like if you were using the desktop version. They are available for offline use as well.

I moved from v6 to Everywhere when 7 came out of beta and went live. Everywhere picked up all my v6 passcodes and moved them to Everywhere with no mess/no fuss.

Haven't used Lastpass as I'm happy with RB still to this day.

Safe computing.

Michael said...

BTW, they have their EULA on their website at http://www.roboform.com/license

It specifically states in section 2A:

UPGRADE POLICY: minor fixes and upgrades shall be
provided for free to RoboForm Desktop Pro licensee.
However, Customer hereby agrees that major releases of
RoboForm Desktop Pro may be not free and will require payment.
Major release as defined as release where major version number changes.

They might have done a better job of highlighting this on their website somewhere, but you agreed to it when you hit the 'accept' button on the EULA during install.