Main Area and Open Discussion > General Software Discussion

roboform2go or sticky password?

<< < (15/15)

Armando:
Hi There is a major security flaw in Roboform as it does not encrypt your passwords in the default folder while in use ,that means if you are hacked it is easy read , I personally was shocked to note this when told by another user …so I strongly recommend you dont use it for important passwords eg bank accounts ….after emailing roboform the agree that is the way it is and until they fix it I wouldn't use it again . I was a great believer in it until I was shown this flaw
-whippy (April 29, 2008, 07:10 PM)
--- End quote ---

Is there a link to a site where that flaw is described? Or is it just private stuff? Thanks.

Perry Mowbray:
All encrypted here in both versions. I just tested a fresh install in a virtual machine and it is the same there as well. Both sets encrypted.
-Josh (May 02, 2008, 06:01 AM)
--- End quote ---

Thanks Josh: I was going to test the portable version but I left my USB Drive at work  :-[

As Carol said: it's what I would have expected  :Thmbsup:

whippy:
Depends how you use it and I am talking about the Robo Pro paid version I bought . And it only happens when one uses it to log in , there is a time lapse whereby all your encrypted files in the actual data base storage are unencrypted even tho it shows them everywhere else being encrypted .

Carol Haynes:
That is by design and is user configurable. If you have a global password in RoboForm you can set the number of minutes you allow before you have to enter it repeatedly. If you want to enter a password every time just set the time to 0. Rather defeats the point of the program but it does mean that no one can ever use your passwords without the global password - even if you leave you USB stick plugged in and unattended.

Navigation

[0] Message Index

[*] Previous page