Password Manager Paranoia?
Since I'm mentioning my love of the RoboForm password manager again, I thought I'd take a moment and talk about why I don't use a couple of free alternatives. I don't pretend to be the world's leading expert on password security. I do have over 100 passwords I keep track of and I some strong opinions about the most convenient way to manage them.
Each time I mention RoboForm I usually get several emails from people asking why I don't use the password manager in Firefox or the extremely popular password manager LastPass. Both are free, both use encryption, so why aren't either of them good enough for me?
Firefox has a solid password manager. I like it in situations where you have less than 20 online passwords to keep track of. I hit a point where I felt like there were too many situations where the Firefox password manager simply didn't work effectively for my needs. If you use Firefox as your password manager and are happy with it, keep using it! The one thing you should do is set a master password to protect all your Firefox passwords. Not because someone might discover them, but because they aren't protected with any kind of encryption if you don't set a master password. If your computer is ever compromised, by a virus or a person, not using the Firefox master password feature means anyone or any software can read your Firefox passwords. The
LastPass is a tougher one for me to defend against. It has features very similar to RoboForm. LastPass works great. LastPass is free! And if you use their online password synchronization feature, you can access your passwords from Mac OS X, Windows, or Linux. Many people I respect use LastPass. The one thing I don't trust about LastPass is the thing that makes it great - online synchronization. I don't like the idea of storing my bank password on someone else's server. The data is encrypted on the LastPass server, so in theory it's safe, but my credit card account is also supposed to be encrypted and that hasn't prevented employee theft issues being reported at several banking institutions. The human wildcard of someone possibly accessing and using my data makes the convenience of LastPass to risky in my book. Paranoid? Maybe. For the record, I won't use the new online version of RoboForm for the same reason.
For the time being, I'm sticking with RoboForm, storing data on a local drive I keep in my possession at all times.