Is the Roboform Master Password only for internal protection?

Example:

Let's say someone has access to your computer and they open up Firefox. If you don't have a Roboform Master Password then this person can access and log into all your accounts via Roboform.

Now obviously, the Roboform Master Password is to protect yourself from that type of "internal" security.

The question is, assuming that you have "internal" securities in place and that nobody can access your computer,


Would you still need to create a Roboform Master Password against "External Threats?"


Or would this step be unnecessary? And the Roboform Master Password is only for "internal protection."


I would really like to turn off my Roboform Master Password so each time I restart my computer I don't have to enter in the password each time (Since I already use Truecrypt and system encryption.)

 

You are proposing to use no password for signing in and, therefore, have no password attached to each of your passcards, notes etc.

If someone gets access to your computer and copies your "My Roboform Data", they would then have complete access to your sign-on/password information for all sites.

I would never take that chance.

 

LenC, I am fully aware of Internal Threats from no password protection, as you have mentioned. As I have mentioned, I use Truecrypt encryption so that is not an issue for me.

I am asking about Roboform Password protection whether it is necessary in regards to "External Protection."

 

Not sure what you mean by "external protection"

 

I assume that the master password is used as key for encryption of the Roboform database.
If you feel that Truecrypt is offering enough security, then the question remains: how do you backup your Roboform database? Do you backup the complete Truecrypt storage, or do you backup the (unencrypted) files inside the storage?

 

Well yes, I would obviously not backup any data / information that is sensitive like Roboform database in its unencrypted form. That part is relatively easy to figure out. But "external protection" is the question....

What I mean by external protection is any form of outside threats. For example, If my Roboform Data was protected by a "Master Password", than any malicious software / Malware / Spyware running inside my sandboxed browser would not be able to access my Roboform database without the Master Password. (I am only talking about possible Malware running inside my sandboxed web browser since active Malware on your system means that your system / information is already compromised)



Now first of all, is this even a real threat?

If my Roboform Data was not protected by a Master Password, could this Malware / Spyware access my Roboform Database contents?


And If this were possible, would having a Master Password protect against this threat? Or help at all in this situation?

 

If an external malware/spyware program could access a file on your computer, then presumably it could also access your Roboform data if it is in a mounted truecrypt container. If your data (RFP, RFN files etc.) are not encrypted by Roboform, it seems to me the bad guy could then read your login/password information for your various websites from those files.

 

So basically even if nobody has physical access to your computer, you should keep a Roboform Master Password to keep away from External Threats such as Malware and the like.

This was my assumption, but I did not know if this was a real threat and wondered if keeping a Roboform Master Password for this sole purpose would be necessary.


If someone knows that this threat is purely theoretical and it is not necessary to keep a Roboform Master Password for this reason, please let us know.

In the meantime, I guess I will keep my Roboform Master Password for now....