Is the Roboform Master Password only for internal protection?

Discussion in 'other software & services' started by connect4, Dec 10, 2009.

Thread Status:
Not open for further replies.
  1. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    Example:

    Let's say someone has access to your computer and they open up Firefox. If you don't have a Roboform Master Password then this person can access and log into all your accounts via Roboform.

    Now obviously, the Roboform Master Password is to protect yourself from that type of "internal" security.

    The question is, assuming that you have "internal" securities in place and that nobody can access your computer,


    Would you still need to create a Roboform Master Password against "External Threats?"


    Or would this step be unnecessary? And the Roboform Master Password is only for "internal protection."


    I would really like to turn off my Roboform Master Password so each time I restart my computer I don't have to enter in the password each time (Since I already use Truecrypt and system encryption.)
     
  2. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    You are proposing to use no password for signing in and, therefore, have no password attached to each of your passcards, notes etc.

    If someone gets access to your computer and copies your "My Roboform Data", they would then have complete access to your sign-on/password information for all sites.

    I would never take that chance.
     
  3. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101
    LenC, I am fully aware of Internal Threats from no password protection, as you have mentioned. As I have mentioned, I use Truecrypt encryption so that is not an issue for me.

    I am asking about Roboform Password protection whether it is necessary in regards to "External Protection."
     
  4. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    Not sure what you mean by "external protection"
     
  5. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    I assume that the master password is used as key for encryption of the Roboform database.
    If you feel that Truecrypt is offering enough security, then the question remains: how do you backup your Roboform database? Do you backup the complete Truecrypt storage, or do you backup the (unencrypted) files inside the storage?
     
  6. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101

    Well yes, I would obviously not backup any data / information that is sensitive like Roboform database in its unencrypted form. That part is relatively easy to figure out. But "external protection" is the question....





    What I mean by external protection is any form of outside threats. For example, If my Roboform Data was protected by a "Master Password", than any malicious software / Malware / Spyware running inside my sandboxed browser would not be able to access my Roboform database without the Master Password. (I am only talking about possible Malware running inside my sandboxed web browser since active Malware on your system means that your system / information is already compromised)



    Now first of all, is this even a real threat?

    If my Roboform Data was not protected by a Master Password, could this Malware / Spyware access my Roboform Database contents?


    And If this were possible, would having a Master Password protect against this threat? Or help at all in this situation?
     
    Last edited: Dec 10, 2009
  7. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    If an external malware/spyware program could access a file on your computer, then presumably it could also access your Roboform data if it is in a mounted truecrypt container. If your data (RFP, RFN files etc.) are not encrypted by Roboform, it seems to me the bad guy could then read your login/password information for your various websites from those files.
     
  8. connect4

    connect4 Registered Member

    Joined:
    May 20, 2008
    Posts:
    101

    So basically even if nobody has physical access to your computer, you should keep a Roboform Master Password to keep away from External Threats such as Malware and the like.

    This was my assumption, but I did not know if this was a real threat and wondered if keeping a Roboform Master Password for this sole purpose would be necessary.


    If someone knows that this threat is purely theoretical and it is not necessary to keep a Roboform Master Password for this reason, please let us know.

    In the meantime, I guess I will keep my Roboform Master Password for now....
     
Loading...
Thread Status:
Not open for further replies.