THE MAGAZINE

RoboForm Enterprise

By John Wagley

Trying to remember strong passwords is almost impossible. For nearly a decade and a half, many consumers have tried to ease this burden with help from the password manager RoboForm. After creating one master password, the application remembers and securely stores all subsequent logins. Users access sites with a single click.

Now, parent company Siber Systems of Fairfax, Virginia, has introduced an enterprise version. The company’s goal is to win marketshare in the business world with the addition of some corporate-friendly features.

The idea is to tap into a growing need as employees seek a way to quickly and securely access a growing number of Web-based company applications. The program also promises to reduce calls to the helpdesk, which would cut labor costs.

RoboForm has a host of strong security features. Passwords are stored on users’ hard drives with strong Advanced Encryption Standard (AES) encryption. The application can also elude password-stealing key loggers; users enter their single password by clicking on characters on a small virtual keyboard. To hack the data, someone would need to know the employee’s master password. The application includes a highly configurable password generator, helping users transform passwords such as “mydog” or “password1” into ones more like “9%dE~0”—in just a handful of seconds and with up to 99 characters.

Bill Carey, vice president of business development for Siber Systems, says that distributing password security across desktop computers is more secure than the method of other single sign-on (SSO) solutions, which tend to encrypt data in a central server. The central server solution creates the potential for insider theft, such as when IT administrators take advantage of their ability to view every company password with ease, he notes.

Other SSO solutions typically require writing code to merge separate systems, which are time consuming, says Carey.

To use RoboForm, the company must first specify the password policies it wants the program to implement, which usually takes under 15 minutes with the Policy Editor tool. The tool can be used to configure options such as the length and required characters in a password. Administrators can also choose to turn off certain RoboForm features, such as the form filler, which can automatically input address, payment, and other information into Web sites. Installing the application on desktops takes just a few minutes.   

By reducing helpdesk calls, some firms may be able to recoup what they paid for RoboForm in about two months, according to the company. To arrive at this estimate, Siber Systems studied a variety of companies, says Carey. It began the estimate by assuming a firm had 1,000 employees, each of whom made 1.75 password assistance calls per month. If calls lasted 12 minutes with helpdesk staff, costing organizations $50 an hour for those staff members and $75 an hour for other employees, savings totaled about $44,000 a month. This estimate sounds a bit high, but it’s probably fair to assume that the system could indeed reduce calls to the helpdesk.

The product comes with an assortment of features and options. One optional RoboForm feature can give IT administrators the ability to recover lost master passwords. Using RoboForm’s basic functions is straightforward but many of the application’s additional options are more difficult.

Siber Systems offers unlimited updates and phone support, as well as an expansive online support area.

Overall, the product is relatively simple to deploy, and it is much easier than typing passwords. RoboForm’s market longevity and reputation for solid security should inspire confidence. And because many individuals may already have installed it at home, it is a tool employees may be comfortable using, perhaps finally abandoning password-covered Post-It notes.

Siber Systems says that about 30 organizations had purchased the product as of the end of last year.

Pros. It enables quick, secure password management. It is easier to deploy than other single sign-on (SSO) solutions. It can also save organizations money by reducing helpdesk calls.

Cons. It was difficult to figure out how to bring up the virtual keyboard after entering a new master password. In other situations, the virtual keyboard pops up automatically.

Where to get it. It can be purchased online. Minimum order is for 100 seats; each costs $19.95. Orders of more than 1,000 are $17.95 each.

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.