You should be using a password manager, because it’s one of the best things you can do to secure your digital life. With it, you’ll be able to create strong, incredibly difficult to guess passwords that you won’t even be able to remember yourself. Your password manager will store them for you, and you’ll be able to authenticate into this vault of passwords using a combination of a more easy-to-remember password (or passphrase) and multi-factor authentication.
But which password manager should you use? That’s the real question. And when your password manager of choice doesn’t appear on everyone’s list of favourites, what does that mean for your security? Lifehacker reader Jan asked me this very question in this week’s tech question:
I have been a subscriber of Roboform for years. Maybe, decades. I have found it not to be without challenges and I notice it is never in the “Top X Password Vault” articles. Is that because the newer ones are so much better or that Roboform does not advertise as much? Something else?
The best password manager is the one you always use
I confess, Jan; I’ve never heard of Roboform. Or, at least, it didn’t immediately ring a bell when I read your question. Though its name does come up on various “best password manager” lists around the web, I’ve never seen it take top honours. We tend to live in a LastPass or 1Password kind of world — really, 1Password and Bitwarden, as the latter is an open-source password manager that’s cheaper than LastPass (saving you $35/year) and nearly as good.
To answer your question, it’s totally fine if Roboform isn’t the best of the best password managers. Here’s why: As long as it does a good enough job, and it isn’t suffering any terrible security lapses, it’s keeping you safe. You’re used to how it works, you’ve probably gotten a good handle on its interface, and you’re using it regularly. That, in itself, makes Roboform the best password manager (for you).
Your situation reminds me of the “upgrader’s fallacy,” or what I like to think about whenever I see people flocking to the latest and greatest gear for their desktop PCs. I’d love a brand-new Nvidia RTX 3080 card, for example, and I almost jumped into the wild race to get one when it came out. I talked myself out of it, because even though it’s superior to what I have, that doesn’t make my existing setup bad (a RTX 2080). In fact, what I already have works great for the nuances of my ultrawide monitor and the games I play (currently: World of Warcraft). I don’t need more firepower until something catches my interest that’s a mix of crazy-good graphics and ray-tracing. And, even then, I’ll probably still be able to get pretty decent frame rates with my existing setup. Why upgrade?
There are better password managers than Roboform that offer useful features Roboform lacks. The mighty 1Password, for example, has an incredibly handy “Watchtower” feature that alerts you when passwords you’ve used have shown up in a data breach. And as Wirecutter points out in its password-manager roundup, Roboform hasn’t been through a third-party security audit.
Is that a huge deal? If you’re starting from scratch and looking for your very first password manager, sure. If you’re already content with Roboform and use it daily to manage your passwords, you certainly could move to something better. I’d only recommend doing so if there is an easy way to get your passwords from the service you currently use to a future one you’re looking to try. If this is going to cause a huge disruption to your routine, it’s not worth it — even if you do end up saving $30 a year or get some extra features beyond the general security a decent password manager provides.
I realise that some readers might think that sounds a bit odd coming from a tech-advice columnist whose normal reaction is “upgrade, upgrade, upgrade” in all instances. Remember, not everyone is super tech-savvy. And maybe, just maybe, it’s a herculean enough of a battle to get a person to use a password manager to begin with. (I still struggle trying to convince my reasonable and intelligent friends that they should use a great password manager instead of their browser’s simpler “save passwords” feature.)
Don’t rock the boat if you don’t have to. Upgrade if you really want to, but know that you’re not missing out on a lot if you’re using your password manager the right way: complex, unique passwords for all your services. If you want to be super-safe, you could set up a Google alert for any and all mentions of Roboform. That way, in case anything ever does happen to your picked password manager, you’ll be able to switch to something else (and better). But if you’re happy with what you have, and what it costs, you’re fine.
Do you have a tech question keeping you up at night? Tired of troubleshooting your Windows or Mac? Looking for advice on apps, browser extensions, or utilities to accomplish a particular task? Let us know! Tell us in the comments below or email [email protected].