Q. Are cloud-linked password managers risky?
On Wednesdays, we'll be featuring an abridged Q&A from Fred Langa's LANGALIST, a feature available exclusively to paid subscribers of the Windows Secrets newsletter. Today's Q&A: How secure a solution are cloud-based password managers, really?
September 2, 2015
Q: You’ve talked about RoboForm. What happens if they go out of business or cease to operate? If you have not kept a record of your passwords, you’re dead. How do you deal with that?
A. First, know that your passwords don't just live in the cloud.
RoboForm’s primary storage is on your device’s hard drive. These local and encrypted files are used by the password manager to sign you into a site. So RoboForm works as it should, even if the Internet is down — or if anything else prevents you from accessing the duplicate (and encrypted) password-management files (passfiles) stored in the cloud servers.
The cloud-based copies are used mainly as backups. They’re also used for synching passwords between devices, restoring lost passwords, setting up new devices, and so forth. But the cloud-based copies are not needed at all for routine operations.
Note that all stored copies of your passwords are encrypted, regardless of where they reside — either locally or in the cloud. The passfiles always remain encrypted when copied from device to cloud or vice-versa. Only you know the master password (assuming you’ve not shared it with others) needed to decrypt your stored passwords. And passfile decryption takes place only on demand, inside your local system.
But to answer your specific concern, if Siber Systems (RoboForm’s publisher) suddenly disappears, your locally installed app will continue to work — and you’ll still have complete access to the local, encrypted copies of your passwords. The only way you can lose your stored passwords is to forget the master password or have a major drive failure and no system backup files.
And again, the preceding applies not just to RoboForm, but to all other well-designed password managers as well. I believe they are quite safe to use; I rely on them daily — and have done so for years.
(Originally published on Windows Secrets on Thursday, August 26, 2015.)
*
Editor's note: We feature an abridged Q&A from Fred Langa's LANGALIST, a column available exclusively to paid subscribers of the Windows Secrets newsletter, on Wednesdays. What you see here is just a small sampling of what Langa's writing for the newsletter — go here for more information on how to subscribe.
About the Author
You May Also Like