Five Steps to Protect Your Passwords Before It’s Too Late
If you’re familiar at all with the popular password manager RoboForm, you may know that when the current version of the product, version 7, was released back in 2010, all heck broke loose. Users who loved version 6 for a lot of reasons (including the promise of free lifetime updates) were stunned the day they opted in to an update that turned out to be an upgrade to version 7, which required them to shell out more money. The result was a firestorm of angry users who felt they’d had the rug pulled out from under them.
I had the opportunity to revisit the brouhaha and its aftermath in an interview yesterday with Bill Carey, vice president of marketing for Fairfax, Va.-based Siber Systems, the developer of RoboForm. To his credit, Carey was candid and straightforward about how Siber Systems blew its execution of the upgrade:
When we released Version 7, I believe in December 2010, it was a big upgrade. There is a difference between lifetime “updates” and lifetime “upgrades.” Version 6 was out for about four years, and when we upgraded from Version 5 to Version 6, it was a paid upgrade, as well. The difference was by the time we got to Version 7, there were many more millions of users, so it was a lot louder. So there were always lifetime updates, but it was for the version of the software that you were using. When there was a major release of a version number, it was a paid upgrade. We executed it poorly, in the sense that we do this thing called “Auto Update”—we tell the user that there’s an update of the software available, and ask if they want to update it. We didn’t warn users that just by updating, they were changing from Version 6 to Version 7. So 30 days after they updated it from 6 to 7, they got a “you have to pay for this” message. That’s what threw everybody into a tizzy, and it was 1,000 percent poor execution on our side. We threw out an auto update, we updated everyone, and surprised everybody because they didn’t realize we were going from Version 6 to Version 7. But all they had to do was go back and download Version 6 again, and they would have been all set. And anybody who bought Version 6 within six months of us putting out Version 7 got a free upgrade to Version 7. We did all kinds of things to make people whole, and to get through the situation. But it was a difficult situation for us, and it took about a year to get our good reputation back.
The good news for Siber Systems, and for RoboForm users, is that all seems to have been forgiven. For one thing, TopTenReviews ranked RoboForm Everywhere No. 1 in a 2014 review of password managers. The only con it cited was that the mobile versions of RoboForm were read-only, so I asked Carey if there were any plans to change that. He said they already have:
When they last reviewed it, it was read-only, so you would establish all your log-ins on your Windows or Mac machine, and then synchronize those log-ins to your portable devices. Now, all of our apps for iOS, Android, Windows Phone, are fully-functioning password managers. So you can save new passwords on there, you can log in on there and read it and edit it. And if you do any of those actions, it will all stay in sync with any other device on your RoboForm Everywhere account.
I was curious about the password manager landscape, so I asked Carey if he had any sense of what percentage of companies have deployed password management software. His response:
We haven’t seen any studies on that. But what I do know is that companies are looking at a wide range of solutions to solve their password management problems, including very big, complicated, expensive single sign-on systems that give credentials for who can log in to what. And for some companies, those are the right things. And then you have stuff like we and some of our competitors do, that’s more of a password management overlay. You can install our software, and your employees can start using it the same day. Because it’s designed to start automatically deciphering whether or not you’ve logged in to a website or an application, RoboForm will automatically detect that a log-in event has occurred, and will ask whether you want to save that password for future reference. So it’s much less complicated than single sign-on. We have sold our stuff into everything as big as the federal government, and as small as mom-and-pop shops. So password management in general is something that’s being looked at on all levels—everybody is concerned about it.
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.
