RoboForm V7 credentials were comprised of a User ID, Everywhere password, and Master Password. Juggling and differentiating the three proved to be very confusing for many users. As a result, we have simplified the process while also increasing security.
RoboForm 8 uses SCRAM, the most modern and secure authentication scheme.
More info on the mechanism can be found here: https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism
How it works
From the user side: (which is the RoboForm application and the login form at the RoboForm Online site): The entered password is never sent to the server directly, it instead uses a hashed version of your password. The hash is salted with a challenge that keeps users protected from man-in-the-middle attacks.
At the server side: We do not store your Master Password on our server. Instead, a key is stored which can only be used to check the user authentication and cannot be used to obtain the Master Password. In addition, SCRAM employs the PBKDF2 mechanism, which increases the strength against brute-force attacks.
Benefits
Improved privacy: Data is not visible or accessible until the Master Password has been entered.
Better security: One large file is cryptographically stronger than several small files.
Faster synchronization: One file (compressed) transfers faster than several small files.
Comments
0 comments
Article is closed for comments.