RoboForm

RoboForm is a password manager, which is a class of software that allows users to have secure, unique passwords for every website accessed. It is amongst the older password managers^[1][2] on the market, developed by US company Siber Systems,^[3] distributed as a freemium product with a subscription plan,^[4] available on macOS, Windows, iOS and Android^[4] and as a plugin for web browsers.^[5][6]

RoboForm
Developer	Siber Systems
Initial release	1999; 26 years ago (1999)
Operating system	macOS, Windows, iOS, Android, watchOS, Wear OS
Available in	30 languages
Type	Password manager
License	Freemium / Proprietary software
Website	www.roboform.com

The Password Checkup tool uses zxcvbn to assess password strength.^[7]It detects credential breaches by querying the Have I Been Pwned? database.^[7]

Overview

Siber Systems is a company founded in 1995 by Vadim Maslov^[8][9] with headquarters in Fairfax, Virginia.^[10] The company was founded to capitalize on research into text parsing, compilation and transformation to produce useful, commercially-viable technologies.^[10] They released RoboForm as their first consumer product in 1999.^[11][12][2]

RoboForm was initially a form-filling utility and was further developed into a full-fledged password manager,^[13] then delivered with password generator, password capturer, password importer, multi-factor authentication and secure password sharing.^[6]

The first business version of RoboForm was released in 2009. In 2010 it was introduced premium cross-platform subscription service for individuals and in 2015, Siber Systems launched RoboForm as a software as a service solution (SaaS). The freemium model was available starting in 2017.^[5]

Security Criticism

2024 Evaluation of Password Checkup Tools

A 2024 study by Hutchinson et al. examined the “password checkup” features of 14 password managers, including RoboForm, using weak, breached, and randomly generated passwords. The authors found that the evaluated products reported weak and compromised passwords inconsistently and sometimes incompletely. No manager successfully flagged all known breached passwords. The study concludes that such inconsistencies may give users a false sense of security.^[14]

2025 DOM-based Extension Clickjacking

Security researcher Marek Tóth presented a vulnerability in browser extensions of several password managers (including RoboForm) at DEF CON 33 on August 9, 2025. In their default configurations, these extensions were shown to be exposed to a DOM-based extension clickjacking technique, allowing attackers to exfiltrate user data with just a single click.^[15] The affected password manager vendors were notified in April 2025. According to Tóth, RoboForm version 9.7.6 (July 25, 2025) addressed the issue.^[16]

See also

• List of password managers