Solved

Password protection detailed features hard to find

  • 6 April 2013
  • 2 replies
  • 44 views

Hi,
I've been a long time Webroot customer and I'm now considering an upgrade to PLUS or COMPLETE, but I cannot find detailed  information on specifically password protection.
 
Reason I want password protection so bad (and why I'm looking at other products like Lastpass, Roboform...) is that my email / credit cards were hacked last week. All is fixed now but as a result, I was brutally made aware of the "new world" we live in...
 
With no fault at all to Webroot - just some careless password creation on me and my familie's part , and not having changed paswords for years - but I am now looking for an efficient and secure way to create/edit/change passwords regularly (it seems to be the key to not being hacked..?).
 
Long story short, I get how it works locally on a "secured machine", but what if I log on to a work or public computer? Do I have access to the webroot password protection program or is there an accessable online portal where I can retrieve a given password? I actually find that last one ironic since you shouldn't be accesing anything password-protected on a public computer....right?
 
Any thoughts and/or experience dealing with Webroot password protection greatly appreciated.  
icon

Best answer by JimM 6 April 2013, 23:44

View original

2 replies

Userlevel 7
Hi jbro,
Being a victim of idenity theft is a horrible position to find yourself in.  Hopefully you discovered it quickly and brought it to the attention of your banks and credit agencies.  If you go with the password protection available in Internet Security Plus or Complete, you won't be dissappointed.  The passwords are encrypted with a 256bit AES encryption, utilizing a salted hash.  You can access and utilize your passwords via both the toolbar and the online console.
 
The subject of public computers carries a nuance.  While you can log into the online console from a public computer in order to access your passwords, you're right to note that, to some extent, you are beholden to the protection installed on that public computer in terms of protection against password-related threats, like keyloggers for instance.
 
When you log in via the toolbar, on a private computer, the password is entered without any physical keystrokes on your part.  Thus, even if there was a keylogger present, it would have nothing to capture, at least insofar as the password goes.  On a public computer, you don't have the benefit of the toolbar, and automatic login generally won't work without it.  That means you're entering the password by hand once you've looked it up.  So hopefully the public computer is protected against the threat of a keylogger.  There isn't any way around this problem at all, regardless of the solution you choose to go with though.
 
On the positive side, if you go with Webroot, you have the added benefit of knowing that you're protected against keyloggers in three layers with WSA - 1. It would quarantine an executable keylogger 2. The Identity Shield locks down the browser from keylogger access even if the first method misses the threat, and 3. The toolbar allows for automated login without the need to type the password, which acts as a third layer of protection.  Granted, this all on a private computer, and it's not as though you can move WSA over onto say, the public library computer, if you want to use that to enter some passwords.  That speaks to the limitations of the public computer system though.  Depending on how security-minded you want to be, some people would suggest not using a public computer at all for such reasons.  There have certainly been recent stories of keyloggers being dropped onto public computer systems in efforts to collect private information in that way.  It depends on the security of the public systems themselves.  It's always prudent to make sure they're running some kind of protection at all, at bare minimum, in such situations.
 
Webroot actually offers Endpoint Protection for work computers and computers set up for public establishments.  If you're concerned about the level of security on your work computers, you could always mention Webroot.
 
So while we offer you the ability to sign into the two-factor authentication protected online console to get to your passwords from any computer you like, you are right to be wary of which computers you choose to do that from.  The security of those computers themselves plays a large part in the security of the password protection experience in such cases.
Thanks a lot Jim. This is reassuring and encouraging to know that the world can be safe or at least made a lot harder for thieves. And yes I got all my things straightened out, thanks for asking. 
I will definitely upgrade and try out the password protection features...along with some behavior change on my part when it comes to public computers. 
Thanks again for a timely and very thorough answer, the Webroot team and products never disappoint!

Reply