Your passwords are encrypted with your own secret key—the RoboForm Master Password. With RoboForm, all decryption of your RoboForm data happens on your device and not on our servers. No RoboForm data can be accessed without the Master Password. Because your Master Password does not transmit to our servers, we have no way of knowing what it is and subsequently no way of accessing your data.
To protect against dictionary, brute force, or other attacks, we use AES256 bit encryption with PBKDF2 SHA256. PBKDF2 is a key stretching algorithm used to hash passwords with a salt.
In addition to not sending and storing your Master Password, we require a minimum Master Password length of 8 characters, with a minimum of 4 nonnumeric characters.
RoboForm calculates your Security Score based on the number of reused passwords, duplicated Logins (username and password combinations), and the strength of your individual passwords.
RoboForm utilizes a public key exchange mechanism between sharing parties which ensures local encryption / decryption, as well as end-to-end encryption. The sender can set the recipient's permission level for their shared files and folders.