Is there a good way to store credentials outside of a password manager?XKCD #936: Short complex password, or long dictionary passphrase?How to store passwords written on a physical notebook?Password manager vs password bookIs it safe to store my passwords in a text document protected by a password?Rememberable Password FormulaLooking for password manager in companyIs it a good idea to give users an additional password that they do not control?Web app crypto schemeWhat is the safest way to store passwords in a company for the case when the CISO leaves?How should I store a physical written copy of my password?How secure is a password protected file?Password manager vs password bookBest way to store Apple app-specific passwordaWallet Password ManagerHardware-Based Password Manager
Why does wrapping Aluminium foil around my food help it keep warm, aluminium be good conductor should have no effect?
What's the point of having a RAID 1 configuration over incremental backups to a secondary drive?
Elf (adjective) vs. Elvish vs. Elven
Is it okay to roll multiple attacks that all have advantage in one cluster?
Is a request to book a business flight ticket for a graduate student an unreasonable one?
Is it OK to leave real names & info visible in business card portfolio?
What minifigure is this?
Swapping "Good" and "Bad"
Received a dinner invitation through my employer's email, is it ok to attend?
Why archangel Michael didn't save Jesus when he was crucified?
What is a "Lear Processor" and how did it work?
Why do we need common sense in AI?
How effective would wooden scale armor be in a medieval setting?
Does a wizard need their hands free in order to cause their familiar from the Find Familiar spell to reappear?
Did the Ottoman empire suppress the printing press?
GDPR rights when subject dies; does family inherit subject rights?
Why is the ladder of the LM always in the dark side of the LM?
Would it be appropriate to sand a floor between coats of poly with a handheld orbital sander?
[Future]Historical experience as a guide to warship design?
Using Open with a filename that contains :
WTB Horizon 47c - small crack in the middle of the tire
How can a dictatorship government be beneficial to a dictator in a post-scarcity society?
What attributes and how big would a sea creature(s) need to be able to tow a ship?
What are the indigenous English words for a prostitute?
Is there a good way to store credentials outside of a password manager?
XKCD #936: Short complex password, or long dictionary passphrase?How to store passwords written on a physical notebook?Password manager vs password bookIs it safe to store my passwords in a text document protected by a password?Rememberable Password FormulaLooking for password manager in companyIs it a good idea to give users an additional password that they do not control?Web app crypto schemeWhat is the safest way to store passwords in a company for the case when the CISO leaves?How should I store a physical written copy of my password?How secure is a password protected file?Password manager vs password bookBest way to store Apple app-specific passwordaWallet Password ManagerHardware-Based Password Manager
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?
passwords password-management
|
show 7 more comments
A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?
passwords password-management
4
Maybe ask IT if they have a recommended solution. They may already have some software they allow.
– Daisetsu
Mar 25 at 20:47
101
What is it about the recommendations/feedback that’s made you hesitant?
– Ry-
Mar 25 at 21:48
37
This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.
– Alexander
Mar 26 at 16:11
2
Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.
– tmh
Mar 27 at 10:55
4
Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?
– MonkeyZeus
Mar 27 at 12:36
|
show 7 more comments
A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?
passwords password-management
A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?
passwords password-management
passwords password-management
edited Mar 25 at 21:02
Jeff Ferland♦
34.8k8 gold badges81 silver badges161 bronze badges
34.8k8 gold badges81 silver badges161 bronze badges
asked Mar 25 at 20:44
Hajar QhHajar Qh
3291 gold badge2 silver badges3 bronze badges
3291 gold badge2 silver badges3 bronze badges
4
Maybe ask IT if they have a recommended solution. They may already have some software they allow.
– Daisetsu
Mar 25 at 20:47
101
What is it about the recommendations/feedback that’s made you hesitant?
– Ry-
Mar 25 at 21:48
37
This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.
– Alexander
Mar 26 at 16:11
2
Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.
– tmh
Mar 27 at 10:55
4
Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?
– MonkeyZeus
Mar 27 at 12:36
|
show 7 more comments
4
Maybe ask IT if they have a recommended solution. They may already have some software they allow.
– Daisetsu
Mar 25 at 20:47
101
What is it about the recommendations/feedback that’s made you hesitant?
– Ry-
Mar 25 at 21:48
37
This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.
– Alexander
Mar 26 at 16:11
2
Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.
– tmh
Mar 27 at 10:55
4
Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?
– MonkeyZeus
Mar 27 at 12:36
4
4
Maybe ask IT if they have a recommended solution. They may already have some software they allow.
– Daisetsu
Mar 25 at 20:47
Maybe ask IT if they have a recommended solution. They may already have some software they allow.
– Daisetsu
Mar 25 at 20:47
101
101
What is it about the recommendations/feedback that’s made you hesitant?
– Ry-
Mar 25 at 21:48
What is it about the recommendations/feedback that’s made you hesitant?
– Ry-
Mar 25 at 21:48
37
37
This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.
– Alexander
Mar 26 at 16:11
This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.
– Alexander
Mar 26 at 16:11
2
2
Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.
– tmh
Mar 27 at 10:55
Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.
– tmh
Mar 27 at 10:55
4
4
Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?
– MonkeyZeus
Mar 27 at 12:36
Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?
– MonkeyZeus
Mar 27 at 12:36
|
show 7 more comments
13 Answers
13
active
oldest
votes
Install a password manager. A good password manager is much, much better than anything you can do by yourself.
They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.
31
how does one know which is a good password manage and if they actually follow all the strict development rules ?
– Nigel Fds
Mar 26 at 1:06
10
@NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments
– Schwern
Mar 26 at 1:35
33
@NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.
– Mischa
Mar 26 at 8:31
12
@JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.
– scai
Mar 27 at 8:50
24
@scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).
– RobIII
Mar 27 at 15:42
|
show 5 more comments
You're probably referring to the recent articles about flaws in password managers.
Password managers have a security flaw. But you should still use one. (Washington Post)
Password managers leaking data in memory, but you should still use one. (Sophos)
Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...
All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.
1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...
...we need to consider that for this to enable an attack the attacker must
- Be in a position to read 1Password process memory when 1Password is locked
- Not be in a position to read 1Password process memory when 1Password is unlocked.
Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.
If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.
And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.
Password managers can do other things to add to your security.
- Share and manage your passwords between all your devices, including mobile devices.
- Share and manage passwords and credentials with co-workers.
- Store more than just passwords securely.
- GPG and SSH keys and passphrases
One-time password generators- Recovery keys
- Security questions
- API keys
- Notes
- Credit cards (arguably better than saving them on web sites)
- Bank accounts
- Memberships
- Software licenses
- Inform you of insecure passwords
- Reused passwords
- Password breaches
- Generate secure passwords
- Auto-fill passwords (avoids being shoulder surfed)
- Auto-record new accounts
- Protection against ransomware (if it stores your vault elsewhere)
These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.
7
Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.
– JeroenHoek
Mar 26 at 13:27
1
"(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).
– Radu Murzea
Mar 27 at 10:43
1
@RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.
– Ismael Miguel
Mar 27 at 17:50
1
@RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.
– Schwern
Mar 27 at 19:36
1
@IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)
– Flater
Mar 28 at 16:20
|
show 2 more comments
The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).
If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.
5
@lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.
– owacoder
Mar 26 at 12:03
5
I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.
– Dan
Mar 26 at 14:45
2
@Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.
– owacoder
Mar 26 at 15:26
2
@lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.
– Baldrickk
Mar 26 at 15:33
4
It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.
– Will
Mar 27 at 9:09
|
show 4 more comments
Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:
Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]
Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.
If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.
So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?
[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.
[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.
add a comment |
The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.
It does offer some weak points
https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office
Previously, if the original creator of a file password either forgot
the password or left the organization, the file was rendered
unrecoverable. By using Office 2016 and an escrow key, which is
generated from your company or organization's private key certificate
store, an IT admin can "unlock" the file for a user and then either
leave the file without password protection, or assign a new password
to the file. You, the IT admin, are the keeper of the escrow key which
is generated from your company or organization's private key
certificate store. You can silently push the public key information to
client computers one time through a registry key setting that you can
manually create or you can create it through a Group Policy script.
When a user later creates a password-protected Word, Excel, or
PowerPoint file, this public key is included in the file header.
Later, an IT pro can use the Office DocRecrypt tool to remove the
password that is attached to the file, and then, optionally, protect
the file by using a new password. To do this, the IT pro must have all
the following:
The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.
There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.
In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.
So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.
Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.
In comparison, password managers offer more security.
11
By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.
– Oxy
Mar 26 at 11:42
1
Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.
– Tschallacka
Mar 26 at 13:42
1
Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.
– Erik A
Mar 28 at 11:05
add a comment |
I still heartily recommend using a password manager. If that is impossible, and all the following are true:
- People can choose their own passwords.
- No one has to share passwords.
- (Protected Excel files make this seem unlikely.)
...then you could suggest a Password Card to keep in their wallet.
The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.
– Adonalsium
Mar 26 at 14:01
1
@Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."
– Lightness Races in Orbit
Mar 27 at 11:11
2
@LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.
– Adonalsium
Mar 27 at 16:31
That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.
– dgnuff
Mar 28 at 5:18
1
@dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.
– Michael
Mar 28 at 10:59
|
show 3 more comments
Sheneir on Write Down Your Password:
Microsoft's Jesper Johansson urged people to write down their
passwords.
This is good advice, and I've been saying it for years.
Simply, people can no longer remember passwords good enough to
reliably defend against dictionary attacks, and are much more secure
if they choose a password too complicated to remember and then write
it down. We're all good at securing small pieces of paper. I recommend
that people write their passwords down on a small piece of paper, and
keep it with their other valuable small pieces of paper: in their
wallet.
Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.
– Lightness Races in Orbit
Mar 27 at 11:12
No, that's FUD. Read Schwern's answer.
– Lightness Races in Orbit
Mar 31 at 18:01
A password manager is writing down your password and then encrypting it and then storing it where it will not be lost. We are not good at securing small pieces of paper, we lose them all the time. And with the increasing number of accounts you're going to have a very fat wallet.
– Schwern
May 3 at 21:19
add a comment |
Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!
But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.
3
I think that the hesitation is with using a password manager in general, not the local install.
– schroeder♦
Mar 26 at 0:11
But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)
– Paris
Mar 26 at 1:06
The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.
– Captain Man
Mar 26 at 16:24
@CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.
– Paris
Mar 26 at 20:43
Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.
– Harper
Mar 28 at 22:40
add a comment |
A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.
The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.
For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.
Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.
Vulnerable to simple shoulder surfing.
– Schwern
Mar 27 at 7:41
@Schwern not if they were very complex passwords
– Ulkoma
Mar 27 at 20:47
@Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.
– Schwern
Mar 27 at 20:55
add a comment |
Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.
It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.
As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd
But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.
This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).
– OrangeDog
Mar 26 at 17:49
It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.
– OrangeDog
Mar 26 at 17:49
@orangedog but not all of them.
– Stian Yttervik
Mar 26 at 19:13
I think you are confused about what a phishing attack is.
– OrangeDog
Mar 26 at 19:15
@orangedog Hardly, it rather seems like I am quite convinced.
– Stian Yttervik
Mar 26 at 19:18
|
show 3 more comments
I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.
Having said that, If you have decided against using a password manager then you could use the following approach
- Have two password protected Excel files.
- Use different passwords for each Excel.
- Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.
- Store the unique number and corresponding password in another Excel.
add a comment |
If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.
4
This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.
– Schwern
Mar 25 at 23:57
2
Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.
– ThoriumBR
Mar 26 at 1:53
add a comment |
This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).
You can easily store it in your mind: but don't remember the passwords, remember a formula.
For example, start with a base word, let's say "Password", and think of a couple of custom rules:
- Number of letters in website name (Facebook: 8), and add it to the end.
- Capitalize matching vowels (Facebook: A and O)
- Replace the Nth character with a number equal to number of syllables (Facebook: 2)
You end up with P2sswOrd8.
You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).
6
This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?
– schroeder♦
Mar 26 at 16:10
3
Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.
– schroeder♦
Mar 26 at 16:14
It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.
– Jeffrey Roosendaal
Mar 26 at 16:31
3
Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.
– schroeder♦
Mar 26 at 16:41
The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.
– zakinster
Mar 26 at 17:37
|
show 1 more comment
protected by Rory Alsop♦ Mar 27 at 9:39
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
13 Answers
13
active
oldest
votes
13 Answers
13
active
oldest
votes
active
oldest
votes
active
oldest
votes
Install a password manager. A good password manager is much, much better than anything you can do by yourself.
They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.
31
how does one know which is a good password manage and if they actually follow all the strict development rules ?
– Nigel Fds
Mar 26 at 1:06
10
@NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments
– Schwern
Mar 26 at 1:35
33
@NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.
– Mischa
Mar 26 at 8:31
12
@JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.
– scai
Mar 27 at 8:50
24
@scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).
– RobIII
Mar 27 at 15:42
|
show 5 more comments
Install a password manager. A good password manager is much, much better than anything you can do by yourself.
They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.
31
how does one know which is a good password manage and if they actually follow all the strict development rules ?
– Nigel Fds
Mar 26 at 1:06
10
@NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments
– Schwern
Mar 26 at 1:35
33
@NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.
– Mischa
Mar 26 at 8:31
12
@JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.
– scai
Mar 27 at 8:50
24
@scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).
– RobIII
Mar 27 at 15:42
|
show 5 more comments
Install a password manager. A good password manager is much, much better than anything you can do by yourself.
They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.
Install a password manager. A good password manager is much, much better than anything you can do by yourself.
They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.
answered Mar 25 at 20:47
ThoriumBRThoriumBR
26.9k8 gold badges63 silver badges83 bronze badges
26.9k8 gold badges63 silver badges83 bronze badges
31
how does one know which is a good password manage and if they actually follow all the strict development rules ?
– Nigel Fds
Mar 26 at 1:06
10
@NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments
– Schwern
Mar 26 at 1:35
33
@NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.
– Mischa
Mar 26 at 8:31
12
@JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.
– scai
Mar 27 at 8:50
24
@scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).
– RobIII
Mar 27 at 15:42
|
show 5 more comments
31
how does one know which is a good password manage and if they actually follow all the strict development rules ?
– Nigel Fds
Mar 26 at 1:06
10
@NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments
– Schwern
Mar 26 at 1:35
33
@NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.
– Mischa
Mar 26 at 8:31
12
@JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.
– scai
Mar 27 at 8:50
24
@scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).
– RobIII
Mar 27 at 15:42
31
31
how does one know which is a good password manage and if they actually follow all the strict development rules ?
– Nigel Fds
Mar 26 at 1:06
how does one know which is a good password manage and if they actually follow all the strict development rules ?
– Nigel Fds
Mar 26 at 1:06
10
10
@NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments
– Schwern
Mar 26 at 1:35
@NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments
– Schwern
Mar 26 at 1:35
33
33
@NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.
– Mischa
Mar 26 at 8:31
@NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.
– Mischa
Mar 26 at 8:31
12
12
@JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.
– scai
Mar 27 at 8:50
@JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.
– scai
Mar 27 at 8:50
24
24
@scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).
– RobIII
Mar 27 at 15:42
@scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).
– RobIII
Mar 27 at 15:42
|
show 5 more comments
You're probably referring to the recent articles about flaws in password managers.
Password managers have a security flaw. But you should still use one. (Washington Post)
Password managers leaking data in memory, but you should still use one. (Sophos)
Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...
All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.
1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...
...we need to consider that for this to enable an attack the attacker must
- Be in a position to read 1Password process memory when 1Password is locked
- Not be in a position to read 1Password process memory when 1Password is unlocked.
Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.
If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.
And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.
Password managers can do other things to add to your security.
- Share and manage your passwords between all your devices, including mobile devices.
- Share and manage passwords and credentials with co-workers.
- Store more than just passwords securely.
- GPG and SSH keys and passphrases
One-time password generators- Recovery keys
- Security questions
- API keys
- Notes
- Credit cards (arguably better than saving them on web sites)
- Bank accounts
- Memberships
- Software licenses
- Inform you of insecure passwords
- Reused passwords
- Password breaches
- Generate secure passwords
- Auto-fill passwords (avoids being shoulder surfed)
- Auto-record new accounts
- Protection against ransomware (if it stores your vault elsewhere)
These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.
7
Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.
– JeroenHoek
Mar 26 at 13:27
1
"(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).
– Radu Murzea
Mar 27 at 10:43
1
@RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.
– Ismael Miguel
Mar 27 at 17:50
1
@RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.
– Schwern
Mar 27 at 19:36
1
@IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)
– Flater
Mar 28 at 16:20
|
show 2 more comments
You're probably referring to the recent articles about flaws in password managers.
Password managers have a security flaw. But you should still use one. (Washington Post)
Password managers leaking data in memory, but you should still use one. (Sophos)
Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...
All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.
1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...
...we need to consider that for this to enable an attack the attacker must
- Be in a position to read 1Password process memory when 1Password is locked
- Not be in a position to read 1Password process memory when 1Password is unlocked.
Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.
If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.
And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.
Password managers can do other things to add to your security.
- Share and manage your passwords between all your devices, including mobile devices.
- Share and manage passwords and credentials with co-workers.
- Store more than just passwords securely.
- GPG and SSH keys and passphrases
One-time password generators- Recovery keys
- Security questions
- API keys
- Notes
- Credit cards (arguably better than saving them on web sites)
- Bank accounts
- Memberships
- Software licenses
- Inform you of insecure passwords
- Reused passwords
- Password breaches
- Generate secure passwords
- Auto-fill passwords (avoids being shoulder surfed)
- Auto-record new accounts
- Protection against ransomware (if it stores your vault elsewhere)
These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.
7
Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.
– JeroenHoek
Mar 26 at 13:27
1
"(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).
– Radu Murzea
Mar 27 at 10:43
1
@RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.
– Ismael Miguel
Mar 27 at 17:50
1
@RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.
– Schwern
Mar 27 at 19:36
1
@IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)
– Flater
Mar 28 at 16:20
|
show 2 more comments
You're probably referring to the recent articles about flaws in password managers.
Password managers have a security flaw. But you should still use one. (Washington Post)
Password managers leaking data in memory, but you should still use one. (Sophos)
Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...
All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.
1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...
...we need to consider that for this to enable an attack the attacker must
- Be in a position to read 1Password process memory when 1Password is locked
- Not be in a position to read 1Password process memory when 1Password is unlocked.
Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.
If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.
And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.
Password managers can do other things to add to your security.
- Share and manage your passwords between all your devices, including mobile devices.
- Share and manage passwords and credentials with co-workers.
- Store more than just passwords securely.
- GPG and SSH keys and passphrases
One-time password generators- Recovery keys
- Security questions
- API keys
- Notes
- Credit cards (arguably better than saving them on web sites)
- Bank accounts
- Memberships
- Software licenses
- Inform you of insecure passwords
- Reused passwords
- Password breaches
- Generate secure passwords
- Auto-fill passwords (avoids being shoulder surfed)
- Auto-record new accounts
- Protection against ransomware (if it stores your vault elsewhere)
These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.
You're probably referring to the recent articles about flaws in password managers.
Password managers have a security flaw. But you should still use one. (Washington Post)
Password managers leaking data in memory, but you should still use one. (Sophos)
Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...
All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.
1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...
...we need to consider that for this to enable an attack the attacker must
- Be in a position to read 1Password process memory when 1Password is locked
- Not be in a position to read 1Password process memory when 1Password is unlocked.
Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.
If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.
And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.
Password managers can do other things to add to your security.
- Share and manage your passwords between all your devices, including mobile devices.
- Share and manage passwords and credentials with co-workers.
- Store more than just passwords securely.
- GPG and SSH keys and passphrases
One-time password generators- Recovery keys
- Security questions
- API keys
- Notes
- Credit cards (arguably better than saving them on web sites)
- Bank accounts
- Memberships
- Software licenses
- Inform you of insecure passwords
- Reused passwords
- Password breaches
- Generate secure passwords
- Auto-fill passwords (avoids being shoulder surfed)
- Auto-record new accounts
- Protection against ransomware (if it stores your vault elsewhere)
These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.
edited Mar 27 at 19:40
answered Mar 26 at 0:25
SchwernSchwern
1,1396 silver badges14 bronze badges
1,1396 silver badges14 bronze badges
7
Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.
– JeroenHoek
Mar 26 at 13:27
1
"(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).
– Radu Murzea
Mar 27 at 10:43
1
@RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.
– Ismael Miguel
Mar 27 at 17:50
1
@RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.
– Schwern
Mar 27 at 19:36
1
@IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)
– Flater
Mar 28 at 16:20
|
show 2 more comments
7
Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.
– JeroenHoek
Mar 26 at 13:27
1
"(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).
– Radu Murzea
Mar 27 at 10:43
1
@RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.
– Ismael Miguel
Mar 27 at 17:50
1
@RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.
– Schwern
Mar 27 at 19:36
1
@IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)
– Flater
Mar 28 at 16:20
7
7
Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.
– JeroenHoek
Mar 26 at 13:27
Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.
– JeroenHoek
Mar 26 at 13:27
1
1
"(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).
– Radu Murzea
Mar 27 at 10:43
"(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).
– Radu Murzea
Mar 27 at 10:43
1
1
@RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.
– Ismael Miguel
Mar 27 at 17:50
@RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.
– Ismael Miguel
Mar 27 at 17:50
1
1
@RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.
– Schwern
Mar 27 at 19:36
@RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.
– Schwern
Mar 27 at 19:36
1
1
@IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)
– Flater
Mar 28 at 16:20
@IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)
– Flater
Mar 28 at 16:20
|
show 2 more comments
The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).
If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.
5
@lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.
– owacoder
Mar 26 at 12:03
5
I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.
– Dan
Mar 26 at 14:45
2
@Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.
– owacoder
Mar 26 at 15:26
2
@lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.
– Baldrickk
Mar 26 at 15:33
4
It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.
– Will
Mar 27 at 9:09
|
show 4 more comments
The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).
If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.
5
@lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.
– owacoder
Mar 26 at 12:03
5
I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.
– Dan
Mar 26 at 14:45
2
@Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.
– owacoder
Mar 26 at 15:26
2
@lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.
– Baldrickk
Mar 26 at 15:33
4
It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.
– Will
Mar 27 at 9:09
|
show 4 more comments
The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).
If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.
The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).
If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.
answered Mar 26 at 3:03
owacoderowacoder
1892 bronze badges
1892 bronze badges
5
@lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.
– owacoder
Mar 26 at 12:03
5
I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.
– Dan
Mar 26 at 14:45
2
@Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.
– owacoder
Mar 26 at 15:26
2
@lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.
– Baldrickk
Mar 26 at 15:33
4
It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.
– Will
Mar 27 at 9:09
|
show 4 more comments
5
@lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.
– owacoder
Mar 26 at 12:03
5
I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.
– Dan
Mar 26 at 14:45
2
@Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.
– owacoder
Mar 26 at 15:26
2
@lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.
– Baldrickk
Mar 26 at 15:33
4
It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.
– Will
Mar 27 at 9:09
5
5
@lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.
– owacoder
Mar 26 at 12:03
@lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.
– owacoder
Mar 26 at 12:03
5
5
I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.
– Dan
Mar 26 at 14:45
I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.
– Dan
Mar 26 at 14:45
2
2
@Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.
– owacoder
Mar 26 at 15:26
@Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.
– owacoder
Mar 26 at 15:26
2
2
@lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.
– Baldrickk
Mar 26 at 15:33
@lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.
– Baldrickk
Mar 26 at 15:33
4
4
It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.
– Will
Mar 27 at 9:09
It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.
– Will
Mar 27 at 9:09
|
show 4 more comments
Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:
Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]
Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.
If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.
So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?
[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.
[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.
add a comment |
Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:
Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]
Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.
If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.
So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?
[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.
[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.
add a comment |
Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:
Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]
Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.
If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.
So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?
[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.
[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.
Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:
Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]
Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.
If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.
So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?
[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.
[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.
answered Mar 26 at 13:58
AdonalsiumAdonalsium
3,9311 gold badge11 silver badges21 bronze badges
3,9311 gold badge11 silver badges21 bronze badges
add a comment |
add a comment |
The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.
It does offer some weak points
https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office
Previously, if the original creator of a file password either forgot
the password or left the organization, the file was rendered
unrecoverable. By using Office 2016 and an escrow key, which is
generated from your company or organization's private key certificate
store, an IT admin can "unlock" the file for a user and then either
leave the file without password protection, or assign a new password
to the file. You, the IT admin, are the keeper of the escrow key which
is generated from your company or organization's private key
certificate store. You can silently push the public key information to
client computers one time through a registry key setting that you can
manually create or you can create it through a Group Policy script.
When a user later creates a password-protected Word, Excel, or
PowerPoint file, this public key is included in the file header.
Later, an IT pro can use the Office DocRecrypt tool to remove the
password that is attached to the file, and then, optionally, protect
the file by using a new password. To do this, the IT pro must have all
the following:
The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.
There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.
In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.
So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.
Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.
In comparison, password managers offer more security.
11
By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.
– Oxy
Mar 26 at 11:42
1
Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.
– Tschallacka
Mar 26 at 13:42
1
Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.
– Erik A
Mar 28 at 11:05
add a comment |
The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.
It does offer some weak points
https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office
Previously, if the original creator of a file password either forgot
the password or left the organization, the file was rendered
unrecoverable. By using Office 2016 and an escrow key, which is
generated from your company or organization's private key certificate
store, an IT admin can "unlock" the file for a user and then either
leave the file without password protection, or assign a new password
to the file. You, the IT admin, are the keeper of the escrow key which
is generated from your company or organization's private key
certificate store. You can silently push the public key information to
client computers one time through a registry key setting that you can
manually create or you can create it through a Group Policy script.
When a user later creates a password-protected Word, Excel, or
PowerPoint file, this public key is included in the file header.
Later, an IT pro can use the Office DocRecrypt tool to remove the
password that is attached to the file, and then, optionally, protect
the file by using a new password. To do this, the IT pro must have all
the following:
The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.
There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.
In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.
So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.
Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.
In comparison, password managers offer more security.
11
By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.
– Oxy
Mar 26 at 11:42
1
Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.
– Tschallacka
Mar 26 at 13:42
1
Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.
– Erik A
Mar 28 at 11:05
add a comment |
The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.
It does offer some weak points
https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office
Previously, if the original creator of a file password either forgot
the password or left the organization, the file was rendered
unrecoverable. By using Office 2016 and an escrow key, which is
generated from your company or organization's private key certificate
store, an IT admin can "unlock" the file for a user and then either
leave the file without password protection, or assign a new password
to the file. You, the IT admin, are the keeper of the escrow key which
is generated from your company or organization's private key
certificate store. You can silently push the public key information to
client computers one time through a registry key setting that you can
manually create or you can create it through a Group Policy script.
When a user later creates a password-protected Word, Excel, or
PowerPoint file, this public key is included in the file header.
Later, an IT pro can use the Office DocRecrypt tool to remove the
password that is attached to the file, and then, optionally, protect
the file by using a new password. To do this, the IT pro must have all
the following:
The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.
There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.
In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.
So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.
Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.
In comparison, password managers offer more security.
The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.
It does offer some weak points
https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office
Previously, if the original creator of a file password either forgot
the password or left the organization, the file was rendered
unrecoverable. By using Office 2016 and an escrow key, which is
generated from your company or organization's private key certificate
store, an IT admin can "unlock" the file for a user and then either
leave the file without password protection, or assign a new password
to the file. You, the IT admin, are the keeper of the escrow key which
is generated from your company or organization's private key
certificate store. You can silently push the public key information to
client computers one time through a registry key setting that you can
manually create or you can create it through a Group Policy script.
When a user later creates a password-protected Word, Excel, or
PowerPoint file, this public key is included in the file header.
Later, an IT pro can use the Office DocRecrypt tool to remove the
password that is attached to the file, and then, optionally, protect
the file by using a new password. To do this, the IT pro must have all
the following:
The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.
There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.
In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.
So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.
Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.
In comparison, password managers offer more security.
edited Mar 28 at 12:31
answered Mar 26 at 8:53
TschallackaTschallacka
2531 silver badge8 bronze badges
2531 silver badge8 bronze badges
11
By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.
– Oxy
Mar 26 at 11:42
1
Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.
– Tschallacka
Mar 26 at 13:42
1
Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.
– Erik A
Mar 28 at 11:05
add a comment |
11
By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.
– Oxy
Mar 26 at 11:42
1
Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.
– Tschallacka
Mar 26 at 13:42
1
Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.
– Erik A
Mar 28 at 11:05
11
11
By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.
– Oxy
Mar 26 at 11:42
By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.
– Oxy
Mar 26 at 11:42
1
1
Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.
– Tschallacka
Mar 26 at 13:42
Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.
– Tschallacka
Mar 26 at 13:42
1
1
Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.
– Erik A
Mar 28 at 11:05
Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.
– Erik A
Mar 28 at 11:05
add a comment |
I still heartily recommend using a password manager. If that is impossible, and all the following are true:
- People can choose their own passwords.
- No one has to share passwords.
- (Protected Excel files make this seem unlikely.)
...then you could suggest a Password Card to keep in their wallet.
The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.
– Adonalsium
Mar 26 at 14:01
1
@Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."
– Lightness Races in Orbit
Mar 27 at 11:11
2
@LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.
– Adonalsium
Mar 27 at 16:31
That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.
– dgnuff
Mar 28 at 5:18
1
@dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.
– Michael
Mar 28 at 10:59
|
show 3 more comments
I still heartily recommend using a password manager. If that is impossible, and all the following are true:
- People can choose their own passwords.
- No one has to share passwords.
- (Protected Excel files make this seem unlikely.)
...then you could suggest a Password Card to keep in their wallet.
The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.
– Adonalsium
Mar 26 at 14:01
1
@Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."
– Lightness Races in Orbit
Mar 27 at 11:11
2
@LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.
– Adonalsium
Mar 27 at 16:31
That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.
– dgnuff
Mar 28 at 5:18
1
@dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.
– Michael
Mar 28 at 10:59
|
show 3 more comments
I still heartily recommend using a password manager. If that is impossible, and all the following are true:
- People can choose their own passwords.
- No one has to share passwords.
- (Protected Excel files make this seem unlikely.)
...then you could suggest a Password Card to keep in their wallet.
I still heartily recommend using a password manager. If that is impossible, and all the following are true:
- People can choose their own passwords.
- No one has to share passwords.
- (Protected Excel files make this seem unlikely.)
...then you could suggest a Password Card to keep in their wallet.
answered Mar 26 at 13:45
MichaelMichael
1,20312 silver badges27 bronze badges
1,20312 silver badges27 bronze badges
The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.
– Adonalsium
Mar 26 at 14:01
1
@Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."
– Lightness Races in Orbit
Mar 27 at 11:11
2
@LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.
– Adonalsium
Mar 27 at 16:31
That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.
– dgnuff
Mar 28 at 5:18
1
@dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.
– Michael
Mar 28 at 10:59
|
show 3 more comments
The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.
– Adonalsium
Mar 26 at 14:01
1
@Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."
– Lightness Races in Orbit
Mar 27 at 11:11
2
@LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.
– Adonalsium
Mar 27 at 16:31
That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.
– dgnuff
Mar 28 at 5:18
1
@dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.
– Michael
Mar 28 at 10:59
The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.
– Adonalsium
Mar 26 at 14:01
The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.
– Adonalsium
Mar 26 at 14:01
1
1
@Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."
– Lightness Races in Orbit
Mar 27 at 11:11
@Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."
– Lightness Races in Orbit
Mar 27 at 11:11
2
2
@LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.
– Adonalsium
Mar 27 at 16:31
@LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.
– Adonalsium
Mar 27 at 16:31
That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.
– dgnuff
Mar 28 at 5:18
That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.
– dgnuff
Mar 28 at 5:18
1
1
@dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.
– Michael
Mar 28 at 10:59
@dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.
– Michael
Mar 28 at 10:59
|
show 3 more comments
Sheneir on Write Down Your Password:
Microsoft's Jesper Johansson urged people to write down their
passwords.
This is good advice, and I've been saying it for years.
Simply, people can no longer remember passwords good enough to
reliably defend against dictionary attacks, and are much more secure
if they choose a password too complicated to remember and then write
it down. We're all good at securing small pieces of paper. I recommend
that people write their passwords down on a small piece of paper, and
keep it with their other valuable small pieces of paper: in their
wallet.
Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.
– Lightness Races in Orbit
Mar 27 at 11:12
No, that's FUD. Read Schwern's answer.
– Lightness Races in Orbit
Mar 31 at 18:01
A password manager is writing down your password and then encrypting it and then storing it where it will not be lost. We are not good at securing small pieces of paper, we lose them all the time. And with the increasing number of accounts you're going to have a very fat wallet.
– Schwern
May 3 at 21:19
add a comment |
Sheneir on Write Down Your Password:
Microsoft's Jesper Johansson urged people to write down their
passwords.
This is good advice, and I've been saying it for years.
Simply, people can no longer remember passwords good enough to
reliably defend against dictionary attacks, and are much more secure
if they choose a password too complicated to remember and then write
it down. We're all good at securing small pieces of paper. I recommend
that people write their passwords down on a small piece of paper, and
keep it with their other valuable small pieces of paper: in their
wallet.
Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.
– Lightness Races in Orbit
Mar 27 at 11:12
No, that's FUD. Read Schwern's answer.
– Lightness Races in Orbit
Mar 31 at 18:01
A password manager is writing down your password and then encrypting it and then storing it where it will not be lost. We are not good at securing small pieces of paper, we lose them all the time. And with the increasing number of accounts you're going to have a very fat wallet.
– Schwern
May 3 at 21:19
add a comment |
Sheneir on Write Down Your Password:
Microsoft's Jesper Johansson urged people to write down their
passwords.
This is good advice, and I've been saying it for years.
Simply, people can no longer remember passwords good enough to
reliably defend against dictionary attacks, and are much more secure
if they choose a password too complicated to remember and then write
it down. We're all good at securing small pieces of paper. I recommend
that people write their passwords down on a small piece of paper, and
keep it with their other valuable small pieces of paper: in their
wallet.
Sheneir on Write Down Your Password:
Microsoft's Jesper Johansson urged people to write down their
passwords.
This is good advice, and I've been saying it for years.
Simply, people can no longer remember passwords good enough to
reliably defend against dictionary attacks, and are much more secure
if they choose a password too complicated to remember and then write
it down. We're all good at securing small pieces of paper. I recommend
that people write their passwords down on a small piece of paper, and
keep it with their other valuable small pieces of paper: in their
wallet.
answered Mar 27 at 10:42
Billal BegueradjBillal Begueradj
1522 gold badges3 silver badges10 bronze badges
1522 gold badges3 silver badges10 bronze badges
Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.
– Lightness Races in Orbit
Mar 27 at 11:12
No, that's FUD. Read Schwern's answer.
– Lightness Races in Orbit
Mar 31 at 18:01
A password manager is writing down your password and then encrypting it and then storing it where it will not be lost. We are not good at securing small pieces of paper, we lose them all the time. And with the increasing number of accounts you're going to have a very fat wallet.
– Schwern
May 3 at 21:19
add a comment |
Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.
– Lightness Races in Orbit
Mar 27 at 11:12
No, that's FUD. Read Schwern's answer.
– Lightness Races in Orbit
Mar 31 at 18:01
A password manager is writing down your password and then encrypting it and then storing it where it will not be lost. We are not good at securing small pieces of paper, we lose them all the time. And with the increasing number of accounts you're going to have a very fat wallet.
– Schwern
May 3 at 21:19
Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.
– Lightness Races in Orbit
Mar 27 at 11:12
Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.
– Lightness Races in Orbit
Mar 27 at 11:12
No, that's FUD. Read Schwern's answer.
– Lightness Races in Orbit
Mar 31 at 18:01
No, that's FUD. Read Schwern's answer.
– Lightness Races in Orbit
Mar 31 at 18:01
A password manager is writing down your password and then encrypting it and then storing it where it will not be lost. We are not good at securing small pieces of paper, we lose them all the time. And with the increasing number of accounts you're going to have a very fat wallet.
– Schwern
May 3 at 21:19
A password manager is writing down your password and then encrypting it and then storing it where it will not be lost. We are not good at securing small pieces of paper, we lose them all the time. And with the increasing number of accounts you're going to have a very fat wallet.
– Schwern
May 3 at 21:19
add a comment |
Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!
But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.
3
I think that the hesitation is with using a password manager in general, not the local install.
– schroeder♦
Mar 26 at 0:11
But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)
– Paris
Mar 26 at 1:06
The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.
– Captain Man
Mar 26 at 16:24
@CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.
– Paris
Mar 26 at 20:43
Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.
– Harper
Mar 28 at 22:40
add a comment |
Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!
But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.
3
I think that the hesitation is with using a password manager in general, not the local install.
– schroeder♦
Mar 26 at 0:11
But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)
– Paris
Mar 26 at 1:06
The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.
– Captain Man
Mar 26 at 16:24
@CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.
– Paris
Mar 26 at 20:43
Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.
– Harper
Mar 28 at 22:40
add a comment |
Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!
But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.
Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!
But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.
edited Mar 26 at 0:10
schroeder♦
83.6k34 gold badges188 silver badges224 bronze badges
83.6k34 gold badges188 silver badges224 bronze badges
answered Mar 26 at 0:07
ParisParis
271 bronze badge
271 bronze badge
3
I think that the hesitation is with using a password manager in general, not the local install.
– schroeder♦
Mar 26 at 0:11
But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)
– Paris
Mar 26 at 1:06
The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.
– Captain Man
Mar 26 at 16:24
@CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.
– Paris
Mar 26 at 20:43
Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.
– Harper
Mar 28 at 22:40
add a comment |
3
I think that the hesitation is with using a password manager in general, not the local install.
– schroeder♦
Mar 26 at 0:11
But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)
– Paris
Mar 26 at 1:06
The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.
– Captain Man
Mar 26 at 16:24
@CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.
– Paris
Mar 26 at 20:43
Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.
– Harper
Mar 28 at 22:40
3
3
I think that the hesitation is with using a password manager in general, not the local install.
– schroeder♦
Mar 26 at 0:11
I think that the hesitation is with using a password manager in general, not the local install.
– schroeder♦
Mar 26 at 0:11
But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)
– Paris
Mar 26 at 1:06
But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)
– Paris
Mar 26 at 1:06
The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.
– Captain Man
Mar 26 at 16:24
The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.
– Captain Man
Mar 26 at 16:24
@CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.
– Paris
Mar 26 at 20:43
@CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.
– Paris
Mar 26 at 20:43
Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.
– Harper
Mar 28 at 22:40
Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.
– Harper
Mar 28 at 22:40
add a comment |
A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.
The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.
For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.
Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.
Vulnerable to simple shoulder surfing.
– Schwern
Mar 27 at 7:41
@Schwern not if they were very complex passwords
– Ulkoma
Mar 27 at 20:47
@Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.
– Schwern
Mar 27 at 20:55
add a comment |
A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.
The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.
For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.
Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.
Vulnerable to simple shoulder surfing.
– Schwern
Mar 27 at 7:41
@Schwern not if they were very complex passwords
– Ulkoma
Mar 27 at 20:47
@Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.
– Schwern
Mar 27 at 20:55
add a comment |
A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.
The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.
For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.
Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.
A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.
The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.
For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.
Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.
edited Mar 27 at 9:53
schroeder♦
83.6k34 gold badges188 silver badges224 bronze badges
83.6k34 gold badges188 silver badges224 bronze badges
answered Mar 27 at 3:27
opsecwinopsecwin
211 bronze badge
211 bronze badge
Vulnerable to simple shoulder surfing.
– Schwern
Mar 27 at 7:41
@Schwern not if they were very complex passwords
– Ulkoma
Mar 27 at 20:47
@Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.
– Schwern
Mar 27 at 20:55
add a comment |
Vulnerable to simple shoulder surfing.
– Schwern
Mar 27 at 7:41
@Schwern not if they were very complex passwords
– Ulkoma
Mar 27 at 20:47
@Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.
– Schwern
Mar 27 at 20:55
Vulnerable to simple shoulder surfing.
– Schwern
Mar 27 at 7:41
Vulnerable to simple shoulder surfing.
– Schwern
Mar 27 at 7:41
@Schwern not if they were very complex passwords
– Ulkoma
Mar 27 at 20:47
@Schwern not if they were very complex passwords
– Ulkoma
Mar 27 at 20:47
@Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.
– Schwern
Mar 27 at 20:55
@Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.
– Schwern
Mar 27 at 20:55
add a comment |
Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.
It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.
As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd
But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.
This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).
– OrangeDog
Mar 26 at 17:49
It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.
– OrangeDog
Mar 26 at 17:49
@orangedog but not all of them.
– Stian Yttervik
Mar 26 at 19:13
I think you are confused about what a phishing attack is.
– OrangeDog
Mar 26 at 19:15
@orangedog Hardly, it rather seems like I am quite convinced.
– Stian Yttervik
Mar 26 at 19:18
|
show 3 more comments
Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.
It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.
As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd
But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.
This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).
– OrangeDog
Mar 26 at 17:49
It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.
– OrangeDog
Mar 26 at 17:49
@orangedog but not all of them.
– Stian Yttervik
Mar 26 at 19:13
I think you are confused about what a phishing attack is.
– OrangeDog
Mar 26 at 19:15
@orangedog Hardly, it rather seems like I am quite convinced.
– Stian Yttervik
Mar 26 at 19:18
|
show 3 more comments
Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.
It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.
As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd
But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.
Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.
It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.
As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd
But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.
answered Mar 26 at 16:52
Stian YttervikStian Yttervik
1091 bronze badge
1091 bronze badge
This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).
– OrangeDog
Mar 26 at 17:49
It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.
– OrangeDog
Mar 26 at 17:49
@orangedog but not all of them.
– Stian Yttervik
Mar 26 at 19:13
I think you are confused about what a phishing attack is.
– OrangeDog
Mar 26 at 19:15
@orangedog Hardly, it rather seems like I am quite convinced.
– Stian Yttervik
Mar 26 at 19:18
|
show 3 more comments
This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).
– OrangeDog
Mar 26 at 17:49
It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.
– OrangeDog
Mar 26 at 17:49
@orangedog but not all of them.
– Stian Yttervik
Mar 26 at 19:13
I think you are confused about what a phishing attack is.
– OrangeDog
Mar 26 at 19:15
@orangedog Hardly, it rather seems like I am quite convinced.
– Stian Yttervik
Mar 26 at 19:18
This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).
– OrangeDog
Mar 26 at 17:49
This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).
– OrangeDog
Mar 26 at 17:49
It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.
– OrangeDog
Mar 26 at 17:49
It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.
– OrangeDog
Mar 26 at 17:49
@orangedog but not all of them.
– Stian Yttervik
Mar 26 at 19:13
@orangedog but not all of them.
– Stian Yttervik
Mar 26 at 19:13
I think you are confused about what a phishing attack is.
– OrangeDog
Mar 26 at 19:15
I think you are confused about what a phishing attack is.
– OrangeDog
Mar 26 at 19:15
@orangedog Hardly, it rather seems like I am quite convinced.
– Stian Yttervik
Mar 26 at 19:18
@orangedog Hardly, it rather seems like I am quite convinced.
– Stian Yttervik
Mar 26 at 19:18
|
show 3 more comments
I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.
Having said that, If you have decided against using a password manager then you could use the following approach
- Have two password protected Excel files.
- Use different passwords for each Excel.
- Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.
- Store the unique number and corresponding password in another Excel.
add a comment |
I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.
Having said that, If you have decided against using a password manager then you could use the following approach
- Have two password protected Excel files.
- Use different passwords for each Excel.
- Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.
- Store the unique number and corresponding password in another Excel.
add a comment |
I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.
Having said that, If you have decided against using a password manager then you could use the following approach
- Have two password protected Excel files.
- Use different passwords for each Excel.
- Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.
- Store the unique number and corresponding password in another Excel.
I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.
Having said that, If you have decided against using a password manager then you could use the following approach
- Have two password protected Excel files.
- Use different passwords for each Excel.
- Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.
- Store the unique number and corresponding password in another Excel.
answered Mar 27 at 9:22
Kolappan NathanKolappan Nathan
1,7507 silver badges19 bronze badges
1,7507 silver badges19 bronze badges
add a comment |
add a comment |
If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.
4
This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.
– Schwern
Mar 25 at 23:57
2
Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.
– ThoriumBR
Mar 26 at 1:53
add a comment |
If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.
4
This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.
– Schwern
Mar 25 at 23:57
2
Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.
– ThoriumBR
Mar 26 at 1:53
add a comment |
If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.
If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.
answered Mar 25 at 21:44
user197001user197001
211 bronze badge
211 bronze badge
4
This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.
– Schwern
Mar 25 at 23:57
2
Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.
– ThoriumBR
Mar 26 at 1:53
add a comment |
4
This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.
– Schwern
Mar 25 at 23:57
2
Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.
– ThoriumBR
Mar 26 at 1:53
4
4
This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.
– Schwern
Mar 25 at 23:57
This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.
– Schwern
Mar 25 at 23:57
2
2
Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.
– ThoriumBR
Mar 26 at 1:53
Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.
– ThoriumBR
Mar 26 at 1:53
add a comment |
This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).
You can easily store it in your mind: but don't remember the passwords, remember a formula.
For example, start with a base word, let's say "Password", and think of a couple of custom rules:
- Number of letters in website name (Facebook: 8), and add it to the end.
- Capitalize matching vowels (Facebook: A and O)
- Replace the Nth character with a number equal to number of syllables (Facebook: 2)
You end up with P2sswOrd8.
You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).
6
This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?
– schroeder♦
Mar 26 at 16:10
3
Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.
– schroeder♦
Mar 26 at 16:14
It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.
– Jeffrey Roosendaal
Mar 26 at 16:31
3
Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.
– schroeder♦
Mar 26 at 16:41
The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.
– zakinster
Mar 26 at 17:37
|
show 1 more comment
This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).
You can easily store it in your mind: but don't remember the passwords, remember a formula.
For example, start with a base word, let's say "Password", and think of a couple of custom rules:
- Number of letters in website name (Facebook: 8), and add it to the end.
- Capitalize matching vowels (Facebook: A and O)
- Replace the Nth character with a number equal to number of syllables (Facebook: 2)
You end up with P2sswOrd8.
You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).
6
This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?
– schroeder♦
Mar 26 at 16:10
3
Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.
– schroeder♦
Mar 26 at 16:14
It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.
– Jeffrey Roosendaal
Mar 26 at 16:31
3
Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.
– schroeder♦
Mar 26 at 16:41
The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.
– zakinster
Mar 26 at 17:37
|
show 1 more comment
This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).
You can easily store it in your mind: but don't remember the passwords, remember a formula.
For example, start with a base word, let's say "Password", and think of a couple of custom rules:
- Number of letters in website name (Facebook: 8), and add it to the end.
- Capitalize matching vowels (Facebook: A and O)
- Replace the Nth character with a number equal to number of syllables (Facebook: 2)
You end up with P2sswOrd8.
You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).
This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).
You can easily store it in your mind: but don't remember the passwords, remember a formula.
For example, start with a base word, let's say "Password", and think of a couple of custom rules:
- Number of letters in website name (Facebook: 8), and add it to the end.
- Capitalize matching vowels (Facebook: A and O)
- Replace the Nth character with a number equal to number of syllables (Facebook: 2)
You end up with P2sswOrd8.
You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).
edited Mar 26 at 16:15
schroeder♦
83.6k34 gold badges188 silver badges224 bronze badges
83.6k34 gold badges188 silver badges224 bronze badges
answered Mar 26 at 16:05
Jeffrey RoosendaalJeffrey Roosendaal
1112 bronze badges
1112 bronze badges
6
This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?
– schroeder♦
Mar 26 at 16:10
3
Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.
– schroeder♦
Mar 26 at 16:14
It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.
– Jeffrey Roosendaal
Mar 26 at 16:31
3
Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.
– schroeder♦
Mar 26 at 16:41
The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.
– zakinster
Mar 26 at 17:37
|
show 1 more comment
6
This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?
– schroeder♦
Mar 26 at 16:10
3
Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.
– schroeder♦
Mar 26 at 16:14
It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.
– Jeffrey Roosendaal
Mar 26 at 16:31
3
Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.
– schroeder♦
Mar 26 at 16:41
The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.
– zakinster
Mar 26 at 17:37
6
6
This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?
– schroeder♦
Mar 26 at 16:10
This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?
– schroeder♦
Mar 26 at 16:10
3
3
Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.
– schroeder♦
Mar 26 at 16:14
Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.
– schroeder♦
Mar 26 at 16:14
It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.
– Jeffrey Roosendaal
Mar 26 at 16:31
It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.
– Jeffrey Roosendaal
Mar 26 at 16:31
3
3
Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.
– schroeder♦
Mar 26 at 16:41
Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.
– schroeder♦
Mar 26 at 16:41
The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.
– zakinster
Mar 26 at 17:37
The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.
– zakinster
Mar 26 at 17:37
|
show 1 more comment
protected by Rory Alsop♦ Mar 27 at 9:39
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
4
Maybe ask IT if they have a recommended solution. They may already have some software they allow.
– Daisetsu
Mar 25 at 20:47
101
What is it about the recommendations/feedback that’s made you hesitant?
– Ry-
Mar 25 at 21:48
37
This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.
– Alexander
Mar 26 at 16:11
2
Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.
– tmh
Mar 27 at 10:55
4
Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?
– MonkeyZeus
Mar 27 at 12:36