Styjun

Install a password manager. A good password manager is much, much better than anything you can do by yourself.

They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.

You're probably referring to the recent articles about flaws in password managers.

• 
  Password managers have a security flaw. But you should still use one. (Washington Post)


• 
  Password managers leaking data in memory, but you should still use one. (Sophos)

Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...

All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.

1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...

...we need to consider that for this to enable an attack the attacker must

1. Be in a position to read 1Password process memory when 1Password is locked


2. Not be in a position to read 1Password process memory when 1Password is unlocked.

Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.

If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.

And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.

Password managers can do other things to add to your security.

• Share and manage your passwords between all your devices, including mobile devices.


• Share and manage passwords and credentials with co-workers.


• Store more than just passwords securely.
  
  
  • GPG and SSH keys and passphrases
  
  
  • 
    One-time password generators
  
  
  • Recovery keys
  
  
  • Security questions
  
  
  • API keys
  
  
  • Notes
  
  
  • Credit cards (arguably better than saving them on web sites)
  
  
  • Bank accounts
  
  
  • Memberships
  
  
  • Software licenses
  
  


• Inform you of insecure passwords
  
  
  • Reused passwords
  
  
  • Password breaches
  
  


• Generate secure passwords


• Auto-fill passwords (avoids being shoulder surfed)


• Auto-record new accounts


• Protection against ransomware (if it stores your vault elsewhere)

These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.

The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).

If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.

Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:

1. Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]




2. Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.




3. If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.

So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?

[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.

[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.

The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.

It does offer some weak points

https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office

Previously, if the original creator of a file password either forgot
the password or left the organization, the file was rendered
unrecoverable. By using Office 2016 and an escrow key, which is
generated from your company or organization's private key certificate
store, an IT admin can "unlock" the file for a user and then either
leave the file without password protection, or assign a new password
to the file. You, the IT admin, are the keeper of the escrow key which
is generated from your company or organization's private key
certificate store. You can silently push the public key information to
client computers one time through a registry key setting that you can
manually create or you can create it through a Group Policy script.
When a user later creates a password-protected Word, Excel, or
PowerPoint file, this public key is included in the file header.
Later, an IT pro can use the Office DocRecrypt tool to remove the
password that is attached to the file, and then, optionally, protect
the file by using a new password. To do this, the IT pro must have all
the following:

The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.

There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.

In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.

So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.

Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.

In comparison, password managers offer more security.

I still heartily recommend using a password manager. If that is impossible, and all the following are true:

• People can choose their own passwords.


• No one has to share passwords.
  
  
  • (Protected Excel files make this seem unlikely.)
  
  

...then you could suggest a Password Card to keep in their wallet.

Sheneir on Write Down Your Password:

Microsoft's Jesper Johansson urged people to write down their
passwords.

This is good advice, and I've been saying it for years.

Simply, people can no longer remember passwords good enough to
reliably defend against dictionary attacks, and are much more secure
if they choose a password too complicated to remember and then write
it down. We're all good at securing small pieces of paper. I recommend
that people write their passwords down on a small piece of paper, and
keep it with their other valuable small pieces of paper: in their
wallet.

Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!

But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.

A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.

The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.

For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.

Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.

Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.

It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.

As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd

But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.

I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.

Having said that, If you have decided against using a password manager then you could use the following approach

1. Have two password protected Excel files.


2. Use different passwords for each Excel.


3. Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.


4. Store the unique number and corresponding password in another Excel.

If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.