Be careful if you have a Word document with all your bank details in it

Murmansk

This is similar to the other recent thread entitled Identity Breach

A friend of mine had a problem with her Android phone and Gmail and I was looking at her phone to sort it out. I did a search within Gmail and it came up with a document that happened to contain the word we were looking for - but it was within a Word document and it downloaded onto the phone. The document contained all of her banking passwords and secret info etc!!!!!

My friend was mortified as she said this document had been on her laptop. 

I suggested in the strongest terms that she set a password on the Word document in question as a minimum first step.

What appeared to have happened was that there was a shortcut to her Documents folder in Onedrive so all of her stuff, unknown to her, was in Onedrive. She never uses Onedrive so this must have been put there by the system. 

I'd previously told her not to store this info in a note in Google Keep, thinking that this was very risky, but I wasn't expecting to discover another example of such insecure storage of valuable information.

unforeseen

If you have One drive running on your PC whether you use it or not, it automatically saves everything in Documents, Pictures & desktop to your online One drive account.
It actually substitutes folders of the same name in Onedrive for the original ones. It is working as designed

[Deleted User]

She presumably was on her phone, as long as her phone has sufficient security and she has 2FA enabled on her Microsoft account, it is secure. There is no issue. However I would suggest she learns about cloud storage as it sounds like she doesn’t understand what is going on. It is also unwise to store passwords in a text document.

On the email, was this a link to onedrive? She should also make sure none of her documents are shared.

km1500

"unwise to store passwords in a text document."

It was not a text document it was a Word document. Put a password on it as suggested above and as long as it's a decent password (don't use words - use random letters and numbers) it will be fine.

Zanderman

km1500 said:

"unwise to store passwords in a text document."

It was not a text document it was a Word document. Put a password on it as suggested above and as long as it's a decent password (don't use words - use random letters and numbers) it will be fine.

To most people a word-processed document is a 'text' document! Not in the .txt sense obviously, but it's a little pedantic to worry about the difference! Yes .txt documents can be opened very easily, but actually so can word documents, by a very wide range of apps. They can even be opened as .txt docs, albeit littered with formatting but still with the key info showing. 

The underlying point being made was that storing any such info as simple readable text - in any document type - is unwise.

Yes, password protection will help, but better to make it cryptic in the first place, either a code you understand or, more simply, without whole words or numbers - or with questions you'll understand but not a thief - just enough to jog memory.   

Band7

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

RG2015

Aside from the issue of storing passwords on a Word document, why would One Drive be less secure than being stored on a laptop?

One Drive is a personal storage vault, not an open access area.

Or have I missed something?

RG2015

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

km1500

"but actually so can word documents, by a very wide range of apps..."

Not if they are password protected they can't !

https://support.microsoft.com/en-us/topic/you-cannot-recover-a-document-that-is-protected-with-a-password-if-the-password-is-lost-in-word-65a1f34b-fa3f-665a-4913-7ecbb8e01f5f

You can try and find the password by brute force of course, which is why I suggested using a password made of random characters and numbers.

AndyTh_2

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

it's encrypted for a start

robatwork

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

The quick answer is "encryption". The point being your password manager is is encrypted and as long as only you know your key then it's incredibly safe. 

Lastpass got hacked last year which wasn't a great advert for password managers, but using one is still a million times better than using a word document.