Be careful if you have a Word document with all your bank details in it

245

Comments

  • km1500
    km1500 Posts: 2,707 Forumite
    1,000 Posts Second Anniversary Name Dropper
    "using one is still a million times better than using a word document. "

    Actually, Word (docx) and Lastpass use the same encryption method - AES256 - so they are the same.
  • RobM99
    RobM99 Posts: 2,684 Forumite
    Eighth Anniversary 1,000 Posts Photogenic Name Dropper
    My passwords are in Word but coded. Who else would know the phone number of a Norwegian ex  or know what "catgas" meant? Only me.
    Now a gainfully employed bassist again - WooHoo!
  • AndyTh_2
    AndyTh_2 Posts: 328 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    edited 25 February 2023 at 3:18PM
    AndyTh_2 said:
    RG2015 said:
    Band7 said:
    It's an odd decision to start with to store your banking and other login details in Word or some other text document.
    Why?

    If it is on your own personal file, what are the chances of this being hacked?

    For example, how is a password manager any more secure?
    it's encrypted for a start
    Also a HUGE improvement with password managers integrated with browsers is that they only show and fill passwords related to the website domain, so a phishing domain would show no credentials to fill in. Whereas reading from a document and entering manually you can still get phished.

    That's not to say it fully stops you from getting phished, if you end up filling in manually, but the default way to access it would be much safer.
  • AndyTh_2
    AndyTh_2 Posts: 328 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    edited 25 February 2023 at 3:34PM
    km1500 said:
    "using one is still a million times better than using a word document. "

    Actually, Word (docx) and Lastpass use the same encryption method - AES256 - so they are the same.
    Lastpass didn't encrypt the entry names, urls, and some other field attributes though, which has shocking implications.
  • 400ixl
    400ixl Posts: 4,482 Forumite
    1,000 Posts Third Anniversary Name Dropper
    Lastpass is not a good example of a password manager, at least not for the last 5 years or so. Proprietary software which is not peer reviewed and to be really useful across multiple devices for a single user has a cost involved.

    The likes of Bitwarden who allow peer review of their code is a much better example of one to use (there are others).

    The fact the document was stored on Onedrive is not so much of an issue, yes the file can be replicated and searched across devices, but those devices must be logged into Onedrive in the first instance for this to happen. You can easily store the document in a folder on the laptop which is not Onedrive synchronised, or just exclude the file.

    Personally I would not be storing the login and password details in a Word document, I would store those in a password manager. Having the account names, sort codes & account numbers in a Word file is not much of a risk.
  • RG2015
    RG2015 Posts: 6,043 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper Photogenic
    AndyTh_2 said:
    AndyTh_2 said:
    RG2015 said:
    Band7 said:
    It's an odd decision to start with to store your banking and other login details in Word or some other text document.
    Why?

    If it is on your own personal file, what are the chances of this being hacked?

    For example, how is a password manager any more secure?
    it's encrypted for a start
    Also a HUGE improvement with password managers integrated with browsers is that they only show and fill passwords related to the website domain, so a phishing domain would show no credentials to fill in. Whereas reading from a document and entering manually you can still get phished.

    That's not to say it fully stops you from getting phished, if you end up filling in manually, but the default way to access it would be much safer.
    How common is getting phished?

    Has anyone here been a victim?
  • born_again
    born_again Posts: 19,732 Forumite
    10,000 Posts Fifth Anniversary Name Dropper
    Murmansk said:
    This is similar to the other recent thread entitled Identity Breach

    A friend of mine had a problem with her Android phone and Gmail and I was looking at her phone to sort it out. I did a search within Gmail and it came up with a document that happened to contain the word we were looking for - but it was within a Word document and it downloaded onto the phone. The document contained all of her banking passwords and secret info etc!!!!!

    My friend was mortified as she said this document had been on her laptop. 

    I suggested in the strongest terms that she set a password on the Word document in question as a minimum first step.

    What appeared to have happened was that there was a shortcut to her Documents folder in Onedrive so all of her stuff, unknown to her, was in Onedrive. She never uses Onedrive so this must have been put there by the system. 

    I'd previously told her not to store this info in a note in Google Keep, thinking that this was very risky, but I wasn't expecting to discover another example of such insecure storage of valuable information.
    Is the phone secured by either password or biometric authentication.
    So for someone to access these files, they would need the phone to be unlocked.

    You can also stop one drive from backing up folders. 👍
    Life in the slow lane
  • AndyTh_2
    AndyTh_2 Posts: 328 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    RG2015 said:
    AndyTh_2 said:
    AndyTh_2 said:
    RG2015 said:
    Band7 said:
    It's an odd decision to start with to store your banking and other login details in Word or some other text document.
    Why?

    If it is on your own personal file, what are the chances of this being hacked?

    For example, how is a password manager any more secure?
    it's encrypted for a start
    Also a HUGE improvement with password managers integrated with browsers is that they only show and fill passwords related to the website domain, so a phishing domain would show no credentials to fill in. Whereas reading from a document and entering manually you can still get phished.

    That's not to say it fully stops you from getting phished, if you end up filling in manually, but the default way to access it would be much safer.
    How common is getting phished?

    Has anyone here been a victim?
    the sample size from this chat is hardly a good indicator
  • SiliconChip
    SiliconChip Posts: 1,784 Forumite
    1,000 Posts Third Anniversary Name Dropper
    robatwork said:
    RG2015 said:
    Band7 said:
    It's an odd decision to start with to store your banking and other login details in Word or some other text document.
    Why?

    If it is on your own personal file, what are the chances of this being hacked?

    For example, how is a password manager any more secure?
    Lastpass got hacked last year which wasn't a great advert for password managers, but using one is still a million times better than using a word document. 

    Are you sure it's a million, and not 999,999 or 1,000,001 times better? Or is it in fact just a made up number for which you can present no justification?
  • 400ixl
    400ixl Posts: 4,482 Forumite
    1,000 Posts Third Anniversary Name Dropper
    robatwork said:
    RG2015 said:
    Band7 said:
    It's an odd decision to start with to store your banking and other login details in Word or some other text document.
    Why?

    If it is on your own personal file, what are the chances of this being hacked?

    For example, how is a password manager any more secure?
    Lastpass got hacked last year which wasn't a great advert for password managers, but using one is still a million times better than using a word document. 

    Are you sure it's a million, and not 999,999 or 1,000,001 times better? Or is it in fact just a made up number for which you can present no justification?
    Its a magnitude better. whether that is 2 times or a million times, it is still better.

    What is your point, are you claiming it is not a better method? If not its a moot statement you have made.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.2K Banking & Borrowing
  • 252.8K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 243.1K Work, Benefits & Business
  • 597.5K Mortgages, Homes & Bills
  • 176.5K Life & Family
  • 256.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.