Be careful if you have a Word document with all your bank details in it

km1500

"using one is still a million times better than using a word document. "

Actually, Word (docx) and Lastpass use the same encryption method - AES256 - so they are the same.

RobM99

My passwords are in Word but coded. Who else would know the phone number of a Norwegian ex  or know what "catgas" meant? Only me.

AndyTh_2

AndyTh_2 said:

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

it's encrypted for a start

Also a HUGE improvement with password managers integrated with browsers is that they only show and fill passwords related to the website domain, so a phishing domain would show no credentials to fill in. Whereas reading from a document and entering manually you can still get phished.

That's not to say it fully stops you from getting phished, if you end up filling in manually, but the default way to access it would be much safer.

AndyTh_2

km1500 said:

"using one is still a million times better than using a word document. "

Actually, Word (docx) and Lastpass use the same encryption method - AES256 - so they are the same.

Lastpass didn't encrypt the entry names, urls, and some other field attributes though, which has shocking implications.

400ixl

Lastpass is not a good example of a password manager, at least not for the last 5 years or so. Proprietary software which is not peer reviewed and to be really useful across multiple devices for a single user has a cost involved.

The likes of Bitwarden who allow peer review of their code is a much better example of one to use (there are others).

The fact the document was stored on Onedrive is not so much of an issue, yes the file can be replicated and searched across devices, but those devices must be logged into Onedrive in the first instance for this to happen. You can easily store the document in a folder on the laptop which is not Onedrive synchronised, or just exclude the file.

Personally I would not be storing the login and password details in a Word document, I would store those in a password manager. Having the account names, sort codes & account numbers in a Word file is not much of a risk.

RG2015

AndyTh_2 said:

AndyTh_2 said:

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

it's encrypted for a start

Also a HUGE improvement with password managers integrated with browsers is that they only show and fill passwords related to the website domain, so a phishing domain would show no credentials to fill in. Whereas reading from a document and entering manually you can still get phished.

That's not to say it fully stops you from getting phished, if you end up filling in manually, but the default way to access it would be much safer.

How common is getting phished?

Has anyone here been a victim?

born_again

Murmansk said:

This is similar to the other recent thread entitled Identity Breach

A friend of mine had a problem with her Android phone and Gmail and I was looking at her phone to sort it out. I did a search within Gmail and it came up with a document that happened to contain the word we were looking for - but it was within a Word document and it downloaded onto the phone. The document contained all of her banking passwords and secret info etc!!!!!

My friend was mortified as she said this document had been on her laptop. 

I suggested in the strongest terms that she set a password on the Word document in question as a minimum first step.

What appeared to have happened was that there was a shortcut to her Documents folder in Onedrive so all of her stuff, unknown to her, was in Onedrive. She never uses Onedrive so this must have been put there by the system. 

I'd previously told her not to store this info in a note in Google Keep, thinking that this was very risky, but I wasn't expecting to discover another example of such insecure storage of valuable information.

Is the phone secured by either password or biometric authentication.
So for someone to access these files, they would need the phone to be unlocked.

You can also stop one drive from backing up folders. 👍

AndyTh_2

RG2015 said:

AndyTh_2 said:

AndyTh_2 said:

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

it's encrypted for a start

Also a HUGE improvement with password managers integrated with browsers is that they only show and fill passwords related to the website domain, so a phishing domain would show no credentials to fill in. Whereas reading from a document and entering manually you can still get phished.

That's not to say it fully stops you from getting phished, if you end up filling in manually, but the default way to access it would be much safer.

How common is getting phished?

Has anyone here been a victim?

the sample size from this chat is hardly a good indicator

SiliconChip

robatwork said:

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

Lastpass got hacked last year which wasn't a great advert for password managers, but using one is still a million times better than using a word document. 

Are you sure it's a million, and not 999,999 or 1,000,001 times better? Or is it in fact just a made up number for which you can present no justification?

400ixl

SiliconChip said:

robatwork said:

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

Lastpass got hacked last year which wasn't a great advert for password managers, but using one is still a million times better than using a word document. 

Are you sure it's a million, and not 999,999 or 1,000,001 times better? Or is it in fact just a made up number for which you can present no justification?

Its a magnitude better. whether that is 2 times or a million times, it is still better.

What is your point, are you claiming it is not a better method? If not its a moot statement you have made.