Be careful if you have a Word document with all your bank details in it

RG2015

400ixl said:

SiliconChip said:

robatwork said:

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

Lastpass got hacked last year which wasn't a great advert for password managers, but using one is still a million times better than using a word document. 

Are you sure it's a million, and not 999,999 or 1,000,001 times better? Or is it in fact just a made up number for which you can present no justification?

Its a magnitude better. whether that is 2 times or a million times, it is still better.

What is your point, are you claiming it is not a better method? If not its a moot statement you have made.

Can you outline in simple terms how a password manager is a magnitude better than a password protected Excel file?

I imagine it will be but I know Excel well and am pretty sure that the password protection is very strong (possibly unbreakable).

I don't know much about password managers, but if both methods are very strong then aren't they both 100% secure.

400ixl

Depending on the version of Excel it can be cracked in minutes. Hopefully you are using a later version, in which case password protection is pretty goo and you don't have anything to worry about there.

Things change though once the file is open.

Excel you are cutting and pasting of which there are exploits out there that will capture that
Excel also has exploits that once the file is open all data can be leaked giving over all your passwords
You could have accessed a non genuine website and you may paste passwords into that. A password manager would see it is not the right site and not offer a password, alerting you to the issue
Password managers can use 2FA to access them which Excel does not
Excel will not create random complex passwords for you when signing up to sites or changing passwords
Excel is a pain to use on a mobile device and across multiple devices in comparison to a password manager

You are being reasonably secure in what you are doing, but it is not the best you can do with little additional effort. In fact in execution a password manager is easier to use than having to cut and past (or type) using Excel

Its not that you are insecure, you can be more secure and actually have a more usable way of being secure.

Bridlington1

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

robatwork

SiliconChip said:

robatwork said:

RG2015 said:

Band7 said:

It's an odd decision to start with to store your banking and other login details in Word or some other text document.

Why?

If it is on your own personal file, what are the chances of this being hacked?

For example, how is a password manager any more secure?

Lastpass got hacked last year which wasn't a great advert for password managers, but using one is still a million times better than using a word document. 

Are you sure it's a million, and not 999,999 or 1,000,001 times better? Or is it in fact just a made up number for which you can present no justification?

I actually meant 1,048,576 but didn't want to appear facetious.

I also meant that a pw manager was far better than a word document - The OP didn't password protect their document, so the actual number would be many orders of magnitude more. Do you want some justification for that?

Peter999_2

I agree with Brlidlington1.   Very risky without adequate encryption.    I use Keepass with a strong password which is stored on OneDrive.   I user cryptomator (open source and peer reviewed)  to encypt everything I put on OneDrive, including the file/folder names.  Anyone getting into my onedrive will just see gobblydegook.      My laptop is encrypted with bitlocker.     It's still not completely secure but I'm comfortable with it.        I also use rclone which is great for encrypting files on OneDrive.

I remember years ago working for a major insurance company.   I found out that our HR department kept all important financial details of staff on Excel spreadsheets (they were supposed to only use the mainframe HR application but had decided that they know best).    When I found out I spoke to the head of HR who was so blasé about it.    She changed her tune when I told her I told her what was the password for one of the Excel spreadsheets (it literally took seconds to crack).    It turned out they used the same password for every spreadsheet and also every important word document.

The password was tree.             

Fortunately things have changed so much now and have improved ten fold.

[Deleted User]

Bridlington1 said:

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

This is the safest option in the whole thread.

AndrewSteele888

Thanks for this thread I reviewed my Passwords and they all in the safe and wiped from the computer

AmityNeon

AndrewSteele888 said:

Thanks for this thread I reviewed my Passwords and they all in the safe and wiped from the computer

As long as you can manage the practical limitations of such an approach and it genuinely works for you. Lapses in security often occur due to being frustrated by inconvenience, hence why it's no longer common for systems to enforce password changes every month. It's also why password managers were created in the first place; people were (naturally) either using the same password everywhere or noting down all their different credentials in an unsecured document (or even sticky notes on their monitor).

MalMonroe

Google chrome saves all my passwords. It suggests strong passwords which I accept and then it stores them and when I need to use them they pop up automatically. I don't have any password storage anywhere else and this system has been working well for me for over three years now. No having to remember or write down or put anything in drawers or in safes. But that's on google chrome.

The passwords are also accessible on my android phone since that's connected to google chrome and I use it with my banking and credit card apps with no trouble. So far.  

I've seen google chrome password saver being criticised online but it's usually by companies who charge for password protection and google chrome is free. It works for me anyway. For now.

IT experts always recommend changing your passwords regularly, though and the programme Dirty Rotten Scammers highlighted how hackers can easily get access to anyone's personal details, including passwords, via social media. (Even when they don't use it but other family members do.) I would recommend watching it, I believe it's still on BBC iPlayer and it was made in conjunction with the Open University. 

https://connect.open.ac.uk/science-technology-engineering-and-maths/dirty-rotten-scammers/

35har1old

unforeseen said:

If you have One drive running on your PC whether you use it or not, it automatically saves everything in Documents, Pictures & desktop to your online One drive account.
It actually substitutes folders of the same name in Onedrive for the original ones. It is working as designed

I have it on mine but have just checked there's nothing stored in it requires you set up account