Advice Request Password manager: Question is simply - why did you choose the one you are using now?

Please provide comments and solutions that are helpful to the author of this topic.

jackuars

Level 28
Verified
Top Poster
Well-known
Jul 2, 2014
1,722
Heh, I try to keep my system as lean and free of programs as possible so I simply use an encrypted Word doc to keep all my passwords.


Not a bad idea. An encrypted word document, with a totally different file name, and probably hidden from the device. Hackers won't even bother to check these word documents. They are more invested in cracking passwords online, detecting vulnerabilities in password managers both local and on the cloud.

Most software companies especially dealing with the paid ones, try to create a psychological need into buying their products, when most home users who just use basic features would be otherwise more than satisfied with this functionality. That's how businesses work. Do you feel protected with your default protection - Windows Defender? Maybe not. A home user now switches to the brand's free solution. Then you get an advertisement on how free antivirus is not as effective as a paid solution. This way they create an unnecessary need for trying out their paid counterpart.
 
F

ForgottenSeer 85179

Not a bad idea. An encrypted word document, with a totally different file name, and probably hidden from the device. Hackers won't even bother to check these word documents. They are more invested in cracking passwords online, detecting vulnerabilities in password managers both local and on the cloud.
This is called security through obscurity ;)
 

jackuars

Level 28
Verified
Top Poster
Well-known
Jul 2, 2014
1,722
This is called security through obscurity ;)
The less paranoid that someone is, the more secure they feel. ;) Otherwise god forbid, no security system in the world can help them.

Here's one for the computer humor section at MalwareTips.
c4bd2a0587a4fb09a07a68cdc16c5d72.png
 
Last edited:

Dark Knight

Level 5
Verified
Well-known
Aug 17, 2013
236
That's not a good protection.
You should move to Password Manager which use special secured database, protected against brute forcing (like KeePass).

Not completely true, as long as the encryption is 256 bit AES and used with a key and not a password it will work, just need to make sure the key is store externally like a usb stick, it would take even a supercomputer over a million years to crack it and by then ......they can have at it!
A lot of these so called "secured databases" are just a marketing term used to get sales and money out of your pocket, nothing, I repeat NOTHING is fool proof and un-hackable , we see it every single day in the hacking and leaking of information of credit cards , apps , servers and the list goes on, check out Bleeping Computer, something gets leaked or hacked just about every day. It just depends who wants that information and how badly they want it. They can call it a "secured database" but that only means they haven't come across anyone that can hack it yet.
 
Last edited:
F

ForgottenSeer 78429

A lot of these so called "secured databases" are just a marketing term used to get sales and money out of your pocket
KeePass is free and open source. It doesn't need any money out of our pocket. I don't know anything about cryptography but I find using KeePass much user friendly than copying username and password from a doc file. Also it uses same encryption method you mentioned with much more options.
 

Dark Knight

Level 5
Verified
Well-known
Aug 17, 2013
236
KeePass is free and open source. It doesn't need any money out of our pocket. I don't know anything about cryptography but I find using KeePass much user friendly than copying username and password from a doc file. Also it uses same encryption method you mentioned with much more options.

Maybe the wrong choice of words, bottom line , same goes for free or paid .
Don't get me wrong, I use a password manager too, but I also know there could be a chance somewhere in the future it can be hacked which is why I have all my passwords backed up and stored externally in a text file in the event it does get hacked, I can change those passwords immediately.
 

LM77

Level 1
Verified
Sep 11, 2016
23

Ink

Administrator
Verified
Jan 8, 2011
22,490
Heh, I try to keep my system as lean and free of programs as possible so I simply use an encrypted Word doc to keep all my passwords.
Not a secure solution. Additionally, ransomware can encrypt those files and it will be lost forever, unless you keep another copy of the insecure .docx file elsewhere.

Consider switching to a trusted secure password manager:
  • LastPass- Free/Paid plans (my recommendation) + additional LastPass Authenticator app.
  • Bitwarden - FOSS, Free/Paid plans
  • 1Password - Recommended by experts, Paid only
They are relatively easy to set-up:
  1. Sign up with email address**
  2. Create a Master Password that only you know - you will need this to access your vault
  3. Enable 2nd Factor Authentication which should be a standard across all your web account
  4. Store any password credentials and notes
  5. Options to configure each with Allow/Disable auto-login, auto-fill, auto-change passwords
  6. Paid plans usually include Dark web monitoring, sharing and more users
  7. Advanced configurations to limit access to your vault (database), this may include restricting regions/countries, TOR, Mobile devices, managing trusted devices etc.
** Make sure the email address you are using also has 2nd Factor Authentication enabled, otherwise don't bother.
 

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
UUUhhhhhh a Word.docx or Excel.xlsx as Password Safe - I do not blame the user - I have seen Administrators saving Password in .txt files. So that is insecure... At least its in MSOffice and it depends how you secure the Document it can be encrypted or not. But did you know that MSOffice Docs have backdoors? That is the reason why Businesses use them coz ppl forget. :D

Here are a few light methods -> Forgot Word Document Password? Here Are Free Ways to Recover Word Password

In the Company I worked for we had those cases come in 2-6 Times a Quarter of the year. Those tools are expensive but work flawless just imagine a real pro in the dark web. He has those tools to, or even better... ;) [All Office Documents - Word / Excel and Co.]

Otherwise it is easy to protect yourself or even self-host a Password Manager. -> Followpost from Spawn -> Q&A - Password manager: Question is simply - why did you choose the one you are using now?

Best regards
Val.
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,882
Currently trialing LastPass.
I was using Bitwarden Premium since last year and now I am looking for an alternative because delays in autofill sync are killing me and their support doesn't seem to recognize this as an issue and advise to log out and log back in again on my mobile in order to make it work - not very convenient approach.
First I've tried 1Password and I don't like the fact that I need to install another app in my system to get some things done.
 

valvaris

Level 6
Verified
Well-known
Jul 26, 2015
263
Guys, well this one of most replies then any thread i thought i would share the video its important and must watch it he's genius!

I do not see the purpose for something like this in times of 2FA/MFA/OTP - You do not need to store these information's inside a Password Manager use a YubiKey instead or other stuff Like a Authenticator for your Smartphone that uses Cloud Backup just in case.

The double blind just defeats the purpose of two-factor authentication and since people are trying to take a easy way - We then tend to use something like:
-FirstName
-KidsName
-Birthdate
-PIN / CVC
To remember stuff easy.

So the basics in Password Security is to have the following:
- Who you are - Password Manager
- What you know - Password Manager
- What you have - Authenticator

To come to a point if you do not trust your Password Manager to keep your information safe - Then it is like lots of things in life "TRUST"
For me as an example:
I Trusted 1Password and have to say great service - But it came down to - Were is my Data - How expensive is the Service per year and is it really that secure?

I choose to go to BitWarden because even as a private person I can use the Self-Hosted service - Move it to a Datacenter I trust - Build a Secure Tunnel (Site to Site VPN) - Everything else is like OTP and stuff is in my Phone and I only Trust Sites that use some way of Two-Factor-Authentication - Everything else gets a generic E-Mail - Password mix with a Trashmail Address from Mailinator

Otherwise it just defeats the purpose of a Password Manager in terms of Super Strong Passwords and ease of use. :D

Sincerely
Val.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top