jackuars

Level 26
Verified
Heh, I try to keep my system as lean and free of programs as possible so I simply use an encrypted Word doc to keep all my passwords.


Not a bad idea. An encrypted word document, with a totally different file name, and probably hidden from the device. Hackers won't even bother to check these word documents. They are more invested in cracking passwords online, detecting vulnerabilities in password managers both local and on the cloud.

Most software companies especially dealing with the paid ones, try to create a psychological need into buying their products, when most home users who just use basic features would be otherwise more than satisfied with this functionality. That's how businesses work. Do you feel protected with your default protection - Windows Defender? Maybe not. A home user now switches to the brand's free solution. Then you get an advertisement on how free antivirus is not as effective as a paid solution. This way they create an unnecessary need for trying out their paid counterpart.
 

jackuars

Level 26
Verified
This is called security through obscurity ;)
The less paranoid that someone is, the more secure they feel. ;) Otherwise god forbid, no security system in the world can help them.

Here's one for the computer humor section at MalwareTips.
 
Last edited:

Dark Knight

Level 4
That's not a good protection.
You should move to Password Manager which use special secured database, protected against brute forcing (like KeePass).

Not completely true, as long as the encryption is 256 bit AES and used with a key and not a password it will work, just need to make sure the key is store externally like a usb stick, it would take even a supercomputer over a million years to crack it and by then ......they can have at it!
A lot of these so called "secured databases" are just a marketing term used to get sales and money out of your pocket, nothing, I repeat NOTHING is fool proof and un-hackable , we see it every single day in the hacking and leaking of information of credit cards , apps , servers and the list goes on, check out Bleeping Computer, something gets leaked or hacked just about every day. It just depends who wants that information and how badly they want it. They can call it a "secured database" but that only means they haven't come across anyone that can hack it yet.
 
Last edited:

Upendra19

Level 4
A lot of these so called "secured databases" are just a marketing term used to get sales and money out of your pocket
KeePass is free and open source. It doesn't need any money out of our pocket. I don't know anything about cryptography but I find using KeePass much user friendly than copying username and password from a doc file. Also it uses same encryption method you mentioned with much more options.
 

Dark Knight

Level 4
KeePass is free and open source. It doesn't need any money out of our pocket. I don't know anything about cryptography but I find using KeePass much user friendly than copying username and password from a doc file. Also it uses same encryption method you mentioned with much more options.

Maybe the wrong choice of words, bottom line , same goes for free or paid .
Don't get me wrong, I use a password manager too, but I also know there could be a chance somewhere in the future it can be hacked which is why I have all my passwords backed up and stored externally in a text file in the event it does get hacked, I can change those passwords immediately.
 

LM77

Level 1

Spawn

Administrator
Verified
Staff member
Heh, I try to keep my system as lean and free of programs as possible so I simply use an encrypted Word doc to keep all my passwords.
Not a secure solution. Additionally, ransomware can encrypt those files and it will be lost forever, unless you keep another copy of the insecure .docx file elsewhere.

Consider switching to a trusted secure password manager:
  • LastPass- Free/Paid plans (my recommendation) + additional LastPass Authenticator app.
  • Bitwarden - FOSS, Free/Paid plans
  • 1Password - Recommended by experts, Paid only
They are relatively easy to set-up:
  1. Sign up with email address**
  2. Create a Master Password that only you know - you will need this to access your vault
  3. Enable 2nd Factor Authentication which should be a standard across all your web account
  4. Store any password credentials and notes
  5. Options to configure each with Allow/Disable auto-login, auto-fill, auto-change passwords
  6. Paid plans usually include Dark web monitoring, sharing and more users
  7. Advanced configurations to limit access to your vault (database), this may include restricting regions/countries, TOR, Mobile devices, managing trusted devices etc.
** Make sure the email address you are using also has 2nd Factor Authentication enabled, otherwise don't bother.
 

valvaris

Level 4
Verified
UUUhhhhhh a Word.docx or Excel.xlsx as Password Safe - I do not blame the user - I have seen Administrators saving Password in .txt files. So that is insecure... At least its in MSOffice and it depends how you secure the Document it can be encrypted or not. But did you know that MSOffice Docs have backdoors? That is the reason why Businesses use them coz ppl forget. :D

Here are a few light methods -> Forgot Word Document Password? Here Are Free Ways to Recover Word Password

In the Company I worked for we had those cases come in 2-6 Times a Quarter of the year. Those tools are expensive but work flawless just imagine a real pro in the dark web. He has those tools to, or even better... ;) [All Office Documents - Word / Excel and Co.]

Otherwise it is easy to protect yourself or even self-host a Password Manager. -> Followpost from Spawn -> Q&A - Password manager: Question is simply - why did you choose the one you are using now?

Best regards
Val.
 

pablozi

Level 26
Verified
Trusted
Currently trialing LastPass.
I was using Bitwarden Premium since last year and now I am looking for an alternative because delays in autofill sync are killing me and their support doesn't seem to recognize this as an issue and advise to log out and log back in again on my mobile in order to make it work - not very convenient approach.
First I've tried 1Password and I don't like the fact that I need to install another app in my system to get some things done.
 
Top