You can easily the remove the password from the file, so no matter what encryption you use is easy to bypass.
Password manager: Question is simply - why did you choose the one you are using now?
- Thread starter Lenny_Fox
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Jul 2, 2014
- 1,688
Not a bad idea. An encrypted word document, with a totally different file name, and probably hidden from the device. Hackers won't even bother to check these word documents. They are more invested in cracking passwords online, detecting vulnerabilities in password managers both local and on the cloud.
Most software companies especially dealing with the paid ones, try to create a psychological need into buying their products, when most home users who just use basic features would be otherwise more than satisfied with this functionality. That's how businesses work. Do you feel protected with your default protection - Windows Defender? Maybe not. A home user now switches to the brand's free solution. Then you get an advertisement on how free antivirus is not as effective as a paid solution. This way they create an unnecessary need for trying out their paid counterpart.
This is called security through obscurity
- Jul 2, 2014
- 1,688
The less paranoid that someone is, the more secure they feel.This is called security through obscurity
Otherwise god forbid, no security system in the world can help them.Here's one for the computer humor section at MalwareTips.
Last edited:
- Aug 17, 2013
- 203
Not completely true, as long as the encryption is 256 bit AES and used with a key and not a password it will work, just need to make sure the key is store externally like a usb stick, it would take even a supercomputer over a million years to crack it and by then ......they can have at it!
A lot of these so called "secured databases" are just a marketing term used to get sales and money out of your pocket, nothing, I repeat NOTHING is fool proof and un-hackable , we see it every single day in the hacking and leaking of information of credit cards , apps , servers and the list goes on, check out Bleeping Computer, something gets leaked or hacked just about every day. It just depends who wants that information and how badly they want it. They can call it a "secured database" but that only means they haven't come across anyone that can hack it yet.
Last edited:
KeePass is free and open source. It doesn't need any money out of our pocket. I don't know anything about cryptography but I find using KeePass much user friendly than copying username and password from a doc file. Also it uses same encryption method you mentioned with much more options.
- Nov 26, 2017
- 708
I always prefered keyfiles+psw than psw itself.
- Aug 17, 2013
- 203
Maybe the wrong choice of words, bottom line , same goes for free or paid .
Don't get me wrong, I use a password manager too, but I also know there could be a chance somewhere in the future it can be hacked which is why I have all my passwords backed up and stored externally in a text file in the event it does get hacked, I can change those passwords immediately.
KeePass provide a good documentation about:
Security - KeePass
I also recommend these settings:
- May 13, 2017
- 2,479
Same , I have passwords in xslx (AES256 with SHA512 hashing). I used Axcrypt before, but since it was discontinued, I fail to find a file encryption tool.
Axcrypt was not discontinued; it is available in both free and paid (subscription-based) versions. See AxCrypt - File Security Made Easy (for a comparison between the different versions see Pricing | AxCrypt - File Security Made Easy).
- May 13, 2017
- 2,479
Correction, version 1.7 was discontinued. Since version 2.0, it is not a file encryption tool. I made a complaint back then, but they said, that is the way it is.
- Jan 8, 2011
- 22,361
Not a secure solution. Additionally, ransomware can encrypt those files and it will be lost forever, unless you keep another copy of the insecure .docx file elsewhere.
Consider switching to a trusted secure password manager:
- LastPass- Free/Paid plans (my recommendation) + additional LastPass Authenticator app.
- Bitwarden - FOSS, Free/Paid plans
- 1Password - Recommended by experts, Paid only
- Sign up with email address**
- Create a Master Password that only you know - you will need this to access your vault
- Enable 2nd Factor Authentication which should be a standard across all your web account
- Store any password credentials and notes
- Options to configure each with Allow/Disable auto-login, auto-fill, auto-change passwords
- Paid plans usually include Dark web monitoring, sharing and more users
- Advanced configurations to limit access to your vault (database), this may include restricting regions/countries, TOR, Mobile devices, managing trusted devices etc.
- Jul 26, 2015
- 263
UUUhhhhhh a Word.docx or Excel.xlsx as Password Safe - I do not blame the user - I have seen Administrators saving Password in .txt files. So that is insecure... At least its in MSOffice and it depends how you secure the Document it can be encrypted or not. But did you know that MSOffice Docs have backdoors? That is the reason why Businesses use them coz ppl forget.
Here are a few light methods -> Forgot Word Document Password? Here Are Free Ways to Recover Word Password
In the Company I worked for we had those cases come in 2-6 Times a Quarter of the year. Those tools are expensive but work flawless just imagine a real pro in the dark web. He has those tools to, or even better... [All Office Documents - Word / Excel and Co.]
Otherwise it is easy to protect yourself or even self-host a Password Manager. -> Followpost from Spawn -> Q&A - Password manager: Question is simply - why did you choose the one you are using now?
Best regards
Val.
Here are a few light methods -> Forgot Word Document Password? Here Are Free Ways to Recover Word Password
In the Company I worked for we had those cases come in 2-6 Times a Quarter of the year. Those tools are expensive but work flawless just imagine a real pro in the dark web. He has those tools to, or even better...
[All Office Documents - Word / Excel and Co.]Otherwise it is easy to protect yourself or even self-host a Password Manager. -> Followpost from Spawn -> Q&A - Password manager: Question is simply - why did you choose the one you are using now?
Best regards
Val.
- Jun 14, 2011
- 1,789
Currently trialing LastPass.
I was using Bitwarden Premium since last year and now I am looking for an alternative because delays in autofill sync are killing me and their support doesn't seem to recognize this as an issue and advise to log out and log back in again on my mobile in order to make it work - not very convenient approach.
First I've tried 1Password and I don't like the fact that I need to install another app in my system to get some things done.
I was using Bitwarden Premium since last year and now I am looking for an alternative because delays in autofill sync are killing me and their support doesn't seem to recognize this as an issue and advise to log out and log back in again on my mobile in order to make it work - not very convenient approach.
First I've tried 1Password and I don't like the fact that I need to install another app in my system to get some things done.
- Nov 10, 2017
- 3,250
Guys, well this one of most replies then any thread i thought i would share the video its important and must watch it he's genius!
- Jul 26, 2015
- 263
I do not see the purpose for something like this in times of 2FA/MFA/OTP - You do not need to store these information's inside a Password Manager use a YubiKey instead or other stuff Like a Authenticator for your Smartphone that uses Cloud Backup just in case.
The double blind just defeats the purpose of two-factor authentication and since people are trying to take a easy way - We then tend to use something like:
-FirstName
-KidsName
-Birthdate
-PIN / CVC
To remember stuff easy.
So the basics in Password Security is to have the following:
- Who you are - Password Manager
- What you know - Password Manager
- What you have - Authenticator
To come to a point if you do not trust your Password Manager to keep your information safe - Then it is like lots of things in life "TRUST"
For me as an example:
I Trusted 1Password and have to say great service - But it came down to - Were is my Data - How expensive is the Service per year and is it really that secure?
I choose to go to BitWarden because even as a private person I can use the Self-Hosted service - Move it to a Datacenter I trust - Build a Secure Tunnel (Site to Site VPN) - Everything else is like OTP and stuff is in my Phone and I only Trust Sites that use some way of Two-Factor-Authentication - Everything else gets a generic E-Mail - Password mix with a Trashmail Address from Mailinator
Otherwise it just defeats the purpose of a Password Manager in terms of Super Strong Passwords and ease of use.
Sincerely
Val.
Similar threads
