Two in Five Sysadmins (Are Crazy) Store Admin Passwords in Word Files

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Nothing says incompetency like saving your passwords for admin and/or privileged accounts in an unencrypted Word or Excel file, which everyone can steal and open without any problems.

two-in-five-sysadmins-are-crazy-store-admin-passwords-in-word-files-508628-2.png


This is the finding of a recent survey of 750 IT security engineers carried out by CyberArk, that has discovered, once again, weak security protocols deployed at companies across the world.

The survey has uncovered that 40 percent of organizations store privileged and/or admin passwords in a Word document or spreadsheet on a company PC or laptop, and 28 percent use a shared server or USB stick.

Encryption is paramount
The problem is not where sysadmins store this data, or in what type of file, but if encryption protects this information. A sysadmin could save passwords in a text file called all-my-admin-passwords.txt and place the file on his desktop, as long as the file is encrypted and easy access to the data is prevented.

Furthermore, malware, such as remote access trojans (RATs), is known to carry out mass scans of entire compromised computers, looking most often for files Office files. Storing passwords in such a manner is downright insane and looking for trouble.

CyberArk's survey also reveals that 71 percent of respondents also store privileged account information in dedicated security software. This means that many of these 750 sysadmins are using Word files as alternatives to more secure, dedicated solutions, probably because Word files are easier to carry around and access, defeating the purpose of deploying a dedicated privileged account security solution in the first place.

Read more: http://news.softpedia.com/news/two-...re-admin-passwords-in-word-files-508628.shtml
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Umm.. I just stored all my email/cloud PW as well as software licenses on the password-protected word document (.ods)

And the word document were stored into cloud storage encrypted and also in Rohos encrypted thumb drive.

PS: all my email's PW written in the word document were "encrypted" too. :D
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Of course, the ideal is to use password manager.

What if PW Manager fails? Whats your backup? And what if your cloud storage fails? whats your backup again?

All this consideration made me think, a hardcopy is the most ideal, i.e. paper and pencil?
Which is why I always keep hardcopy PW on hand.
 

ElectricSheep

Level 14
Verified
Top Poster
Well-known
Aug 31, 2014
655
Of course, the ideal is to use password manager.

What if PW Manager fails? Whats your backup? And what if your cloud storage fails? whats your backup again?

All this consideration made me think, a hardcopy is the most ideal, i.e. paper and pencil?
Which is why I always keep hardcopy PW on hand.

Paper and pencil is old fashioned but it WORKS! And NO RAT will ever be able to get that!!:p:p
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Umm.. I just stored all my email/cloud PW as well as software licenses on the password-protected word document (.ods)

And the word document were stored into cloud storage encrypted and also in Rohos encrypted thumb drive.

PS: all my email's PW written in the word document were "encrypted" too. :D

Mine in an encrypted word document inside an encrypted archive inside an encrypted thumb drive...:p:D
Most of the non-essential passwords in my sticky password.

PS: A hard-copy is always maintained by me in case of emergencies...:);)
 

Cohen

Level 7
Verified
Well-known
May 22, 2016
328
I used to keep my logins in a notepad file on my desktop until I realised how reckless that was (I also used the same 2-3 passwords for everything :oops:), then I found LastPass and now use randomly generated passwords for every site, I haven't looked back since! :D

A sysadmin doing that is just... wow. I was 12/13 when I did that until I realised it wasn't very smart then changed to LastPass.
 
L

Lucent Warrior

Of course, the ideal is to use password manager.

What if PW Manager fails? Whats your backup? And what if your cloud storage fails? whats your backup again?

I use two password managers, lastpass and keepass.

Lastpass in the cloud browser plugin for convenience, and portable keepass on a external device as my back up and portable version should i need.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Password manager with active development to fix security issues is fine to store sensitive information, but not on paper as possible cause it's more prone to misplace.

Anyway, there so many tools to secure and keep information but seems it does not justify the way should be.
 
  • Like
Reactions: shukla44

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Just to share with you.
One of my good friend have a smart but odd way to keep pw backup securely. He keep two copies of password protected word document. The odd thing is you need these two copies to get the PW. :D One copy is the macro-enabled document. Another one is the encrypted pw document. So getting either one of them would not worked. He doesn't trust PW manager anymore due to past history of being hacked.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top