Is there a good way to store credentials outside of a password manager?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







44















A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?










share|improve this question




















  • 4





    Maybe ask IT if they have a recommended solution. They may already have some software they allow.

    – Daisetsu
    Mar 25 at 20:47






  • 101





    What is it about the recommendations/feedback that’s made you hesitant?

    – Ry-
    Mar 25 at 21:48






  • 35





    This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.

    – Alexander
    Mar 26 at 16:11






  • 2





    Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.

    – tmh
    Mar 27 at 10:55






  • 3





    Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?

    – MonkeyZeus
    Mar 27 at 12:36


















44















A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?










share|improve this question




















  • 4





    Maybe ask IT if they have a recommended solution. They may already have some software they allow.

    – Daisetsu
    Mar 25 at 20:47






  • 101





    What is it about the recommendations/feedback that’s made you hesitant?

    – Ry-
    Mar 25 at 21:48






  • 35





    This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.

    – Alexander
    Mar 26 at 16:11






  • 2





    Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.

    – tmh
    Mar 27 at 10:55






  • 3





    Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?

    – MonkeyZeus
    Mar 27 at 12:36














44












44








44


9






A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?










share|improve this question
















A lot of the users in my company are using their agendas to write down their password and usernames, or Excel sheets with a protected password. I'm hesitant to install software for password management after reading recommendations/feedback on them. Is there any other secure and user-friendly solution to store passwords?







passwords password-management






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 25 at 21:02









Jeff Ferland

34.6k778160




34.6k778160










asked Mar 25 at 20:44









Hajar QhHajar Qh

324123




324123








  • 4





    Maybe ask IT if they have a recommended solution. They may already have some software they allow.

    – Daisetsu
    Mar 25 at 20:47






  • 101





    What is it about the recommendations/feedback that’s made you hesitant?

    – Ry-
    Mar 25 at 21:48






  • 35





    This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.

    – Alexander
    Mar 26 at 16:11






  • 2





    Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.

    – tmh
    Mar 27 at 10:55






  • 3





    Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?

    – MonkeyZeus
    Mar 27 at 12:36














  • 4





    Maybe ask IT if they have a recommended solution. They may already have some software they allow.

    – Daisetsu
    Mar 25 at 20:47






  • 101





    What is it about the recommendations/feedback that’s made you hesitant?

    – Ry-
    Mar 25 at 21:48






  • 35





    This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.

    – Alexander
    Mar 26 at 16:11






  • 2





    Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.

    – tmh
    Mar 27 at 10:55






  • 3





    Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?

    – MonkeyZeus
    Mar 27 at 12:36








4




4





Maybe ask IT if they have a recommended solution. They may already have some software they allow.

– Daisetsu
Mar 25 at 20:47





Maybe ask IT if they have a recommended solution. They may already have some software they allow.

– Daisetsu
Mar 25 at 20:47




101




101





What is it about the recommendations/feedback that’s made you hesitant?

– Ry-
Mar 25 at 21:48





What is it about the recommendations/feedback that’s made you hesitant?

– Ry-
Mar 25 at 21:48




35




35





This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.

– Alexander
Mar 26 at 16:11





This question reads exactly like "I want a password manager, but not a password manager." Hajar, I'm not sure what would satisfy you. Any sufficiently well made solution would be a password manager, so you're essentially limiting yourself anything that "works" for this purpose, but not well enough to be called a password manager". You're limiting yourself to half-baked hacks like those spreadsheets.

– Alexander
Mar 26 at 16:11




2




2





Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.

– tmh
Mar 27 at 10:55





Related: security.stackexchange.com/questions/108746/… Still, I'd recommend an offline password manager such as KeePass whenever possible.

– tmh
Mar 27 at 10:55




3




3





Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?

– MonkeyZeus
Mar 27 at 12:36





Would you be hesitant to wear a bulletproof vest after reading about their shortcomings?

– MonkeyZeus
Mar 27 at 12:36










13 Answers
13






active

oldest

votes


















107














Install a password manager. A good password manager is much, much better than anything you can do by yourself.



They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.






share|improve this answer



















  • 31





    how does one know which is a good password manage and if they actually follow all the strict development rules ?

    – Nigel Fds
    Mar 26 at 1:06






  • 10





    @NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments

    – Schwern
    Mar 26 at 1:35






  • 32





    @NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.

    – Mischa
    Mar 26 at 8:31






  • 11





    @JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.

    – scai
    Mar 27 at 8:50








  • 24





    @scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).

    – RobIII
    Mar 27 at 15:42





















60














You're probably referring to the recent articles about flaws in password managers.





  • Password managers have a security flaw. But you should still use one. (Washington Post)


  • Password managers leaking data in memory, but you should still use one. (Sophos)


Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...



All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.



1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...




...we need to consider that for this to enable an attack the attacker must




  1. Be in a position to read 1Password process memory when 1Password is locked

  2. Not be in a position to read 1Password process memory when 1Password is unlocked.


Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.




If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.



And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.





Password managers can do other things to add to your security.




  • Share and manage your passwords between all your devices, including mobile devices.

  • Share and manage passwords and credentials with co-workers.

  • Store more than just passwords securely.


    • GPG and SSH keys and passphrases


    • One-time password generators

    • Recovery keys

    • Security questions

    • API keys

    • Notes

    • Credit cards (arguably better than saving them on web sites)

    • Bank accounts

    • Memberships

    • Software licenses



  • Inform you of insecure passwords


    • Reused passwords

    • Password breaches



  • Generate secure passwords

  • Auto-fill passwords (avoids being shoulder surfed)

  • Auto-record new accounts

  • Protection against ransomware (if it stores your vault elsewhere)


These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.






share|improve this answer





















  • 7





    Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.

    – JeroenHoek
    Mar 26 at 13:27






  • 1





    "(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).

    – Radu Murzea
    Mar 27 at 10:43






  • 1





    @RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.

    – Ismael Miguel
    Mar 27 at 17:50






  • 1





    @RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.

    – Schwern
    Mar 27 at 19:36








  • 1





    @IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)

    – Flater
    Mar 28 at 16:20



















8














The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).



If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.






share|improve this answer



















  • 5





    @lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.

    – owacoder
    Mar 26 at 12:03








  • 5





    I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.

    – Dan
    Mar 26 at 14:45






  • 2





    @Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.

    – owacoder
    Mar 26 at 15:26






  • 2





    @lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.

    – Baldrickk
    Mar 26 at 15:33






  • 4





    It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.

    – Will
    Mar 27 at 9:09



















4














Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:




  1. Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]


  2. Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.


  3. If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.



So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?



[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.



[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.






share|improve this answer































    3














    Sheneir on Write Down Your Password:




    Microsoft's Jesper Johansson urged people to write down their
    passwords.



    This is good advice, and I've been saying it for years.



    Simply, people can no longer remember passwords good enough to
    reliably defend against dictionary attacks, and are much more secure
    if they choose a password too complicated to remember and then write
    it down. We're all good at securing small pieces of paper. I recommend
    that people write their passwords down on a small piece of paper, and
    keep it with their other valuable small pieces of paper: in their
    wallet.







    share|improve this answer
























    • Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.

      – Lightness Races in Orbit
      Mar 27 at 11:12













    • It is safer than password managers which are frequently compromised

      – Billal Begueradj
      Mar 31 at 16:46











    • No, that's FUD. Read Schwern's answer.

      – Lightness Races in Orbit
      Mar 31 at 18:01



















    3














    The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.



    It does offer some weak points



    https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office




    Previously, if the original creator of a file password either forgot
    the password or left the organization, the file was rendered
    unrecoverable. By using Office 2016 and an escrow key, which is
    generated from your company or organization's private key certificate
    store, an IT admin can "unlock" the file for a user and then either
    leave the file without password protection, or assign a new password
    to the file. You, the IT admin, are the keeper of the escrow key which
    is generated from your company or organization's private key
    certificate store. You can silently push the public key information to
    client computers one time through a registry key setting that you can
    manually create or you can create it through a Group Policy script.
    When a user later creates a password-protected Word, Excel, or
    PowerPoint file, this public key is included in the file header.
    Later, an IT pro can use the Office DocRecrypt tool to remove the
    password that is attached to the file, and then, optionally, protect
    the file by using a new password. To do this, the IT pro must have all
    the following:




    The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.



    There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
    Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.



    In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.



    So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.



    Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.



    In comparison, password managers offer more security.






    share|improve this answer





















    • 11





      By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.

      – Oxy
      Mar 26 at 11:42






    • 1





      Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.

      – Tschallacka
      Mar 26 at 13:42








    • 1





      Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.

      – Erik A
      Mar 28 at 11:05



















    2














    I still heartily recommend using a password manager. If that is impossible, and all the following are true:




    • People can choose their own passwords.

    • No one has to share passwords.


      • (Protected Excel files make this seem unlikely.)




    ...then you could suggest a Password Card to keep in their wallet.






    share|improve this answer
























    • The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.

      – Adonalsium
      Mar 26 at 14:01






    • 1





      @Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."

      – Lightness Races in Orbit
      Mar 27 at 11:11






    • 2





      @LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.

      – Adonalsium
      Mar 27 at 16:31











    • That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.

      – dgnuff
      Mar 28 at 5:18








    • 1





      @dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.

      – Michael
      Mar 28 at 10:59



















    1














    Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!



    But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.






    share|improve this answer





















    • 3





      I think that the hesitation is with using a password manager in general, not the local install.

      – schroeder
      Mar 26 at 0:11











    • But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)

      – Paris
      Mar 26 at 1:06











    • The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.

      – Captain Man
      Mar 26 at 16:24











    • @CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.

      – Paris
      Mar 26 at 20:43













    • Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.

      – Harper
      Mar 28 at 22:40





















    1














    A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.



    The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.



    For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.



    Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.






    share|improve this answer


























    • Vulnerable to simple shoulder surfing.

      – Schwern
      Mar 27 at 7:41











    • @Schwern not if they were very complex passwords

      – Ulkoma
      Mar 27 at 20:47











    • @Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.

      – Schwern
      Mar 27 at 20:55





















    0














    Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.



    It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.



    As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd



    But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.






    share|improve this answer
























    • This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).

      – OrangeDog
      Mar 26 at 17:49











    • It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.

      – OrangeDog
      Mar 26 at 17:49













    • @orangedog but not all of them.

      – Stian Yttervik
      Mar 26 at 19:13











    • I think you are confused about what a phishing attack is.

      – OrangeDog
      Mar 26 at 19:15











    • @orangedog Hardly, it rather seems like I am quite convinced.

      – Stian Yttervik
      Mar 26 at 19:18





















    0














    I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.



    Having said that, If you have decided against using a password manager then you could use the following approach




    1. Have two password protected Excel files.

    2. Use different passwords for each Excel.

    3. Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.

    4. Store the unique number and corresponding password in another Excel.






    share|improve this answer































      -2














      If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.






      share|improve this answer



















      • 4





        This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.

        – Schwern
        Mar 25 at 23:57








      • 2





        Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.

        – ThoriumBR
        Mar 26 at 1:53



















      -3














      This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).



      You can easily store it in your mind: but don't remember the passwords, remember a formula.



      For example, start with a base word, let's say "Password", and think of a couple of custom rules:




      1. Number of letters in website name (Facebook: 8), and add it to the end.

      2. Capitalize matching vowels (Facebook: A and O)

      3. Replace the Nth character with a number equal to number of syllables (Facebook: 2)


      You end up with P2sswOrd8.



      You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).






      share|improve this answer





















      • 6





        This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?

        – schroeder
        Mar 26 at 16:10








      • 3





        Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.

        – schroeder
        Mar 26 at 16:14











      • It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.

        – Jeffrey Roosendaal
        Mar 26 at 16:31








      • 3





        Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.

        – schroeder
        Mar 26 at 16:41











      • The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.

        – zakinster
        Mar 26 at 17:37












      protected by Rory Alsop Mar 27 at 9:39



      Thank you for your interest in this question.
      Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



      Would you like to answer one of these unanswered questions instead?














      13 Answers
      13






      active

      oldest

      votes








      13 Answers
      13






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      107














      Install a password manager. A good password manager is much, much better than anything you can do by yourself.



      They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.






      share|improve this answer



















      • 31





        how does one know which is a good password manage and if they actually follow all the strict development rules ?

        – Nigel Fds
        Mar 26 at 1:06






      • 10





        @NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments

        – Schwern
        Mar 26 at 1:35






      • 32





        @NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.

        – Mischa
        Mar 26 at 8:31






      • 11





        @JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.

        – scai
        Mar 27 at 8:50








      • 24





        @scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).

        – RobIII
        Mar 27 at 15:42


















      107














      Install a password manager. A good password manager is much, much better than anything you can do by yourself.



      They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.






      share|improve this answer



















      • 31





        how does one know which is a good password manage and if they actually follow all the strict development rules ?

        – Nigel Fds
        Mar 26 at 1:06






      • 10





        @NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments

        – Schwern
        Mar 26 at 1:35






      • 32





        @NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.

        – Mischa
        Mar 26 at 8:31






      • 11





        @JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.

        – scai
        Mar 27 at 8:50








      • 24





        @scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).

        – RobIII
        Mar 27 at 15:42
















      107












      107








      107







      Install a password manager. A good password manager is much, much better than anything you can do by yourself.



      They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.






      share|improve this answer













      Install a password manager. A good password manager is much, much better than anything you can do by yourself.



      They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Mar 25 at 20:47









      ThoriumBRThoriumBR

      24.5k85874




      24.5k85874








      • 31





        how does one know which is a good password manage and if they actually follow all the strict development rules ?

        – Nigel Fds
        Mar 26 at 1:06






      • 10





        @NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments

        – Schwern
        Mar 26 at 1:35






      • 32





        @NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.

        – Mischa
        Mar 26 at 8:31






      • 11





        @JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.

        – scai
        Mar 27 at 8:50








      • 24





        @scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).

        – RobIII
        Mar 27 at 15:42
















      • 31





        how does one know which is a good password manage and if they actually follow all the strict development rules ?

        – Nigel Fds
        Mar 26 at 1:06






      • 10





        @NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments

        – Schwern
        Mar 26 at 1:35






      • 32





        @NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.

        – Mischa
        Mar 26 at 8:31






      • 11





        @JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.

        – scai
        Mar 27 at 8:50








      • 24





        @scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).

        – RobIII
        Mar 27 at 15:42










      31




      31





      how does one know which is a good password manage and if they actually follow all the strict development rules ?

      – Nigel Fds
      Mar 26 at 1:06





      how does one know which is a good password manage and if they actually follow all the strict development rules ?

      – Nigel Fds
      Mar 26 at 1:06




      10




      10





      @NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments

      – Schwern
      Mar 26 at 1:35





      @NigelFds Some, like Password, get audited by 3rd parties. support.1password.com/security-assessments

      – Schwern
      Mar 26 at 1:35




      32




      32





      @NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.

      – Mischa
      Mar 26 at 8:31





      @NigelFds Other example: KeePass It is open source can be audited my literally everyone and if you really wish you can even compile it yourself.

      – Mischa
      Mar 26 at 8:31




      11




      11





      @JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.

      – scai
      Mar 27 at 8:50







      @JesseM LastPass is a cloud-based password manager. This should immediately conflict with any sane company security policy. Also, LastPass had various security incidents and a breach. I wouldn't recommend it to anyone, not even for personal purposes. Stick to offline password managers.

      – scai
      Mar 27 at 8:50






      24




      24





      @scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).

      – RobIII
      Mar 27 at 15:42







      @scai "This should immediately conflict with any sane company security policy" Total BS. As long as proper encryption is used you can store your secrets anywhere, including the cloud. "Also, LastPass had various security incidents and a breach" Please read Schwern's answer and stop spreading FUD. Also: ALWAYS use 2FA (if you can / is supported by that website).

      – RobIII
      Mar 27 at 15:42















      60














      You're probably referring to the recent articles about flaws in password managers.





      • Password managers have a security flaw. But you should still use one. (Washington Post)


      • Password managers leaking data in memory, but you should still use one. (Sophos)


      Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...



      All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.



      1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...




      ...we need to consider that for this to enable an attack the attacker must




      1. Be in a position to read 1Password process memory when 1Password is locked

      2. Not be in a position to read 1Password process memory when 1Password is unlocked.


      Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.




      If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.



      And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.





      Password managers can do other things to add to your security.




      • Share and manage your passwords between all your devices, including mobile devices.

      • Share and manage passwords and credentials with co-workers.

      • Store more than just passwords securely.


        • GPG and SSH keys and passphrases


        • One-time password generators

        • Recovery keys

        • Security questions

        • API keys

        • Notes

        • Credit cards (arguably better than saving them on web sites)

        • Bank accounts

        • Memberships

        • Software licenses



      • Inform you of insecure passwords


        • Reused passwords

        • Password breaches



      • Generate secure passwords

      • Auto-fill passwords (avoids being shoulder surfed)

      • Auto-record new accounts

      • Protection against ransomware (if it stores your vault elsewhere)


      These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.






      share|improve this answer





















      • 7





        Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.

        – JeroenHoek
        Mar 26 at 13:27






      • 1





        "(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).

        – Radu Murzea
        Mar 27 at 10:43






      • 1





        @RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.

        – Ismael Miguel
        Mar 27 at 17:50






      • 1





        @RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.

        – Schwern
        Mar 27 at 19:36








      • 1





        @IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)

        – Flater
        Mar 28 at 16:20
















      60














      You're probably referring to the recent articles about flaws in password managers.





      • Password managers have a security flaw. But you should still use one. (Washington Post)


      • Password managers leaking data in memory, but you should still use one. (Sophos)


      Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...



      All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.



      1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...




      ...we need to consider that for this to enable an attack the attacker must




      1. Be in a position to read 1Password process memory when 1Password is locked

      2. Not be in a position to read 1Password process memory when 1Password is unlocked.


      Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.




      If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.



      And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.





      Password managers can do other things to add to your security.




      • Share and manage your passwords between all your devices, including mobile devices.

      • Share and manage passwords and credentials with co-workers.

      • Store more than just passwords securely.


        • GPG and SSH keys and passphrases


        • One-time password generators

        • Recovery keys

        • Security questions

        • API keys

        • Notes

        • Credit cards (arguably better than saving them on web sites)

        • Bank accounts

        • Memberships

        • Software licenses



      • Inform you of insecure passwords


        • Reused passwords

        • Password breaches



      • Generate secure passwords

      • Auto-fill passwords (avoids being shoulder surfed)

      • Auto-record new accounts

      • Protection against ransomware (if it stores your vault elsewhere)


      These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.






      share|improve this answer





















      • 7





        Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.

        – JeroenHoek
        Mar 26 at 13:27






      • 1





        "(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).

        – Radu Murzea
        Mar 27 at 10:43






      • 1





        @RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.

        – Ismael Miguel
        Mar 27 at 17:50






      • 1





        @RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.

        – Schwern
        Mar 27 at 19:36








      • 1





        @IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)

        – Flater
        Mar 28 at 16:20














      60












      60








      60







      You're probably referring to the recent articles about flaws in password managers.





      • Password managers have a security flaw. But you should still use one. (Washington Post)


      • Password managers leaking data in memory, but you should still use one. (Sophos)


      Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...



      All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.



      1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...




      ...we need to consider that for this to enable an attack the attacker must




      1. Be in a position to read 1Password process memory when 1Password is locked

      2. Not be in a position to read 1Password process memory when 1Password is unlocked.


      Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.




      If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.



      And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.





      Password managers can do other things to add to your security.




      • Share and manage your passwords between all your devices, including mobile devices.

      • Share and manage passwords and credentials with co-workers.

      • Store more than just passwords securely.


        • GPG and SSH keys and passphrases


        • One-time password generators

        • Recovery keys

        • Security questions

        • API keys

        • Notes

        • Credit cards (arguably better than saving them on web sites)

        • Bank accounts

        • Memberships

        • Software licenses



      • Inform you of insecure passwords


        • Reused passwords

        • Password breaches



      • Generate secure passwords

      • Auto-fill passwords (avoids being shoulder surfed)

      • Auto-record new accounts

      • Protection against ransomware (if it stores your vault elsewhere)


      These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.






      share|improve this answer















      You're probably referring to the recent articles about flaws in password managers.





      • Password managers have a security flaw. But you should still use one. (Washington Post)


      • Password managers leaking data in memory, but you should still use one. (Sophos)


      Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...



      All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.



      1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...




      ...we need to consider that for this to enable an attack the attacker must




      1. Be in a position to read 1Password process memory when 1Password is locked

      2. Not be in a position to read 1Password process memory when 1Password is unlocked.


      Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.




      If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.



      And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.





      Password managers can do other things to add to your security.




      • Share and manage your passwords between all your devices, including mobile devices.

      • Share and manage passwords and credentials with co-workers.

      • Store more than just passwords securely.


        • GPG and SSH keys and passphrases


        • One-time password generators

        • Recovery keys

        • Security questions

        • API keys

        • Notes

        • Credit cards (arguably better than saving them on web sites)

        • Bank accounts

        • Memberships

        • Software licenses



      • Inform you of insecure passwords


        • Reused passwords

        • Password breaches



      • Generate secure passwords

      • Auto-fill passwords (avoids being shoulder surfed)

      • Auto-record new accounts

      • Protection against ransomware (if it stores your vault elsewhere)


      These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Mar 27 at 19:40

























      answered Mar 26 at 0:25









      SchwernSchwern

      1,100614




      1,100614








      • 7





        Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.

        – JeroenHoek
        Mar 26 at 13:27






      • 1





        "(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).

        – Radu Murzea
        Mar 27 at 10:43






      • 1





        @RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.

        – Ismael Miguel
        Mar 27 at 17:50






      • 1





        @RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.

        – Schwern
        Mar 27 at 19:36








      • 1





        @IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)

        – Flater
        Mar 28 at 16:20














      • 7





        Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.

        – JeroenHoek
        Mar 26 at 13:27






      • 1





        "(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).

        – Radu Murzea
        Mar 27 at 10:43






      • 1





        @RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.

        – Ismael Miguel
        Mar 27 at 17:50






      • 1





        @RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.

        – Schwern
        Mar 27 at 19:36








      • 1





        @IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)

        – Flater
        Mar 28 at 16:20








      7




      7





      Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.

      – JeroenHoek
      Mar 26 at 13:27





      Using an OTP generator (TOTP usually) from within a password manager secured with a good password (or even 2FA) is still better than not using that functionality, because the TOTP-seed becomes a second secret you need to know in addition to the user's password.

      – JeroenHoek
      Mar 26 at 13:27




      1




      1





      "(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).

      – Radu Murzea
      Mar 27 at 10:43





      "(...) keeping your passwords in an Excel spreadsheet offers you no protection" -> actually, from what I know when you set a password on an Excel doc, modern Excel versions encrypt that using AES with PBKDF2 on top. This is quite very good, given that AES is not broken (as far as we know) and PBKDF2 makes it immune to brute-force attacks (as long as you have a good password).

      – Radu Murzea
      Mar 27 at 10:43




      1




      1





      @RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.

      – Ismael Miguel
      Mar 27 at 17:50





      @RaduMurzea But you can still see everyone's password, in the clear, without much effort: just enough physical access or even "over the shoulder". Worse: you can snap a few photos of it in an instant, and have an offline copy.

      – Ismael Miguel
      Mar 27 at 17:50




      1




      1





      @RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.

      – Schwern
      Mar 27 at 19:36







      @RaduMurzea Yes, you could encrypt it (and I bet most don't) and that would give you a bit of protection... until you decrypt it. Decrypting the document decrypts the entire document leaving passwords in memory and possibly a temp file easily snapped up by generic malware which is the scenario in question. See Tschallacka's answer for more. We like to fixate on encryption for security, but breaking encryption is the last resort of the attacker.

      – Schwern
      Mar 27 at 19:36






      1




      1





      @IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)

      – Flater
      Mar 28 at 16:20





      @IsmaelMiguel: Simple solution though: create your own font where characters are indistinguishable and use that in your Excel file! ;)

      – Flater
      Mar 28 at 16:20











      8














      The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).



      If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.






      share|improve this answer



















      • 5





        @lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.

        – owacoder
        Mar 26 at 12:03








      • 5





        I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.

        – Dan
        Mar 26 at 14:45






      • 2





        @Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.

        – owacoder
        Mar 26 at 15:26






      • 2





        @lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.

        – Baldrickk
        Mar 26 at 15:33






      • 4





        It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.

        – Will
        Mar 27 at 9:09
















      8














      The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).



      If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.






      share|improve this answer



















      • 5





        @lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.

        – owacoder
        Mar 26 at 12:03








      • 5





        I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.

        – Dan
        Mar 26 at 14:45






      • 2





        @Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.

        – owacoder
        Mar 26 at 15:26






      • 2





        @lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.

        – Baldrickk
        Mar 26 at 15:33






      • 4





        It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.

        – Will
        Mar 27 at 9:09














      8












      8








      8







      The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).



      If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.






      share|improve this answer













      The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).



      If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Mar 26 at 3:03









      owacoderowacoder

      1892




      1892








      • 5





        @lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.

        – owacoder
        Mar 26 at 12:03








      • 5





        I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.

        – Dan
        Mar 26 at 14:45






      • 2





        @Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.

        – owacoder
        Mar 26 at 15:26






      • 2





        @lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.

        – Baldrickk
        Mar 26 at 15:33






      • 4





        It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.

        – Will
        Mar 27 at 9:09














      • 5





        @lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.

        – owacoder
        Mar 26 at 12:03








      • 5





        I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.

        – Dan
        Mar 26 at 14:45






      • 2





        @Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.

        – owacoder
        Mar 26 at 15:26






      • 2





        @lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.

        – Baldrickk
        Mar 26 at 15:33






      • 4





        It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.

        – Will
        Mar 27 at 9:09








      5




      5





      @lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.

      – owacoder
      Mar 26 at 12:03







      @lucasgcb - Proper password storage for comparison purposes should include cryptographic hashing along with salting, thus the password itself is never actually stored. Proper salting also prevents hash comparisons if you do use the same password for different services.

      – owacoder
      Mar 26 at 12:03






      5




      5





      I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.

      – Dan
      Mar 26 at 14:45





      I would disagree on the last point. We have significantly more experience with physically securing items and documents than we do securing data. Whether the physical security requirements are appropriate for the environment is another issue entirely.

      – Dan
      Mar 26 at 14:45




      2




      2





      @Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.

      – owacoder
      Mar 26 at 15:26





      @Dan - Agreed. We're on the same page I think. Both physical and computational security should be employed. I was just trying to highlight that our perceived and actual physical security often are not equal. We perceive our physical security to be much greater with a lock on the door, but realistically, that may just add a deterrent. Definitely agree with the likelihood of getting infected vs. being broken into, though.

      – owacoder
      Mar 26 at 15:26




      2




      2





      @lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.

      – Baldrickk
      Mar 26 at 15:33





      @lucasgcb the other side should most definitely NOT be storing your password. They should be using a hash of your password, salted at a minimum.

      – Baldrickk
      Mar 26 at 15:33




      4




      4





      It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.

      – Will
      Mar 27 at 9:09





      It's not even true that the inside of the owner's memory is the safest place to store a password under all threat models. Storing an unmemorable or invisible password on physical media can make it harder to get the owner to disclose the password by coercive or deceptive means, which may or may not be more significant threats than ways of gaining access to the physical media.

      – Will
      Mar 27 at 9:09











      4














      Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:




      1. Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]


      2. Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.


      3. If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.



      So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?



      [1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.



      [2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.






      share|improve this answer




























        4














        Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:




        1. Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]


        2. Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.


        3. If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.



        So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?



        [1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.



        [2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.






        share|improve this answer


























          4












          4








          4







          Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:




          1. Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]


          2. Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.


          3. If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.



          So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?



          [1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.



          [2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.






          share|improve this answer













          Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:




          1. Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]


          2. Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.


          3. If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.



          So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?



          [1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.



          [2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 26 at 13:58









          AdonalsiumAdonalsium

          3,3811720




          3,3811720























              3














              Sheneir on Write Down Your Password:




              Microsoft's Jesper Johansson urged people to write down their
              passwords.



              This is good advice, and I've been saying it for years.



              Simply, people can no longer remember passwords good enough to
              reliably defend against dictionary attacks, and are much more secure
              if they choose a password too complicated to remember and then write
              it down. We're all good at securing small pieces of paper. I recommend
              that people write their passwords down on a small piece of paper, and
              keep it with their other valuable small pieces of paper: in their
              wallet.







              share|improve this answer
























              • Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.

                – Lightness Races in Orbit
                Mar 27 at 11:12













              • It is safer than password managers which are frequently compromised

                – Billal Begueradj
                Mar 31 at 16:46











              • No, that's FUD. Read Schwern's answer.

                – Lightness Races in Orbit
                Mar 31 at 18:01
















              3














              Sheneir on Write Down Your Password:




              Microsoft's Jesper Johansson urged people to write down their
              passwords.



              This is good advice, and I've been saying it for years.



              Simply, people can no longer remember passwords good enough to
              reliably defend against dictionary attacks, and are much more secure
              if they choose a password too complicated to remember and then write
              it down. We're all good at securing small pieces of paper. I recommend
              that people write their passwords down on a small piece of paper, and
              keep it with their other valuable small pieces of paper: in their
              wallet.







              share|improve this answer
























              • Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.

                – Lightness Races in Orbit
                Mar 27 at 11:12













              • It is safer than password managers which are frequently compromised

                – Billal Begueradj
                Mar 31 at 16:46











              • No, that's FUD. Read Schwern's answer.

                – Lightness Races in Orbit
                Mar 31 at 18:01














              3












              3








              3







              Sheneir on Write Down Your Password:




              Microsoft's Jesper Johansson urged people to write down their
              passwords.



              This is good advice, and I've been saying it for years.



              Simply, people can no longer remember passwords good enough to
              reliably defend against dictionary attacks, and are much more secure
              if they choose a password too complicated to remember and then write
              it down. We're all good at securing small pieces of paper. I recommend
              that people write their passwords down on a small piece of paper, and
              keep it with their other valuable small pieces of paper: in their
              wallet.







              share|improve this answer













              Sheneir on Write Down Your Password:




              Microsoft's Jesper Johansson urged people to write down their
              passwords.



              This is good advice, and I've been saying it for years.



              Simply, people can no longer remember passwords good enough to
              reliably defend against dictionary attacks, and are much more secure
              if they choose a password too complicated to remember and then write
              it down. We're all good at securing small pieces of paper. I recommend
              that people write their passwords down on a small piece of paper, and
              keep it with their other valuable small pieces of paper: in their
              wallet.








              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Mar 27 at 10:42









              Billal BegueradjBillal Begueradj

              1542310




              1542310













              • Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.

                – Lightness Races in Orbit
                Mar 27 at 11:12













              • It is safer than password managers which are frequently compromised

                – Billal Begueradj
                Mar 31 at 16:46











              • No, that's FUD. Read Schwern's answer.

                – Lightness Races in Orbit
                Mar 31 at 18:01



















              • Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.

                – Lightness Races in Orbit
                Mar 27 at 11:12













              • It is safer than password managers which are frequently compromised

                – Billal Begueradj
                Mar 31 at 16:46











              • No, that's FUD. Read Schwern's answer.

                – Lightness Races in Orbit
                Mar 31 at 18:01

















              Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.

              – Lightness Races in Orbit
              Mar 27 at 11:12







              Shocking to hear advice like this from Microsoft. Though, to be fair, it's from almost 15 years ago.

              – Lightness Races in Orbit
              Mar 27 at 11:12















              It is safer than password managers which are frequently compromised

              – Billal Begueradj
              Mar 31 at 16:46





              It is safer than password managers which are frequently compromised

              – Billal Begueradj
              Mar 31 at 16:46













              No, that's FUD. Read Schwern's answer.

              – Lightness Races in Orbit
              Mar 31 at 18:01





              No, that's FUD. Read Schwern's answer.

              – Lightness Races in Orbit
              Mar 31 at 18:01











              3














              The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.



              It does offer some weak points



              https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office




              Previously, if the original creator of a file password either forgot
              the password or left the organization, the file was rendered
              unrecoverable. By using Office 2016 and an escrow key, which is
              generated from your company or organization's private key certificate
              store, an IT admin can "unlock" the file for a user and then either
              leave the file without password protection, or assign a new password
              to the file. You, the IT admin, are the keeper of the escrow key which
              is generated from your company or organization's private key
              certificate store. You can silently push the public key information to
              client computers one time through a registry key setting that you can
              manually create or you can create it through a Group Policy script.
              When a user later creates a password-protected Word, Excel, or
              PowerPoint file, this public key is included in the file header.
              Later, an IT pro can use the Office DocRecrypt tool to remove the
              password that is attached to the file, and then, optionally, protect
              the file by using a new password. To do this, the IT pro must have all
              the following:




              The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.



              There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
              Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.



              In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.



              So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.



              Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.



              In comparison, password managers offer more security.






              share|improve this answer





















              • 11





                By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.

                – Oxy
                Mar 26 at 11:42






              • 1





                Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.

                – Tschallacka
                Mar 26 at 13:42








              • 1





                Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.

                – Erik A
                Mar 28 at 11:05
















              3














              The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.



              It does offer some weak points



              https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office




              Previously, if the original creator of a file password either forgot
              the password or left the organization, the file was rendered
              unrecoverable. By using Office 2016 and an escrow key, which is
              generated from your company or organization's private key certificate
              store, an IT admin can "unlock" the file for a user and then either
              leave the file without password protection, or assign a new password
              to the file. You, the IT admin, are the keeper of the escrow key which
              is generated from your company or organization's private key
              certificate store. You can silently push the public key information to
              client computers one time through a registry key setting that you can
              manually create or you can create it through a Group Policy script.
              When a user later creates a password-protected Word, Excel, or
              PowerPoint file, this public key is included in the file header.
              Later, an IT pro can use the Office DocRecrypt tool to remove the
              password that is attached to the file, and then, optionally, protect
              the file by using a new password. To do this, the IT pro must have all
              the following:




              The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.



              There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
              Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.



              In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.



              So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.



              Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.



              In comparison, password managers offer more security.






              share|improve this answer





















              • 11





                By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.

                – Oxy
                Mar 26 at 11:42






              • 1





                Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.

                – Tschallacka
                Mar 26 at 13:42








              • 1





                Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.

                – Erik A
                Mar 28 at 11:05














              3












              3








              3







              The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.



              It does offer some weak points



              https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office




              Previously, if the original creator of a file password either forgot
              the password or left the organization, the file was rendered
              unrecoverable. By using Office 2016 and an escrow key, which is
              generated from your company or organization's private key certificate
              store, an IT admin can "unlock" the file for a user and then either
              leave the file without password protection, or assign a new password
              to the file. You, the IT admin, are the keeper of the escrow key which
              is generated from your company or organization's private key
              certificate store. You can silently push the public key information to
              client computers one time through a registry key setting that you can
              manually create or you can create it through a Group Policy script.
              When a user later creates a password-protected Word, Excel, or
              PowerPoint file, this public key is included in the file header.
              Later, an IT pro can use the Office DocRecrypt tool to remove the
              password that is attached to the file, and then, optionally, protect
              the file by using a new password. To do this, the IT pro must have all
              the following:




              The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.



              There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
              Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.



              In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.



              So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.



              Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.



              In comparison, password managers offer more security.






              share|improve this answer















              The encryption in Microsoft office documents is pretty good and secure for all intents and purposes, as long as you don't open the document, and don't have a security certificate pushed by an IT admin.



              It does offer some weak points



              https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office




              Previously, if the original creator of a file password either forgot
              the password or left the organization, the file was rendered
              unrecoverable. By using Office 2016 and an escrow key, which is
              generated from your company or organization's private key certificate
              store, an IT admin can "unlock" the file for a user and then either
              leave the file without password protection, or assign a new password
              to the file. You, the IT admin, are the keeper of the escrow key which
              is generated from your company or organization's private key
              certificate store. You can silently push the public key information to
              client computers one time through a registry key setting that you can
              manually create or you can create it through a Group Policy script.
              When a user later creates a password-protected Word, Excel, or
              PowerPoint file, this public key is included in the file header.
              Later, an IT pro can use the Office DocRecrypt tool to remove the
              password that is attached to the file, and then, optionally, protect
              the file by using a new password. To do this, the IT pro must have all
              the following:




              The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.



              There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
              Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.



              In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.



              So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.



              Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.



              In comparison, password managers offer more security.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Mar 28 at 12:31

























              answered Mar 26 at 8:53









              TschallackaTschallacka

              25318




              25318








              • 11





                By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.

                – Oxy
                Mar 26 at 11:42






              • 1





                Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.

                – Tschallacka
                Mar 26 at 13:42








              • 1





                Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.

                – Erik A
                Mar 28 at 11:05














              • 11





                By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.

                – Oxy
                Mar 26 at 11:42






              • 1





                Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.

                – Tschallacka
                Mar 26 at 13:42








              • 1





                Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.

                – Erik A
                Mar 28 at 11:05








              11




              11





              By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.

              – Oxy
              Mar 26 at 11:42





              By "all intents and purposes" what you actually mean is "not for all intents and purposes". Because if even a lousy sysadmin can access what you intend to protect, you've increased the social surface area of attack by at minimum a factor of 2, which is how passwords are cracked in many real world cases. That without taking into account the many flagrant software weaknesses provided by .norm password storage.

              – Oxy
              Mar 26 at 11:42




              1




              1





              Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.

              – Tschallacka
              Mar 26 at 13:42







              Well, if it's made on a pc without the group certificate pushed, and only you know the encryption key/password, nobody will get to your documents as long as the file is closed. Best case scenario is that you store this document on a disconnected from ethernet, airgapped pc in a soundproof box within a faraday cage. It will protect documents against casual glancing at contents.

              – Tschallacka
              Mar 26 at 13:42






              1




              1





              Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.

              – Erik A
              Mar 28 at 11:05





              Note that the DocRecypt tool and temp files both don't apply to MS Access, thus that can be used to store passwords without this weakpoint. However, an added weakpoint for nearly all Office applications is COM automation. Any application can check if Office files are open and read their content if they are using COM automation, which is a lot easier than reading out the password manager memory and doesn't require any special privileges.

              – Erik A
              Mar 28 at 11:05











              2














              I still heartily recommend using a password manager. If that is impossible, and all the following are true:




              • People can choose their own passwords.

              • No one has to share passwords.


                • (Protected Excel files make this seem unlikely.)




              ...then you could suggest a Password Card to keep in their wallet.






              share|improve this answer
























              • The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.

                – Adonalsium
                Mar 26 at 14:01






              • 1





                @Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."

                – Lightness Races in Orbit
                Mar 27 at 11:11






              • 2





                @LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.

                – Adonalsium
                Mar 27 at 16:31











              • That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.

                – dgnuff
                Mar 28 at 5:18








              • 1





                @dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.

                – Michael
                Mar 28 at 10:59
















              2














              I still heartily recommend using a password manager. If that is impossible, and all the following are true:




              • People can choose their own passwords.

              • No one has to share passwords.


                • (Protected Excel files make this seem unlikely.)




              ...then you could suggest a Password Card to keep in their wallet.






              share|improve this answer
























              • The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.

                – Adonalsium
                Mar 26 at 14:01






              • 1





                @Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."

                – Lightness Races in Orbit
                Mar 27 at 11:11






              • 2





                @LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.

                – Adonalsium
                Mar 27 at 16:31











              • That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.

                – dgnuff
                Mar 28 at 5:18








              • 1





                @dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.

                – Michael
                Mar 28 at 10:59














              2












              2








              2







              I still heartily recommend using a password manager. If that is impossible, and all the following are true:




              • People can choose their own passwords.

              • No one has to share passwords.


                • (Protected Excel files make this seem unlikely.)




              ...then you could suggest a Password Card to keep in their wallet.






              share|improve this answer













              I still heartily recommend using a password manager. If that is impossible, and all the following are true:




              • People can choose their own passwords.

              • No one has to share passwords.


                • (Protected Excel files make this seem unlikely.)




              ...then you could suggest a Password Card to keep in their wallet.







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Mar 26 at 13:45









              MichaelMichael

              1,2071227




              1,2071227













              • The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.

                – Adonalsium
                Mar 26 at 14:01






              • 1





                @Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."

                – Lightness Races in Orbit
                Mar 27 at 11:11






              • 2





                @LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.

                – Adonalsium
                Mar 27 at 16:31











              • That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.

                – dgnuff
                Mar 28 at 5:18








              • 1





                @dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.

                – Michael
                Mar 28 at 10:59



















              • The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.

                – Adonalsium
                Mar 26 at 14:01






              • 1





                @Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."

                – Lightness Races in Orbit
                Mar 27 at 11:11






              • 2





                @LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.

                – Adonalsium
                Mar 27 at 16:31











              • That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.

                – dgnuff
                Mar 28 at 5:18








              • 1





                @dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.

                – Michael
                Mar 28 at 10:59

















              The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.

              – Adonalsium
              Mar 26 at 14:01





              The caveat on password cards is that you must wipe them down after use. Most people trace their finger across the card as they track their password. This leaves an obvious trail for someone who obtains your card.

              – Adonalsium
              Mar 26 at 14:01




              1




              1





              @Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."

              – Lightness Races in Orbit
              Mar 27 at 11:11





              @Adonalsium TBF, the Password Card site does say that. "Don't read along with your finger, or the smudge will tell a thief where your password is."

              – Lightness Races in Orbit
              Mar 27 at 11:11




              2




              2





              @LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.

              – Adonalsium
              Mar 27 at 16:31





              @LightnessRacesinOrbit ... That's probably where I read that advice originally. Heck.

              – Adonalsium
              Mar 27 at 16:31













              That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.

              – dgnuff
              Mar 28 at 5:18







              That Password Card looks like a hideously bad idea to me. It has 8 rows of 30 characters, or 240 starting positions. That's about 8 bits of entropy, or just about as secure as a password containing one lower case letter and one digit.

              – dgnuff
              Mar 28 at 5:18






              1




              1





              @dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.

              – Michael
              Mar 28 at 10:59





              @dgnuff, If someone knows the seed that generated your card, maybe. But otherwise it's offline steganography.

              – Michael
              Mar 28 at 10:59











              1














              Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!



              But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.






              share|improve this answer





















              • 3





                I think that the hesitation is with using a password manager in general, not the local install.

                – schroeder
                Mar 26 at 0:11











              • But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)

                – Paris
                Mar 26 at 1:06











              • The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.

                – Captain Man
                Mar 26 at 16:24











              • @CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.

                – Paris
                Mar 26 at 20:43













              • Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.

                – Harper
                Mar 28 at 22:40


















              1














              Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!



              But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.






              share|improve this answer





















              • 3





                I think that the hesitation is with using a password manager in general, not the local install.

                – schroeder
                Mar 26 at 0:11











              • But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)

                – Paris
                Mar 26 at 1:06











              • The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.

                – Captain Man
                Mar 26 at 16:24











              • @CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.

                – Paris
                Mar 26 at 20:43













              • Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.

                – Harper
                Mar 28 at 22:40
















              1












              1








              1







              Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!



              But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.






              share|improve this answer















              Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!



              But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Mar 26 at 0:10









              schroeder

              78.8k30175211




              78.8k30175211










              answered Mar 26 at 0:07









              ParisParis

              271




              271








              • 3





                I think that the hesitation is with using a password manager in general, not the local install.

                – schroeder
                Mar 26 at 0:11











              • But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)

                – Paris
                Mar 26 at 1:06











              • The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.

                – Captain Man
                Mar 26 at 16:24











              • @CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.

                – Paris
                Mar 26 at 20:43













              • Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.

                – Harper
                Mar 28 at 22:40
















              • 3





                I think that the hesitation is with using a password manager in general, not the local install.

                – schroeder
                Mar 26 at 0:11











              • But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)

                – Paris
                Mar 26 at 1:06











              • The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.

                – Captain Man
                Mar 26 at 16:24











              • @CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.

                – Paris
                Mar 26 at 20:43













              • Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.

                – Harper
                Mar 28 at 22:40










              3




              3





              I think that the hesitation is with using a password manager in general, not the local install.

              – schroeder
              Mar 26 at 0:11





              I think that the hesitation is with using a password manager in general, not the local install.

              – schroeder
              Mar 26 at 0:11













              But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)

              – Paris
              Mar 26 at 1:06





              But usually the passwords are for something, often for resources on the web. So if you are sending the password through the web, you can also store it on a server that is accessible only internally in your company network, secured by your real password, multiple users can share passwords for some resources, bla bla, <insert advertisment for pwd managment servers here> :-)

              – Paris
              Mar 26 at 1:06













              The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.

              – Captain Man
              Mar 26 at 16:24





              The problem with this answer is that you cannot force users to do this. Sending something akin to the "correct horse battery staple" example (but more simply explained) as part of the policy may help them learn though.

              – Captain Man
              Mar 26 at 16:24













              @CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.

              – Paris
              Mar 26 at 20:43







              @CaptainMan you could write a password policy that only allows dictionary words and has a large minimum length, but that was more of lame idea in case a password manager is really not wished. but i really believe offering everyone a decent password manager where they don't have to install anything will go a long way. i'm now at the first company that is using one and it is a big help compared to how it was handled in my previous jobs.

              – Paris
              Mar 26 at 20:43















              Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.

              – Harper
              Mar 28 at 22:40







              Sorry, this does not scale to reality in any kind of modern life. I have 130 passwords and I am a late adopter, and I actively seek to avoid passwords. It just never ends. Paperless billing? Password. Retail rewards program? Password. Pizza delivery? Password. Uber? Password. Have your tax refund not be hacked? Password. E-file? Another password. 401K? password. GP? Password. Specialist? Password. Lab? Password. Play a game? Password. Library card? Password. New car? Password. Buy a textbook? Password. You cannot keep track of them all without duping or writing down.

              – Harper
              Mar 28 at 22:40













              1














              A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.



              The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.



              For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.



              Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.






              share|improve this answer


























              • Vulnerable to simple shoulder surfing.

                – Schwern
                Mar 27 at 7:41











              • @Schwern not if they were very complex passwords

                – Ulkoma
                Mar 27 at 20:47











              • @Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.

                – Schwern
                Mar 27 at 20:55


















              1














              A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.



              The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.



              For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.



              Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.






              share|improve this answer


























              • Vulnerable to simple shoulder surfing.

                – Schwern
                Mar 27 at 7:41











              • @Schwern not if they were very complex passwords

                – Ulkoma
                Mar 27 at 20:47











              • @Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.

                – Schwern
                Mar 27 at 20:55
















              1












              1








              1







              A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.



              The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.



              For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.



              Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.






              share|improve this answer















              A spreadsheet encrypted with a password (say in Excel 2016) will use "ECMA-376 Document Encryption" by default which uses AES-256 bit encryption. Provided the password isn't a dictionary word, it would be no better or worse than any other password manager from a data risk perspective.



              The spreadsheet would be FIPS-140-2 compliant and you would comply with the majority of encryption laws if they key or drive needed to be wiped with the secure wipe methodology as stated in NIST 800-88.



              For a user managing a few passwords, I don't see a short term problem using Excel and a password, or a legal problem.



              Long term, a password vault solution which allows check-in/check-out rotation, like CyberArk or Thycotic would be much better with logging and other capabilities. Something else to look at for free and simple is Buttercup.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Mar 27 at 9:53









              schroeder

              78.8k30175211




              78.8k30175211










              answered Mar 27 at 3:27









              opsecwinopsecwin

              211




              211













              • Vulnerable to simple shoulder surfing.

                – Schwern
                Mar 27 at 7:41











              • @Schwern not if they were very complex passwords

                – Ulkoma
                Mar 27 at 20:47











              • @Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.

                – Schwern
                Mar 27 at 20:55





















              • Vulnerable to simple shoulder surfing.

                – Schwern
                Mar 27 at 7:41











              • @Schwern not if they were very complex passwords

                – Ulkoma
                Mar 27 at 20:47











              • @Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.

                – Schwern
                Mar 27 at 20:55



















              Vulnerable to simple shoulder surfing.

              – Schwern
              Mar 27 at 7:41





              Vulnerable to simple shoulder surfing.

              – Schwern
              Mar 27 at 7:41













              @Schwern not if they were very complex passwords

              – Ulkoma
              Mar 27 at 20:47





              @Schwern not if they were very complex passwords

              – Ulkoma
              Mar 27 at 20:47













              @Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.

              – Schwern
              Mar 27 at 20:55







              @Ulkoma 1) The password may not be the user's choice; shared work passwords are often weak because they are shared in a way that is difficult to update, such as a spreadsheet. 2) Users and orgs who use spreadsheets to store passwords probably have poor password discipline. 3) (Here's the kicker) phones have amazing cameras. Good security has many layers so if one is breached, such as an easily remembered password, or if your assumption like "my password is too complex to shoulder surf" is wrong, you have other layers of protection to stop the attacker.

              – Schwern
              Mar 27 at 20:55













              0














              Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.



              It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.



              As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd



              But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.






              share|improve this answer
























              • This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).

                – OrangeDog
                Mar 26 at 17:49











              • It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.

                – OrangeDog
                Mar 26 at 17:49













              • @orangedog but not all of them.

                – Stian Yttervik
                Mar 26 at 19:13











              • I think you are confused about what a phishing attack is.

                – OrangeDog
                Mar 26 at 19:15











              • @orangedog Hardly, it rather seems like I am quite convinced.

                – Stian Yttervik
                Mar 26 at 19:18


















              0














              Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.



              It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.



              As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd



              But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.






              share|improve this answer
























              • This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).

                – OrangeDog
                Mar 26 at 17:49











              • It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.

                – OrangeDog
                Mar 26 at 17:49













              • @orangedog but not all of them.

                – Stian Yttervik
                Mar 26 at 19:13











              • I think you are confused about what a phishing attack is.

                – OrangeDog
                Mar 26 at 19:15











              • @orangedog Hardly, it rather seems like I am quite convinced.

                – Stian Yttervik
                Mar 26 at 19:18
















              0












              0








              0







              Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.



              It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.



              As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd



              But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.






              share|improve this answer













              Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.



              It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.



              As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd



              But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Mar 26 at 16:52









              Stian YttervikStian Yttervik

              1091




              1091













              • This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).

                – OrangeDog
                Mar 26 at 17:49











              • It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.

                – OrangeDog
                Mar 26 at 17:49













              • @orangedog but not all of them.

                – Stian Yttervik
                Mar 26 at 19:13











              • I think you are confused about what a phishing attack is.

                – OrangeDog
                Mar 26 at 19:15











              • @orangedog Hardly, it rather seems like I am quite convinced.

                – Stian Yttervik
                Mar 26 at 19:18





















              • This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).

                – OrangeDog
                Mar 26 at 17:49











              • It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.

                – OrangeDog
                Mar 26 at 17:49













              • @orangedog but not all of them.

                – Stian Yttervik
                Mar 26 at 19:13











              • I think you are confused about what a phishing attack is.

                – OrangeDog
                Mar 26 at 19:15











              • @orangedog Hardly, it rather seems like I am quite convinced.

                – Stian Yttervik
                Mar 26 at 19:18



















              This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).

              – OrangeDog
              Mar 26 at 17:49





              This is pretty dumb. Just write your passwords in a notebook and lock it in a drawer (or a fire-proof safe for critical passwords).

              – OrangeDog
              Mar 26 at 17:49













              It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.

              – OrangeDog
              Mar 26 at 17:49







              It doesn't matter how passwords are stored, a single successful phishing attempt will always compromise them.

              – OrangeDog
              Mar 26 at 17:49















              @orangedog but not all of them.

              – Stian Yttervik
              Mar 26 at 19:13





              @orangedog but not all of them.

              – Stian Yttervik
              Mar 26 at 19:13













              I think you are confused about what a phishing attack is.

              – OrangeDog
              Mar 26 at 19:15





              I think you are confused about what a phishing attack is.

              – OrangeDog
              Mar 26 at 19:15













              @orangedog Hardly, it rather seems like I am quite convinced.

              – Stian Yttervik
              Mar 26 at 19:18







              @orangedog Hardly, it rather seems like I am quite convinced.

              – Stian Yttervik
              Mar 26 at 19:18













              0














              I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.



              Having said that, If you have decided against using a password manager then you could use the following approach




              1. Have two password protected Excel files.

              2. Use different passwords for each Excel.

              3. Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.

              4. Store the unique number and corresponding password in another Excel.






              share|improve this answer




























                0














                I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.



                Having said that, If you have decided against using a password manager then you could use the following approach




                1. Have two password protected Excel files.

                2. Use different passwords for each Excel.

                3. Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.

                4. Store the unique number and corresponding password in another Excel.






                share|improve this answer


























                  0












                  0








                  0







                  I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.



                  Having said that, If you have decided against using a password manager then you could use the following approach




                  1. Have two password protected Excel files.

                  2. Use different passwords for each Excel.

                  3. Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.

                  4. Store the unique number and corresponding password in another Excel.






                  share|improve this answer













                  I agree with the other answers that a password manager is more secure than custom methods. Also note that protected Excel spreadsheets can be compromised easily than a password manager.



                  Having said that, If you have decided against using a password manager then you could use the following approach




                  1. Have two password protected Excel files.

                  2. Use different passwords for each Excel.

                  3. Store the list of User names, services, etc... in one sheet and assign a unique number / test (eg: A001 for Adobe, S001 for Stack Overflow, etc...) for each record.

                  4. Store the unique number and corresponding password in another Excel.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Mar 27 at 9:22









                  Kolappan NathanKolappan Nathan

                  1,693618




                  1,693618























                      -2














                      If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.






                      share|improve this answer



















                      • 4





                        This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.

                        – Schwern
                        Mar 25 at 23:57








                      • 2





                        Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.

                        – ThoriumBR
                        Mar 26 at 1:53
















                      -2














                      If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.






                      share|improve this answer



















                      • 4





                        This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.

                        – Schwern
                        Mar 25 at 23:57








                      • 2





                        Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.

                        – ThoriumBR
                        Mar 26 at 1:53














                      -2












                      -2








                      -2







                      If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.






                      share|improve this answer













                      If you do not want a password manager program, print them out and store then in a safe or something secure rather than just a notebook like your co workers use.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Mar 25 at 21:44









                      user197001user197001

                      231




                      231








                      • 4





                        This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.

                        – Schwern
                        Mar 25 at 23:57








                      • 2





                        Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.

                        – ThoriumBR
                        Mar 26 at 1:53














                      • 4





                        This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.

                        – Schwern
                        Mar 25 at 23:57








                      • 2





                        Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.

                        – ThoriumBR
                        Mar 26 at 1:53








                      4




                      4





                      This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.

                      – Schwern
                      Mar 25 at 23:57







                      This is fine as a backup for your super important passwords, like the password to your password manager, but for any day-to-day passwords you need them in a convenient and secure location. A safe will not cut it.

                      – Schwern
                      Mar 25 at 23:57






                      2




                      2





                      Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.

                      – ThoriumBR
                      Mar 26 at 1:53





                      Keeping the VPN password on a safe is not practical. For your bitcoin cold-wallet is fine, but not for everything.

                      – ThoriumBR
                      Mar 26 at 1:53











                      -3














                      This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).



                      You can easily store it in your mind: but don't remember the passwords, remember a formula.



                      For example, start with a base word, let's say "Password", and think of a couple of custom rules:




                      1. Number of letters in website name (Facebook: 8), and add it to the end.

                      2. Capitalize matching vowels (Facebook: A and O)

                      3. Replace the Nth character with a number equal to number of syllables (Facebook: 2)


                      You end up with P2sswOrd8.



                      You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).






                      share|improve this answer





















                      • 6





                        This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?

                        – schroeder
                        Mar 26 at 16:10








                      • 3





                        Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.

                        – schroeder
                        Mar 26 at 16:14











                      • It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.

                        – Jeffrey Roosendaal
                        Mar 26 at 16:31








                      • 3





                        Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.

                        – schroeder
                        Mar 26 at 16:41











                      • The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.

                        – zakinster
                        Mar 26 at 17:37


















                      -3














                      This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).



                      You can easily store it in your mind: but don't remember the passwords, remember a formula.



                      For example, start with a base word, let's say "Password", and think of a couple of custom rules:




                      1. Number of letters in website name (Facebook: 8), and add it to the end.

                      2. Capitalize matching vowels (Facebook: A and O)

                      3. Replace the Nth character with a number equal to number of syllables (Facebook: 2)


                      You end up with P2sswOrd8.



                      You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).






                      share|improve this answer





















                      • 6





                        This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?

                        – schroeder
                        Mar 26 at 16:10








                      • 3





                        Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.

                        – schroeder
                        Mar 26 at 16:14











                      • It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.

                        – Jeffrey Roosendaal
                        Mar 26 at 16:31








                      • 3





                        Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.

                        – schroeder
                        Mar 26 at 16:41











                      • The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.

                        – zakinster
                        Mar 26 at 17:37
















                      -3












                      -3








                      -3







                      This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).



                      You can easily store it in your mind: but don't remember the passwords, remember a formula.



                      For example, start with a base word, let's say "Password", and think of a couple of custom rules:




                      1. Number of letters in website name (Facebook: 8), and add it to the end.

                      2. Capitalize matching vowels (Facebook: A and O)

                      3. Replace the Nth character with a number equal to number of syllables (Facebook: 2)


                      You end up with P2sswOrd8.



                      You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).






                      share|improve this answer















                      This is not really answering the question about co-workers, but for personal use this works great if you really don't want to use a password manager (like me).



                      You can easily store it in your mind: but don't remember the passwords, remember a formula.



                      For example, start with a base word, let's say "Password", and think of a couple of custom rules:




                      1. Number of letters in website name (Facebook: 8), and add it to the end.

                      2. Capitalize matching vowels (Facebook: A and O)

                      3. Replace the Nth character with a number equal to number of syllables (Facebook: 2)


                      You end up with P2sswOrd8.



                      You can now "store" an infinite amount of mostly unique passwords in your head (even with just 3 rules).







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited Mar 26 at 16:15









                      schroeder

                      78.8k30175211




                      78.8k30175211










                      answered Mar 26 at 16:05









                      Jeffrey RoosendaalJeffrey Roosendaal

                      1112




                      1112








                      • 6





                        This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?

                        – schroeder
                        Mar 26 at 16:10








                      • 3





                        Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.

                        – schroeder
                        Mar 26 at 16:14











                      • It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.

                        – Jeffrey Roosendaal
                        Mar 26 at 16:31








                      • 3





                        Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.

                        – schroeder
                        Mar 26 at 16:41











                      • The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.

                        – zakinster
                        Mar 26 at 17:37
















                      • 6





                        This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?

                        – schroeder
                        Mar 26 at 16:10








                      • 3





                        Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.

                        – schroeder
                        Mar 26 at 16:14











                      • It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.

                        – Jeffrey Roosendaal
                        Mar 26 at 16:31








                      • 3





                        Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.

                        – schroeder
                        Mar 26 at 16:41











                      • The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.

                        – zakinster
                        Mar 26 at 17:37










                      6




                      6





                      This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?

                      – schroeder
                      Mar 26 at 16:10







                      This really isn't a question about how to create memorable passwords. We already have a canonical question about that. Password patterns are inherently insecure, and your system does not account for needing to change the password. What do you do, change the rules for every password you have when you need to change just one?

                      – schroeder
                      Mar 26 at 16:10






                      3




                      3





                      Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.

                      – schroeder
                      Mar 26 at 16:14





                      Your answer to the question is basically to use a password formula, and there is already an answer that covers that option. Your example formula has a lot of flaws, and I would not recommend this formula at all if I was recommending formulas.

                      – schroeder
                      Mar 26 at 16:14













                      It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.

                      – Jeffrey Roosendaal
                      Mar 26 at 16:31







                      It was about storing credentials, and this is how I store them. When hacked, just use a backup base word. It's the password that got hacked, not the formula. Also, where did I pretend this is a perfect? The above rules are just an example, showing how easy it is to create unique passwords with even some simple rules that are easy to remember. And who knows, it may help OP.

                      – Jeffrey Roosendaal
                      Mar 26 at 16:31






                      3




                      3





                      Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.

                      – schroeder
                      Mar 26 at 16:41





                      Wait, so in your formula you still have to remember a unique word per site? How do you store that word? No, you are not storing anything, you are generating the password. And no, it is not perfect, it's not good either. There are far more secure patterns to choose.

                      – schroeder
                      Mar 26 at 16:41













                      The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.

                      – zakinster
                      Mar 26 at 17:37







                      The entropy of this password generation method is dramatically low. If one knows your "formula", he only needs to know the base word and the target website name to deduce the password. If you rely on your formula being secret, once it's discovered (through retro-engineering of leaked passwords or social-engineering of yourself), one would be able to deduce all your past and future passwords. Remember that security through obscurity is an illusion.

                      – zakinster
                      Mar 26 at 17:37







                      protected by Rory Alsop Mar 27 at 9:39



                      Thank you for your interest in this question.
                      Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                      Would you like to answer one of these unanswered questions instead?



                      Popular posts from this blog

                      "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                      Alcedinidae

                      Origin of the phrase “under your belt”?