Password Managers

A booming topic of late has been password managers. We live in a world where we have multiple passwords for multiple services each with their own separate password requirements. This complicated world we live in makes it hard to keep our secrets secure. We are human and we just want to make things easy on ourselves, so some of us reuse passwords for multiple services. Or maybe we just come up with a pattern to get around the password change requirements (Password1, Password2, Password3).

This leaves us with a few options:

  • Memorize every unique password you create. (Nearly impossible)
  • Write down everything and pray you don’t misplace it. (Not secure. Probable password reuse)
  • Use a spreadsheet (if you do this, please at lease encrypt the spreadsheet).
  • Use a cloud password manager. (And pray they don’t get breached like LastPass has…multiple times)
  • Use an on premise password manager.

So, I think it’s pretty clear where I stand on memorizing and writing down passwords. It’s a thing of the past.

So using a spread sheet… I don’t recommend doing this. There are better options. Especially a cloud spreadsheet like Google Sheets or using a cloud service like Office 365 and storing a spreadsheet there. However, if you are absolutely adamant about using the same spreadsheet you’ve been using since 2004 with no security problems, lets discuss how to get it encrypted.

  1. With the Excel file open, select “File > Info”.
  2. Select “Protect Workbook” box and choose “Encrypt with Password”
  3. Choose a long and secure password and click “OK”.  There is no password reset mechanism, so make sure you remember it.  It should make you type it twice.
  4. Save your Excel workbook.  Close Excel, and re-open your password protected document.
  5. You should be prompted to type your password.  Type it in and click okay.
  6. Enjoy your password protected worksheet.  It’s encrypted with 1 round of AES-256 bit encryption.

There are better ways to do this. Use a password manager and turn on two factor authentication. The cloud options are numerous: Bitwarden, Lastpass, 1password, Dashlane, etc. They offer essentially the same service, but at different price points and features. I personally like Bitwarden as it is open source, and they offer an on premise solution if you choose. The downside is you are trusting all your secrets to a service. Are they being forward if they have been breached? Is your master password safe or has it been breached? Do you like resetting your passwords on everything when they disclose they have been breached? Are you good at staying on top of breaches of your password manager service? Is quantum computing going to become prevalent and make our existing encryption algorithms obsolete and expose our passwords to the masses? These are underlying risks associated with cloud services that you need to consider.

There is another option and that is running your password manager internally where your data is under your control. There are a couple I like. I’ve already mentioned Bitwarden. The other option is KeepassXC. On both of these options, you have some of the features the big cloud players have such as a browser plugin to generate, save, and login to various web services.

However you decide to manage your passwords, I recommend you practice good password hygiene. Check your accounts on websites that track breaches (have i been pwned?). Turn on multifactor authentication everywhere. Use a password generator to create unique passwords. Consider locking your credit to prevent fraud.

Leave a Reply