Are there huge drawbacks to using an excel 2010 document for password management

encryptionmicrosoft excelpassword

At my old job, we used an open-source, (IMO) secure method for managing network infrastructure, and other important hosts' passwords [with Keepass]. At my new job however, it seems like they're using password-protected excel spreadsheets.

Before I made a fuzz about password security, I browsed the interwebs and found that Microsoft has been getting better at implementing encryption features to their office products.

Main questions:

How safe is MS Excel/office 2010's password encryption feature? I've been thinking this was an insecure way of dealing with passwords, is this not the case any more?
Are there many drawbacks to using an excel 2010 document for password management?

Best Answer

I wouldn't recommend it. There ARE still methods of cracking these quite easily. I personally recommend a Truecrypt volume that contains a Keepass database. It servers me well and is extremely portable. And I'm using it in an environment with thousands of passwords.

EDIT: And Keepass is already well laid out for password management. With a nice GUI(i.e., easy to see what password is which type) and built-in password generators...can't go wrong.

Related Solutions

Linux – Password Management System for multiple SysAdmins

We use this : http://sourceforge.net/projects/phppassmanager/ (a little bit modified/tuned)

It's installed on a HTTPS web server with Active Directory authentication to restrict password retrieval to our team. Each member of the team knows a master password used to encrypt all the passwords stored in phppassmanager. They use it when they want to add/modify/read a password. The passwords are stored encrypted in a mysql database.

They potentialy have access to all the passwords but each password decryption is loggued, and the logs are shown to the whole team on the main page. This system is self-monitored and self-managed.

Security – Are there registry settings for Password Policies on Windows 2008

The items you wnat to change are stored in the registry, but not in a place that you really want to be playing around "by hand".

Since these aren't domain-member computers, you'll want to change these items in the local security policy. You can get there quickly by running "SECPOL.MSC" from the "Start" button. Dig into "Account Policies" and "Password Policy" and you'll find the settings you're looking for.

After you modify the settings either reboot or run "GPUPDATE" to cause the changed settings to take effect.

If you have any number of machines to do this to you can use the "Export Settings..." functionality in the Security Policy editor to export the settings to an INF file. To apply that INF file on other servers, copy the INF file over to them and execute:

SECEDIT /configure /db secedit.sdb /cfg <Path to the exported.inf>

Best Answer

Related Solutions

Linux – Password Management System for multiple SysAdmins

Security – Are there registry settings for Password Policies on Windows 2008

Related Topic