Hcfyk

Install a password manager. A good password manager is much, much better than anything you can do by yourself.

They are software created by security professionals, follow strict development rules, and are tested by a lot of people, and attacked by a lot of people. They have better chance of protecting your passwords than anything invented by the average, even the above average user.

You're probably referring to the recent articles about flaws in password managers.

• 
  Password managers have a security flaw. But you should still use one. (Washington Post)


• 
  Password managers leaking data in memory, but you should still use one. (Sophos)

Its right there in the titles, password managers have flaws and you should still use one because they're more secure than what many folks do, like keeping passwords in Excel, emailing them around, pasting them into chat where they'll be logged by everyone...

All software has flaws. Password managers, and security software in general, is held to a higher standard than run-of-the-mill software. The flaws these articles are talking about in password managers are not rookie mistakes, but risk trade-offs.

1Password has a write up about the latest flaw as well as a deep discussion on their forums. It's not a mistake as it is a consequence of a trade-off to avoid other worse memory bugs. The important bit is that your computer must already be compromised and you have recently typed in your master password. As jpgoldberg of 1Password put it...

...we need to consider that for this to enable an attack the attacker must

1. Be in a position to read 1Password process memory when 1Password is locked


2. Not be in a position to read 1Password process memory when 1Password is unlocked.

Number 1 requires that the attacker has already seriously compromised the device. Number 2 means that that the attacker (who has seriously compromised your device) only has that control at some oddly limited times.

If your computer is already so compromised an attacker can read 1Password's process memory they don't need this exploit. They can just wait until 1Password unlocks.

And if your computer is compromised, keeping your passwords in an Excel spreadsheet offers you no protection.

Password managers can do other things to add to your security.

• Share and manage your passwords between all your devices, including mobile devices.


• Share and manage passwords and credentials with co-workers.


• Store more than just passwords securely.
  
  
  
  
  • GPG and SSH keys and passphrases
  
  
  • 
    One-time password generators
  
  
  • Recovery keys
  
  
  • Security questions
  
  
  • API keys
  
  
  • Notes
  
  
  
  


• Inform you of insecure passwords
  
  
  
  
  • Reused passwords
  
  
  • Password breaches
  
  
  
  


• Generate secure passwords


• Auto-fill passwords (avoids being shoulder surfed)


• Auto-record new accounts

These avoid bad practices such as reusing passwords, using weak passwords, sharing them via email or chat or a shared document, writing them down (whether on paper or a file), and continuing to use breached passwords.

The encryption in Microsoft office documents is pretty good and secure for all intents and purposes.

It does offer some weak points

https://docs.microsoft.com/en-us/deployoffice/security/remove-or-reset-file-passwords-in-office

Previously, if the original creator of a file password either forgot
the password or left the organization, the file was rendered
unrecoverable. By using Office 2016 and an escrow key, which is
generated from your company or organization's private key certificate
store, an IT admin can "unlock" the file for a user and then either
leave the file without password protection, or assign a new password
to the file. You, the IT admin, are the keeper of the escrow key which
is generated from your company or organization's private key
certificate store. You can silently push the public key information to
client computers one time through a registry key setting that you can
manually create or you can create it through a Group Policy script.
When a user later creates a password-protected Word, Excel, or
PowerPoint file, this public key is included in the file header.
Later, an IT pro can use the Office DocRecrypt tool to remove the
password that is attached to the file, and then, optionally, protect
the file by using a new password. To do this, the IT pro must have all
the following:

The IT manager or someone with access to the root certificates can decrypt all documents. So if a malicious attacker would be able to gain access to this, it could decrypt all the password protected documents.

There is the secondary problem of the temp files Microsoft Office. The moment the file is opened in Microsoft Office and the correct password is entered, Microsoft Office creates a temp file that displays the contents.
Anyone browsing to this file can just select it and see the contents in the preview pane of Windows Explorer as long as someone has opened it.

In most windows networks its possible to just browse to the pc of a collegue and look into the documents on his/her pc or to any share they may have those documents on.

So in it's own, on the surface it might seem safe, but down below, someone just has to infect a workstation with a program that lies in wait for any encrypted documents it has access to be opened and then just read the contents of the temp file. And most people will just leave that password document open in the background once opened.

Most password managers have protections in place to only decrypt when needed and then store the password for a short moment into the clipboard before overwriting it, minimizing the possible exposure of the password.

In comparison, password managers offer more security.

The safest place to store a password is nowhere. It should be a secure token that only exists in the memory of the holder. Unfortunately, many use a password that is too simple and insecure, for the purpose of making it easier to remember. In contrast, more secure passwords are more difficult to remember (for most people).

If you cannot rely on your memory, you should definitely use a password manager. Password managers prevent even physical access from compromising your passwords. A little physical password book is only as good as the lock on your door, which is far less secure than a master password for a password manager that's stored only in your memory.

Your only solution is to select passwords, that are hard to break but easy to remember, then you don't need to write them down anywhere!

But seriously, maybe you can ask your IT support to install a password manager server for your whole company, then you don't need to install one on your machine.

Sure! Here's a scheme that will not get compromised very often, if executed perfectly [1]:

1. Keep a list of sites you have passwords for. Put it somewhere secure enough. [2]




2. Keep a list of passwords. Keep it folded in your wallet. Be vigilant about showing it when opening your wallet, or when using a password from it. Destroy passwords you've memorized.




3. If your wallet is lost or stolen, enjoy the huge headache of changing all your passwords.

So, pretty much what a basic password manager does - memorability, mapping to sites, and confidentiality. It's just way more leg work than using a password manager. If you make mistakes doing this, it becomes far less secure than using a password manager. Given human fallibility, perhaps a password manager is better?

[1]: The main ding against this scheme is that you will eventually fall out of practice doing it, and it will be a huge mess when you need to actually change passwords.

[2]: 'Secure enough' will vary greatly depending on your needs. Are you a boring person whose saving their bank credentials? A safe in your basement is probably fine. Are you hiding from the NSA? This scheme probably isn't sufficient, honestly.

I still heartily recommend using a password manager. If that is impossible, and all the following are true:

• People can choose their own passwords.


• No one has to share passwords.
  
  
  
  
  • (Protected Excel files make this seem unlikely.)
  
  
  
  

...then you could suggest a Password Card to keep in their wallet.

Many recommend password managers. I don't disagree, that is indeed sound advice, but there is another possibility.

It is fairly doable to let them record information on where to find the password without significantly weakening the integrity of the password - to most attack vectors. Have each bring a personal book (think: Alice in Wonderland or something), which are kept together in a single bookshelf and make every password a combination of 3-4 words from the book. You can then write down anywhere you like the page number, line number and word number of those words. Yes, password lookup will be slower but it will increase the security of your passwords against brute force attempts, it will ensure that physical access to the office is necessary, as well as a who's-book-is-which to break the code in addition to electronic access to their "stored" password. This is a huge improvement over storing the passwords in plaintext in a file on the workstation - which only needs a single successful phishing attempt to work.

As a bonus, the passwords are more secure and easier to remember. Obligatory xkcd

But, then again, if they can't be bothered to not write passwords down into an excel file - it can be a tough sell to establish a cumbersome procedure such as this. YMMV.

This depends on who you fear might want to steal your passwords. The safest option is to use a password manager. That said, I use pen and paper.¹

How I – irresponsibly – store my passwords

I have a booklet at home with sites and passwords. The only ones I do not write down are that of my personal email and bank accounts. Personal email is important because a lot of the other passwords, at least the most important ones, can be reset using it.

If someone breaks into my house they can go to the unlocked drawer and take the booklet. This would suck, but I am more worried about them taking my computer, tablet, kettle, etc.

• Sure, I could tweak the passwords – before writing them down – with some trivial-to-break scheme to deter common thieves. I don't feel it is worth the effort but maybe I'll change my mind if someone breaks into my house.




• At work I need a couple of passwords, but I've pretty much memorized most of them so I can manage without having the booklet near me. If I forget a password and I am not home I can always reset it; this rarely happens, in part because a lot of the websites I use keep me logged in.




• There are passwords I rarely use. Say I log into some newspaper website and get logged out after 2 months. I'll search the booklet for the password or reset it.




• The strength of my passwords depends on the purpose. For newspapers or some obscure forums I'll use easy passwords. If its something work related (or deeply personal, like healthcare website) I use stronger passwords.




• The hard disk of my personal computer is encrypted with a strong password. This one is also not written down, so I guess that's three passwords I have to memorize. I've been wanting to make a copy and place it in a secure location, maybe a safe.




• If a computer-skilled thief wants to rob my passwords, I'd worry more about something stored in my machine then a physical booklet.




• I do not have a job that includes tasks such as the administration of machines (e.g. taking care of mail servers). My booklet wouldn't work for that. For that kind of task I'd probably be looking into 2FA plus a strong password stored in a secure location (e.g. vault) or whatever you're supposed to do at the company.




• If you're going to store passwords in your computer then use a password manager. Not excel, not a text or word document, but a password manager. Password managers are built with this exact goal – that of storing passwords – in mind. If I were to store passwords electronically, I'd use a password manager.



• 
  

  I don't have passwords stored at work.² If I did I'd use a password manager and wouldn't write them on paper. Paper can be stolen, and paper can be lost. Then the creepy guy that finds it can go look into your social media private messages. Nobody wants that.

  
  
  
  
  
  • Maybe if its a password no one cares about. I had to create an email account to test something out a couple months ago. Didn't use it for any other purpose. Is it a problem if someone steals the password? No.
  
  
  
  

_{¹ I've been wanting to look into password managers to find which one would be a good option for me, but never got around to do it. Eventually, the task will get done.}

_{² Okay, maybe the browser stores a couple of these. And there are a few private keys stored locally on my workstation.}