Following this discussion about "Online Passwords Managers" I wonder whether it is a good idea to store the passwords using a spreadsheet inside Gmail documents? I mean, it seems to me that these password will be as safe as my Gmail account which I consider to be safe enough. Is my assumption correct, or this way of storing passwords is not recommended?
Asked
Active
Viewed 7,702 times
4
-
The google spreadsheet is not encrypted thus it is stored in plain text. Which means anyone with acces to your Google account can access the file. – Ramhound Jun 18 '12 at 13:04
-
I typed out all my passwords and then saved as a PDF, stored it in an innocuous named folder on gmail. How safe is that? – Mar 25 '13 at 23:25
-
What's the up-to-date thinking about this (now in 2021)? – Richard Feb 21 '21 at 14:31
3 Answers
3
I have done that before and it is a fairly good solution when you need to share certain password lists with other administrators. Yes, your gmail account can be somewhat safe if you use it correctly. On the other hand, gmail is also a pretty big target, is susceptible to government subpoenas, and you have to be VERY careful that everything that connects to your gmail account uses a trusted SSL connection. It is very easy to take over a gmail account just by sniffing unencrypted traffic.
My preferred solution, other than an online password manager, is to place a password-protected excel spreadsheet on a shared cloud storage folder.
700 Software
- 13,897
- 3
- 53
- 82
Mark Burnett
- 2,810
- 13
- 16
-
Wouldn't it make more sense to use an offline password manager && save the resulting archive to the cloud? – Rubber Duck Nov 15 '13 at 17:18
0
Many of the javascript attacks have come through advertising circulated via google.com. Mitigate that by creating a dedicated firefox profile just for password management blocking all other sites besides docs.google.com.
It is better to encrypt on the client side so what is stored online is not reversible. If google supports a way to encrypt at the client in javascript, then google docs may be ok.
ClipperZ is an open source project that you could host yourself on a private server only accesible via your vpn. Passwords are encrypted in the browser before being sent to the server.
rjt
- 284
- 1
- 5
-
In the past, there were many cracking programs to crack an Excel spreadsheet password. Not sure if that has changed much in the last few years. – rjt Jun 17 '12 at 04:54
-
1
0
I would suggest a personal encryption technique, like for example whenever you save passwords, alter some letters at specific positions personally known to you, ( e.g may be the first and second last). For example you are storing password foo762. don't save as "foo762" instead alter first and last by next digit-letter, like "goo772". trick, you must know positions and addition/subtraction by 1,2 etc, of your choice.
bilal
- 1
-
Don't be a dave: http://security.stackexchange.com/questions/25585/is-my-developers-home-brew-password-security-right-or-wrong-and-why – Simon Nov 15 '13 at 13:12