top of page

Why Keeping Passwords in Excel or Sticky Notes is a Recipe For Disaster!

There is a well known saying – “You are only as strong as your weakest link”.

This idiom is used to express many things. For example

  1. A group can only be as successful as its least successful or powerful person.

  2. The strength of a chain is limited to that of the weakest link in the chain.

So, in the context of cybersecurity, this proverb could be paraphrased as “your business is as cyber resilient as your weakest vulnerability point”.

Having said that, if your organization is still using an Excel spreadsheet or Sticky Notes to store and manage sensitive passwords, then the keys to your kingdom are at risk!

If that is the case, the good news is that you are not alone. But keeping account passwords and credentials on a spreadsheet poses a severe security risk.

Using Excel or Sticky Notes was never intended to be used as a password manager. Sure, it is easy and accessible. But, there is no chance it’s ever going to be the best way to store passwords.

Think of it this way. Would you put your house keys under the front door mat? Most likely not! Sure it is easy and accessible. But then again, any unwanted visitor could quickly find it too.

What would happen if…

  1. Your spreadsheet was no longer available? For example, it was accidentally got deleted, misplaced or corrupted.

  2. You inadvertently attached your spreadsheet into an email and was unintentionally sent? I know you wouldn’t do that, but we humans make far worse mistakes than these.

  3. A hacker manages to compromise your computer and now had access to your spreadsheet?

  4. Your cleaner came into your room and read your important writings scribbled on your Sticky Notes stuck on your computer? But since your cleaner is a trustworthy individual, nothing would happen. But, there are stories that suggest otherwise…

In any of the above cases, at the minimum, you could be spending some considerable amount of time re correcting your mistake. At worse, your business would be crashing down with a massive financial loss to you personally.

Here is a funny and yet terrifying example.

An inaccurate warning of an incoming missile attack rocked Hawaii on January 13, 2018. It was simply an error, an internal test of the alert system made public unintentionally.

Since then, people have discovered that a photo taken in Hawaii’s Emergency Management Agency for a news article in July includes a sticky note with a password.

Hawaii says the alert was sent because “an employee pushed the wrong button” not because of a hack, but the photo has sparked criticism about the agency’s level of security.

An agency spokesman told Hawaii News Now that the password is authentic, and had been used for an “internal application” that he believed was no longer being used.

While these computers are unrelated to the system that sent the false missile alert, the photo raises questions about the approach to information security at the agency.

What can you do moving forwards?

While gaffes like these make everyone squirm, the real question is, what should you do? Is it wise to write things down if your memory is not robust?

Opinions vary, but many experts advocate using a password manager software that remembers all your passwords except the master access key.

What is a password manager?

While technology promises to make our lives easier, and it generally does, every new website and application that you have signed up for is another password that you have to remember. For most, it has become impossible and frustratingly to remember them all.

That’s why you need to use a password manager. A password manager is a software application designed to store and manage online credentials. Usually, these passwords are stored in an encrypted database and locked behind a master password.

Once all your account usernames and passwords have been entered into the password manager, your master password is the only one you have to commit to memory. Entering your master password unlocks your password manager, and from your vault, you can then retrieve whatever password you need making your life easy.

Best of all, you can find many free password managers programs that do a great job.

5 views0 comments

Comments


Post: Blog2_Post
bottom of page