Could a Spreadsheet be Used to Securely Store Passwords?
I recently posted a post on LinkedIn, which generated a brief frenzy of activity and comments. This included some nasty direct messages, including some death wishes. Now I don’t want all of that again, so I will word this very carefully. I don’t plan to make an Excel based solution to put to market, I was merely entertaining the idea of ‘ how secure can I make it’ and have put together what I believe to be the most secure a spreadsheet can be. So here is my question:
Could a Spreadsheet be Used to Securely Store Passwords?
Many people will say no, because they have a vision of me typing up passwords in Excel and saving the file somewhere. That is not my plan. What if I made a spreadsheet to generate passwords (containing upper and lower case letters, digits, and special characters, and all at least 16 characters). It did this based on a ‘master’ password (8 digits) and memorable word (9 letters). It didn’t store the passwords, but merely stored a long number which would randomly generate. The actual passwords (the ones generated) are based on your master password, memorable word, and the long password number.
This would mean that all of your generated passwords are not stored. As soon as you remove your master password and memorable word, they don’t actually exist. You can now save the spreadsheet in a secure location. When you open in, enter the master password and memorable word, and it will once again generate the passwords (same as before). If someone were to get access to this spreadsheet, they could enter a master password and memorable word, but if it wasn’t the same as yours, they would get different passwords created, which would be wrong.
That may all be confusing, so if you need to see this idea in action, watch this video.
What do you think?
I’m not a security expert, I make spreadsheets. This is my idea of the most secure a spreadsheet can be, I’m not saying it is secure enough. If you would like to explain why this is breakable, I’d love to hear (but please no death wishes). How secure is this? Why is it not secure enough? How does it compare to other password protectors? Is there ever a scenario to use a solution like this? As I said in the video, you’d need to firstly get access to the spreadsheet, then you’d need to know at least one of the listed passwords, then you’d need to do a lot of reverse engineering formulas and trial and error to possibly work back to the password. I couldn’t do this, but that doesn’t mean it’s impossible.
I’d love to hear your thoughts, but I had to turn comments off for the blogposts, so I have included a link to the LinkedIn post about this post, as well as my personal profile. Feel free to comment there or DM me if you’d prefer.
Recent Comments