A lesson from Sony's massive hack: Don't store your passwords in Word docs and Excel sheets

It happens more often that you think, though

It's been a bad week for Sony Pictures, as hackers have compromised thousands of sensitive files--some not so sensitively stored.

These include plenty of documents--Word docs and Excel spreadsheets--containing all of the company's passwords--from admin passwords to computer and database passwords, all stored in a folder called "Passwords," as Fusion.net reveals.

Files with names like "Password File.doc" and "Server Priviledged Access.xlsx"--not to mention the previous data dump that contained employees' and execs' personal information--may be enough to make you shudder, but it's not just Sony that does this. The truth is plenty of companies store or have stored password lists like this in regular documents, password-protected, perhaps, but perhaps not.

We can and probably should blame the IT department, but security is always a tradeoff between convenience and protection--and many managers and higher ups would rather have a shared Word doc with every staff member's computer password than to have to learn to use new tools like KeePass or other password managers (and get others to start using them). Insecure password documents also get created when teams need shared passwords for the same account, such as the group Twitter account.

Sony's probably very embarrassed by this leak, but it's also a wake up call to companies who are doing the same and thinking this is secure. [h/t Gizmodo]

This story, "A lesson from Sony's massive hack: Don't store your passwords in Word docs and Excel sheets" was originally published by ITworld.


Copyright © 2014 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon