Storing Passwords in Encrypted Desktop Folder?

[Joe Bauers]

I want a solution better than storing passwords in a notepad or word file on my desktop.  I presume if my computer were to be compromised, these files can be downloaded.  Plus if my one drive account were to be hacked, a saved word doc could be opened remotely.

 

I do not want to go the password manager route because I do not want my passwords in the cloud, on 3rd party software, or sign up for some slave-ware service that requires a subscription.

 

My solution is a desktop folder protected by a password, preferably encrypted, that doesn't require lots of jumping through hoops to access.  I just want a secure desktop file that will hold a .txt doc.  I presume if the computer is hacked downloading my encrypted file might not be worth someone's time to reverse engineer.  

 

Does anyone recommend a technique to achieve this?  Using the built in folder password feature "Right Click > Properties > Advanced > Encrypt Contents" doesn't ask me for a password when I open the file even though a lock is present. Maybe I'm doing it wrong? 

[mystery_xD]

The EFS feature only works on Pro, Enterprise, and Education editions of Windows 10. I understand you are hesitant to use third party software but you can use 7zip to archive, then password protect your file which is basically the exact same as the windows feature. 

You could go further and instead of using 7zip AES Crypt, which is not a password manager. It is an opensource file encryption tool that uses the windows shell to encrypt files to the AES standard. Fully recommend all of these options. 
If you do have the Pro, Enterprise, and Education editions of Windows 10 mention that in your response please

Edited August 25, 2022 by mystery_xD
Spelling + Grammar

[Sjaakie]

Veracrypt may be a good option here. You can make an encrypted folder, put the .txt in there. Then after login unlock the folder with a password and open / edit the file as normal.

[LIGISTX]

37 minutes ago, Joe Bauers said:

I want a solution better than storing passwords in a notepad or word file on my desktop.  I presume if my computer were to be compromised, these files can be downloaded.  Plus if my one drive account were to be hacked, a saved word doc could be opened remotely.

 

I do not want to go the password manager route because I do not want my passwords in the cloud, on 3rd party software, or sign up for some slave-ware service that requires a subscription.

 

My solution is a desktop folder protected by a password, preferably encrypted, that doesn't require lots of jumping through hoops to access.  I just want a secure desktop file that will hold a .txt doc.  I presume if the computer is hacked downloading my encrypted file might not be worth someone's time to reverse engineer.  

 

Does anyone recommend a technique to achieve this?  Using the built in folder password feature "Right Click > Properties > Advanced > Encrypt Contents" doesn't ask me for a password when I open the file even though a lock is present. Maybe I'm doing it wrong? 

There are plenty of password managers that are free…. It’s all encrypted. If you trust websites, might as well trust password managers. Just always use 2FA (not text message based 2FA, that can be rather easily compromised), and you will be fine. Password managers are the most secure option because it provides you the ability to easily have a different password for every single account/website. So as websites and services get hacked and passwords compromised, no one can laterally move through all of your accounts with the same credentials. And again, it’s all encrypted.

 

But, yes, Veracrypt is a good local encryption option. Use verscrypt to save your 2FA recovery keys for example. 

[Kori]

Just use a local password manager like vaultwarden https://www.linode.com/docs/guides/how-to-self-host-the-vaultwarden-password-manager/

[NovaNightmare]

2 hours ago, Joe Bauers said:

I want a solution better than storing passwords in a notepad or word file on my desktop.  I presume if my computer were to be compromised, these files can be downloaded.  Plus if my one drive account were to be hacked, a saved word doc could be opened remotely.

 

I do not want to go the password manager route because I do not want my passwords in the cloud, on 3rd party software, or sign up for some slave-ware service that requires a subscription.

 

My solution is a desktop folder protected by a password, preferably encrypted, that doesn't require lots of jumping through hoops to access.  I just want a secure desktop file that will hold a .txt doc.  I presume if the computer is hacked downloading my encrypted file might not be worth someone's time to reverse engineer.  

 

Does anyone recommend a technique to achieve this?  Using the built in folder password feature "Right Click > Properties > Advanced > Encrypt Contents" doesn't ask me for a password when I open the file even though a lock is present. Maybe I'm doing it wrong? 

I used to use Sticky Password, and I didn't stop using it because it was bad, but because there were a few features I wanted it did not have.

 

Sticky Password at the time I used it has an offer for one-time lifetime usage, additionally, you can keep your saved passwords local and only sync them on your internal network or not at all on the cloud. 

 

I am a gigantic fan of 1Password today, but I also liked what I've seen with Bitwarden, which can also be local and offline to you - however that is more complicated.

 

So I often recommend Sticky Password to people who do not want anything to do with the cloud

 

Here is a link for a lifetime membership offer https://stacksocial.com/sales/sticky-password-premium-lifetime-subscription-4

 

You can go to their website (https://www.stickypassword.com/) and try it for free without buying it though, but a one time cost of $30 bucks is not bad at all.

 

There is also a free edition

[TetraSky]

Just use Keepass if you're going to keep them locally. At least that will be secured.

[Joe Bauers]

3 hours ago, mystery_xD said:

The EFS feature only works on Pro, Enterprise, and Education editions of Windows 10. I understand you are hesitant to use third party software but you can use 7zip to archive, then password protect your file which is basically the exact same as the windows feature. 

You could go further and instead of using 7zip AES Crypt, which is not a password manager. It is an opensource file encryption tool that uses the windows shell to encrypt files to the AES standard. Fully recommend all of these options. 
If you do have the Pro, Enterprise, and Education editions of Windows 10 mention that in your response please

Thank you for the 7zip advice.  I tried it out, and works great!  I'm on Win 10 Pro.

[LAwLz]

On 8/26/2022 at 3:23 AM, TetraSky said:

Just use Keepass if you're going to keep them locally. At least that will be secured.

Yep. 

KeePass is the only same recommendation here. 

Doesn't really matter what objections OP has to using it, it's the superior solution. 

[mr moose]

I use a physical notebook and pen.  It sits by my PC, when IO go away I can take it and then I have access to everything without needing my desktop.  If someone breaks into my house looking for it I have much bigger problems than a handful of online accounts which can (mostly) be easily frozen.

 

 

[mystery_xD]

On 8/26/2022 at 1:04 PM, Joe Bauers said:

Thank you for the 7zip advice.  I tried it out, and works great!  I'm on Win 10 Pro.

Glad I could help!

[LAwLz]

On 8/27/2022 at 1:42 PM, mr moose said:

I use a physical notebook and pen.  It sits by my PC, when IO go away I can take it and then I have access to everything without needing my desktop.  If someone breaks into my house looking for it I have much bigger problems than a handful of online accounts which can (mostly) be easily frozen.

But you still have issues like:

1) If you take it with you someone might take it (intentionally or unintentionally), and then you have suddenly lost all your passwords and someone else have gotten access to them.

2) Just because you have bigger problems like someone robbing you of physical things, does not mean you should take smaller issues lightly. If anything, during a bad time you want as few things to worry about as possible. To me, this is as ridiculous as saying "why have airbags in my car? If I am in a car accident then I have bigger issues than whether or not my airbags work".

3) A physical book also has the issue of potentially being destroyed by water, fire, wear and tear, or just being lost. 

4) A password manager allows for more structure and easier access to passwords for the authorized people than a notebook. You can copy and paste a password from a password manager. The same can not be said for a notebook.

 

Keep using a notebook if you want. I am just saying that a password manager has a lot of real benefits compared to it. "Good enough for me" does not mean it can't be improved, or that it is the "proper" way of doing something.

[maplepants]

Why not just using something like KeePassXC? KeePass vaults are basically what you're after here in that they're an encrypted file that just lives on your computer like any other file.

 

The difference with KeePassXC is that you keep all the nice features of a password manager like TouchID / Windows Hello, browser integration, and a much more robust security solution than you're likely to come up with on your own.

[mr moose]

13 hours ago, LAwLz said:

But you still have issues like:

1) If you take it with you someone might take it (intentionally or unintentionally), and then you have suddenly lost all your passwords and someone else have gotten access to them.

I would argue it is still safer than storing them all on a PC.  And more convenient.

 

13 hours ago, LAwLz said:

2) Just because you have bigger problems like someone robbing you of physical things, does not mean you should take smaller issues lightly. If anything, during a bad time you want as few things to worry about as possible. To me, this is as ridiculous as saying "why have airbags in my car? If I am in a car accident then I have bigger issues than whether or not my airbags work".

I never made that argument, I simply pointed out that if my house gets broken into I know straight away and I can notify my bank, steam, etc that my passwords have been compromised.  Rather than find out after the damage has been done that my password manager had an exploit.   (also I have 2fa so they would have to spoof my phone as well to take anything).  And that is a actually a bigger problem than my steam games being stolen online because that is a personal threat to my health which can't be fixed with a call to the bank.

 

13 hours ago, LAwLz said:

3) A physical book also has the issue of potentially being destroyed by water, fire, wear and tear, or just being lost. 

Sudden hard drive crash, fire, power surge, random new malware ransom ware infection.  There is a whole plethora of things that can happen to a PC.  To date I have update my password book three times (just copy them all to a new book when the old one gets ratty or there is no more room to write in the new password.  I have lost more hdd's to EOL failure and powersurges than I have passwords in a notebook.

 

13 hours ago, LAwLz said:

4) A password manager allows for more structure and easier access to passwords for the authorized people than a notebook. You can copy and paste a password from a password manager. The same can not be said for a notebook.

Never really been annoyed at using it.

 

13 hours ago, LAwLz said:

 

Keep using a notebook if you want. I am just saying that a password manager has a lot of real benefits compared to it. "Good enough for me" does not mean it can't be improved, or that it is the "proper" way of doing something.

I never said good enough for me equals anything.  I merely pointed out my preferred method and the reasoning behind it.