...with Excel you can imagine what is possible and what not... Never ending story ๐ I agree everything can be bypassed but for many people it is well known addins or scripts is the issue so policies, users or antiviruses blocks them. Not true with config manipulation in Keepass or any other apps. Maybe users can imagine there is plugin support in Keepass but minimum will know about export trigger. Yes it is fault on user side and that Keepass is not so publicly discussed. What I wanted to say is...
...with Excel you can imagine what is possible and what not... Never ending story ๐ I agree everything can be bypassed but for many people it is well known addins or scripts is the issue so policies, users or antiviruses blocks them. Not true with config manipulation in Keepass or any other apps. Maybe users can imagine there is plugin support in Keepass but minimum will know about export trigger. Yes it is fault on user side and that Keepass is not so publicly discussed. What I wanted to say is...
Mentioned it in my post before I spotted your response, agree with cloud based attacks vs. printed passwords but don't agree with Keepass vs encrypted excel. If I will be general admin in shared environment, with admins using Keepass and Excel. It seems now that it will be quite hard to export an encrypted xlsx vs. export Keepass db. And yes, it is mainly because these admins don't know such "hidden" feature exists, how easily it is possible to export their protected DBs. And yes, it is their fault...
Mentioned it in my post before I spotted your response, agree with cloud based attacks vs. printed passwords but don't agree with Keepass vs encrypted excel. If I will be general admin in shared environment, with admins using Keepass and Excel. It seems now that it will be quite hard to export an encrypted xlsx vs. export Keepass db. And yes, it is mainly because these admins don't know such "hidden" feature exists, how easily it is possible to export their protected DBs. And yes, it is their fault...
mentioned in my post, agree with cloud based attacks vs. printed passwords but don't agree with Keepass vs encrypted excel. If I will be general admin in shared environment, with admins using Keepass and Excel. It seems now that it will be quite hard to export an encrypted xlsx vs. export Keepass db. And yes, it is mainly because these admins don't know such "hidden" feature exists, how easily it is possible to export their protected DBs. And yes, it is their fault but it is the best practice to...
Do you want to say that all password managers are useless, so recommending an encrypted xlsx Excel file which is much more robust? It is silly but it is like that. You need much more skills to open encrypted db with help of user and automatically export it, without stealing his session, highjack processes, etc... Definitely better to use e.g. mentioned excel sheet than hand written pwd pinned to the monitor ๐ but you are true, for cloud based attacks, definitely hands written passwords is a win ...
But it is also true your passwords are safe like protection of your config file. If your PC is clean, no other admins/users, you are on a safe side. But honestly in such cases you will be safe with unencrypted txt file as well๐ It is not the question how hard is it to gain such access to it but that it is possible and users don't know it so in most cases they don't protect config file and antivirus does the same...
But it is also true your passwords are safe like protection of your config file. If your PC is clean, no other admins/users, you are on a safe side. But honestly in such cases you will be safe with unencrypted txt file as well๐ It is not the question how hard is it to gain such access to it but that it is possible and users don't know it so in most cases they don't protect config file, antivirus does same...