How do I securely store and manage 180 passwords?

I have about 180 passwords for different websites and web services. They are all stored in one single password protected Excel document. As the list gets longer I am more and more concerned about its security.

Just how secure, or should I say insecure, is a password protected Excel document? What's the best practice for storing this many passwords in a secure and easy manageable way?

I find the Excel method to be easy enough, but I am concerned about the security aspect.


My favorite password storage tool is KeePass:

enter image description here

What is KeePass?

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.


Is there any limit as to how many passwords you can store in it?

Only in theory. You can put as many entries into the database as you want, but at some point your USB key or HDD will be full.

Is there a way to automatically sync changed passwords?

No, not like you expect it.
You'll want to make that a regular, manual process. This can not and should not be automated.

I like to set up expiration dates for all my password entries: enter image description here
Then I remember to change my passwords regularly. I store the URL of the website with the password entry, so it's a quick process.

Can I automatically log on to a website like Facebook using this software?

No, not automatically either (at least to my knowledge). But this is where Auto-Type comes into play. For example, for Facebook, this is my Auto-Type setup:

enter image description here

As you can see, I've created 3 configurations for different browser titles. This allows me to simply go to facebook.com, press Ctrl+Alt+A, and the username and password will be automatically entered and I will be logged in.

If you have multiple username/password combinations for the same window title, you'll get a popup window asking you which password entry should be used.

What about mobile?

There are apps that support the KeePass container format on mobile devices. But I stay away from those. I just don't like the thought of my KeePass database on my phone.

I prefer to only transfer single passwords using the QR Code Generator plugin. It lets you generate a QR Code from a password, which you can then scan with your phone. It helps to have an app that can copy the scanned content to clipboard.

enter image description here


There appear to be several easy to use Excel password crackers around.

I would use a password management system like 1password or LastPass which work on several OSs including mobiles.

These have plugins for most browsers which can fill in passwords and other information to the web form. 1password can also set up a bookmark in the browser which will automatically login (All uses of the app require use of a master password first)

1password can also store notes, account (e.g. email, ftp) and templates to help store credit card, bank account and other information. Although it is commercial you can get a free demo that allows entry of up to 20 items.

One difference between the two is that 1password only stores the data locally (although you can sync the encrpted data using dropbox or similar) , Lastpass can (must? someone please correct this) store the data on its web site which allows web access to the data and no need for dropbox etc.