Storing sensitive data like bank accounts and passwords in a spreadsheet -- Is it safe?

Say you have a spreadsheet filled with sensitive info in the vault. Once you open this file for editing, won’t the OS save some kind of temporary file for that edit in an un-encrypted way??

There might be also other caching processes in the machine that I’m not aware of.

So my question is basically is this safe?

I’ll sync encrypted files with a cloud service.


Well, as I’m one of this paranoid users, especially when it comes to passwords, account-data, etc, I would say: No
Although caches and temporary files are deleted after closing the files, this feels not 100% safe for me.
There are much better ways to deal with such data. Like KeePass, or other Password/Account Managers.

But, I guess every file you open leaves an unencrypted trace on your OS. So it makes sense to encrypt the complete system.
Cryptomators approach is to hide your data from online storage providers. Nothing more, nothing less. So yes, if you want to store your passwords in a file and store it online (for whatever reason), then Cryptomator does what it is designed for: hide this information from your storage provider.
Please see also Cryptomators security target

1 Like

If you’re on Windows, I imagine there’s a copy of your file somewhere down in the roaming directory. How else could your application undo your last 6 changes?

A password manager performs additional tasks for you, like deleting passwords from the system clipboard after 15 seconds or shutting down your database after you forget and walk away. If you’re tired of always having to think of new passwords, it can generate new ones with a specified level of entropy. Some can send the username and password directly to your current webpage. The online managers can fill out forms for you (though, in my paranoia, I don’t use online managers for bank accounts). The online managers will also offer to capture the information you’ve created for a new account so the whole process is seamless. Some managers (I understand, don’t use it yet) can use authentication devices (yubi-key) to login, providing additional security. Others will let you use a “secret” file as an additional security component, so even if someone has your file they can’t brute force it.

So, off hand, there doesn’t seem to be a lot of compelling reasons to use a spreadsheet, unless there’s some special case business reason.