How to make a spreadsheet (be it Google Sheets or MS Excel) secure?

[c.grz]

Password encrypt the documents you update and print to PDF to give to family members and that way then can't modify any data.  If you get hit by a bus then they'll need to take the latest PDF they received and give it to the next person that'll fill your roll.

 

I have a client who manages the "family money" of a prominent local family and it wasn't this hard to do this when he asked for something similar. You're over complicating things...

[Technique]

  On 21/12/2018 at 14:45, Mindovermaster said:

What didn't work why encrypting it? As Budman says, It's very very easy...

Expand  

I'll talk you through the steps and you can tell me where i went wrong.

Bear in mind that i am a typical caveman who can't(doesn't) read instructions. I know i should. My impatience is something that irritates the wife endlessley so i KNOW i'm impatient.

 

But before this, can i ask - is there an encryption software that you can use that DOESN'T need to be installed on the machine that is trying to open the file, or will it always need to be installed on there? (Which may make this tricky if they forget what software they need to then go download, or that software no longer exists).

 

* Went here: https://www.gnupg.org/download/index.html

* Saw the stuff saying "source code" and "To use them you need to build the binary version from the provided source code" and thought that sounds well beyond my capabilities. Let's scroll further to see if something looks appealing...

* Got to [GnuPG binary releases] & downloaded [Gpg4win] next to where it said Windows.

* Installed the thing and got to the screenshot i uploaded earlier.

* Looked at it and thought WTF now?

* As i want to encrypt something i looked for something saying encrypt so clicked "sign/encrypt" in the top left, found the file and clicked open.

*

 

Got that one and ticked the bit that i drew a tick on as i realised when i took that screenshot it was unticked.

 

* Created a password

* It 'encrypted it'

* Went to click open the new file but wasn't asked for a password.

 

Save or discard. I just want to open the damn thing.

 

And i saw no pages like Budman showed where you can set how long it stays encrypted for or whatever.

[Technique]

  On 21/12/2018 at 14:48, c.grz said:

Password encrypt the documents you update and print to PDF to give to family members and that way then can't modify any data.  If you get hit by a bus then they'll need to take the latest PDF they received and give it to the next person that'll fill your roll.

Expand  

There'll be no 'next person' unless they learn themselves which they have no interest in doing because for most people moving money around to make it work as hard as it can is "too much work" and "boring". Weird that i have no patience yet i have time to help them all with this. I'm not really that knowledgable in many areas so i like to help where i can.

  9 minutes ago, c.grz said:

 

I have a client who manages the "family money" of a prominent local family and it wasn't this hard to do this when he asked for something similar. You're over complicating things...

Expand  

So i get told...very very frequently. So frequently in fact that i just shut off to it now and say yeah right ok to those who can't suggest a suitable alternative.

 

Some (on this topic) think putting it down on paper is a 'suitable alternative'. Good for them. It's not.

[c.grz]

  On 21/12/2018 at 14:59, Technique said:

So i get told...very very frequently. So frequently in fact that i just shut off to it now and say yeah right ok to those who can't suggest a suitable alternative.

Expand  

I'll put it this way; the issue you have requires a $10 solution, so why go looking for a $1000 solution?

[Mindovermaster Global Moderator]

  On 21/12/2018 at 14:56, Technique said:

I'll talk you through the steps and you can tell me where i went wrong.

Bear in mind that i am a typical caveman who can't(doesn't) read instructions. I know i should. My impatience is something that irritates the wife endlessley so i KNOW i'm impatient.

 

But before this, can i ask - is there an encryption software that you can use that DOESN'T need to be installed on the machine that is trying to open the file, or will it always need to be installed on there? (Which may make this tricky if they forget what software they need to then go download, or that software no longer exists).

 

 * Went here: https://www.gnupg.org/download/index.html

* Saw the stuff saying "source code" and "To use them you need to build the binary version from the provided source code" and thought that sounds well beyond my capabilities. Let's scroll further to see if something looks appealing...

* Got to [GnuPG binary releases] & downloaded [Gpg4win] next to where it said Windows.

* Installed the thing and got to the screenshot i uploaded earlier.

* Looked at it and thought WTF now?

* As i want to encrypt something i looked for something saying encrypt so clicked "sign/encrypt" in the top left, found the file and clicked open.

* 

 

Got that one and ticked the bit that i drew a tick on as i realised when i took that screenshot it was unticked.

 

* Created a password

* It 'encrypted it'

* Went to click open the new file but wasn't asked for a password.

 

 

Save or discard. I just want to open the damn thing.

 

And i saw no pages like Budman showed where you can set how long it stays encrypted for or whatever.

Expand  

It does not encrypt the .gnupg file, it encrypts the file within it. Try opening the .pdf file IN it. It will ask you for a password.

 

Unless you enable it, will never expire...

[Mindovermaster Global Moderator]

  On 21/12/2018 at 14:48, c.grz said:

You're over complicating things...

Expand  

Yes he is...

[Technique]

  On 21/12/2018 at 15:04, c.grz said:

I'll put it this way; the issue you have requires a $10 solution, so why go looking for a $1000 solution?

Expand  

Why play crosswords when you can get straight to the point? The Riddler was never my favourite Batman character.

 

So basically then, are you saying that all this encryption is unnecessary and for the information that will be stored a simple Excel password will be perfectly fine?

 

That's one of the issues i'm having as i'm looking in to it more & more. Some people are responding like i should treat it as though i'd need to 'secure' my shopping list - so i could stick it in the local newspaper it doesn't really matter and the other end of the scale people seem to be saying i should treat it like the most confidential government file in history with security levels that don't even exist yet.

 

I'm not actually sure how secure it should be & that's the point.

 

The chances of someone wanting to get in to MY google drive out of all the google drives out there for information that wont even get them direct in to my accounts (no usernames/passwords will be stored) is slim. Obviously there's always a chance but it's slim, so to my mind a simple password from within Excel and from within Word SHOULD be fine, in theory.

 

But when people who i always consider more knowledgable than I anyway start talking about the need for encryption, it makes me wonder.

[c.grz]

  On 21/12/2018 at 15:36, Technique said:

Why play crosswords when you can get straight to the point? The Riddler was never my favourite Batman character.

 

So basically then, are you saying that all this encryption is unnecessary and for the information that will be stored a simple Excel password will be perfectly fine?

 

That's one of the issues i'm having as i'm looking in to it more & more. Some people are responding like i should treat it as though i'd need to 'secure' my shopping list - so i could stick it in the local newspaper it doesn't really matter and the other end of the scale people seem to be saying i should treat it like the most confidential government file in history with security levels that don't even exist yet.

 

I'm not actually sure how secure it should be & that's the point.

 

The chances of someone wanting to get in to MY google drive out of all the google drives out there for information that wont even get them direct in to my accounts (no usernames/passwords will be stored) is slim. Obviously there's always a chance but it's slim, so to my mind a simple password from within Excel and from within Word SHOULD be fine, in theory.

 

But when people who i always consider more knowledgable than I anyway start talking about the need for encryption, it makes me wonder.

Expand  

So would you equate this spreadsheet with a shopping list? If so, even applying a password is overkill.

 

You said you had a document that you want to edit while everyone else can just read. That solution was presented already on the first page.

 

What sort of data is on this spreadsheet? Usernames and passwords? Bank Accounts?

[Technique]

  On 21/12/2018 at 15:47, c.grz said:

So would you equate this spreadsheet with a shopping list? If so, even applying a password is overkill.

Expand  

No, obviously i would not. The point i was making which i'm sure you got was that OTHERS are ranging from one extreme to the other and as this is my ball game i'm the one who needs to work out which road to go down. Obviously no protection whatsoever is a bad idea so it needs a MINIMUM of a password, but perhaps that's also the MAXIMUM it needs, i don't know.

  13 minutes ago, c.grz said:

 

You said you had a document that you want to edit while everyone else can just read. That solution was presented already on the first page.

Expand  

Yes i do. I'm the one entering all this info. The family members are just there to read it. The last thing any of us wants (my mother would be the most likely culprit) is accidentally hitting a few cells, rewriting the info in there & saving it & not realising what they've done.

  13 minutes ago, c.grz said:

 

What sort of data is on this spreadsheet? Usernames and passwords? Bank Accounts?

Expand  

No, no usernames or passwords. They don't need that. Sure it'd be helpful but i don't want to get too technical with it. I want to keep it as simple as possible. I don't know how the American banking system works but i imagine somewhere similar to the UK one, so...

 

sort codes & account numbers.

Direct debits set up on each account - who the direct debit is paying, what it's for, an explanation of that payment if required, how much it is (if fixed amount) and how frequent it is.

Standing Orders on the account - who to (persons name), account it goes to, the amount it's for, why it's in place, how frequent it is.

Lists of current accounts (bank accounts), savings accounts including ISAs, brief pension account details including the banks/building societies/companies these are all with.

And a word document that will details for each person what they are to do in order to simplify everything - what needs to be cancelled etc so that it can run easily for them.

 

In the event i died they could go to each bank and say look, my son/brother/husband sorted out my money for me, these are the details i know about what i apparently hold with you and this is what he's instructed i do.

 

And each family member would have legal rights to do it all - because it'd all be in their own names, so they could prove ID without issue.

 

The average man would not be able to use any of that information to access the accounts and obtain the money inside because there are no usernames & passwords. Indeed, even beyond this i don't know how they'd access the money because while i'm monitoring it i'll notice anything that isn't right, like i did earlier in the year, and got in touch with the banks fraud department and had the money returned.

 

 

 

Sorry it's a bit long winded but if that helps you to help me then it's needed.

[Astra.Xtreme]

All I can say is don't use Excel for securing anything super important.  I've had many password protected spreadsheets that I've had to crack at work, and all it took was a 2 minute Google search for an Excel add-on that would crack the password.  It was actually kind of sad how easy it was.

[c.grz]

  On 21/12/2018 at 16:09, Technique said:

sort codes & account numbers...

 

Expand  

This is exactly what the client I'm supporting has. The data was coming from an Access database but what he gave the clients was a PDF. Changes were made quarterly and updated PDF's set out in a secure site for the clients to login and take.

[Technique]

  On 21/12/2018 at 16:19, Astra.Xtreme said:

All I can say is don't use Excel for securing anything super important.  I've had many password protected spreadsheets that I've had to crack at work, and all it took was a 2 minute Google search for an Excel add-on that would crack the password.  It was actually kind of sad how easy it was.

Expand  

Was that for Excel files from 2010 onwards? Because i read the Excel software from 2007 & previous was 'apparently' easy to hack.

I also saw a YouTube video today which apparently showed you how to hack sheets but all the replies were coming in saying if the actual file is passworded then the hack doesn't work.

 

  On 21/12/2018 at 16:34, c.grz said:

This is exactly what the client I'm supporting has. The data was coming from an Access database but what he gave the clients was a PDF. Changes were made quarterly and updated PDF's set out in a secure site for the clients to login and take.

Expand  

It's about 17 years since i used Access on a Windows 3.1 or 3.11 machine or whatever it was. That long i can't even remember the version. I do remember needing some sort of programming knowledge but then that's what the teacher was for.

 

At the end of the day whatever is in place needs to be simple - both for me AND especially them.

 

My changes will be made whenever changes are made. It's taken me a week to put this together & i've not even finished yet because i find this part of it boring so i keep getting distracted. If i don't edit the whole thing as something changes then it'll get to the point where i have to do so much editing that i'll not want to bother, plus i'll forget so it needs to be done the moment anything changes.

 

I wonder about the .pdfs you mention and the secure site but at the same time i also do wonder about whether it makes things easier or not.

 

Now if a simple (ok not simply as in "password") password on the file is good enough then it can get thrown in to Google Drive which they can access no problem. That's only "IF" a password on the file is enough. Depends how easy they can be cracked.

[Astra.Xtreme]

  On 21/12/2018 at 16:44, Technique said:

Was that for Excel files from 2010 onwards? Because i read the Excel software from 2007 & previous was 'apparently' easy to hack.

I also saw a YouTube video today which apparently showed you how to hack sheets but all the replies were coming in saying if the actual file is passworded then the hack doesn't work.

Expand  

It was on Excel 2016. The add-on would decrypt and even display the password.

I've since moved to Office 365 and haven't retried the add-on, so I'm not sure if it still works.

[sc302 Veteran]

Well there is excelsafe.  Probably the only way to really secure the file.  

http://www.ofnisystems.com/products/excelsafe/

 

Excel shouldn't really be used though.  If you are trying to secure excel you should be considering sql and building an app to support your needs/ui.

[Technique]

No offence but you're talking a totally foreign language to me now and this could fast start getting way away from me. Nothing against what you're saying but my understanding can't keep up with you.

 

I'll have to look at the encryption side of things.

[sc302 Veteran]

  On 21/12/2018 at 19:56, Technique said:

No offence but you're talking a totally foreign language to me now and this could fast start getting way away from me. Nothing against what you're saying but my understanding can't keep up with you.

 

I'll have to look at the encryption side of things.

Expand  

Who me?  I thought what I said was very simple. 

[Technique]

  On 21/12/2018 at 20:56, sc302 said:

Who me?  I thought what I said was very simple. 

Expand  

"sql"s and "building apps". I'm no app creator, i wouldn't even know where to begin. What i'm saying is i think it's beyond my capabilities. Maybe it isn't but at the moment with the understanding i have, it is.

 

I'm in the process of going ahead with the Excel file as it's what i know. Not to say it can't change at a later date if i can extract the info without manually entering it all again but i need something in place this week as i'm off work. Once i'm back at work i guarantee 100% i wont feel like doing it so it needs to be done now.

What i'm looking for is something simple. Nothing too technical. If i don't need encryption then i don't need it, if i do then i do. If Google Drive is ok then it's ok, if it's not then i need an alternative.

 

It's ok certain members here getting all huffy because i "don't listen" to THEM. Thing is i do, but i also have people on the internet disagreeing with each other. Google Drive is no good, Google Drive is fine. Encryption is overkill, Encryption is required. The password from within Excel is fine enough, the password from within Excel can get cracked in 5 seconds flat. That only applies to older Excel versions, no it doesn't it applies to newer ones also.

 

And if i don't do what 'one' of them says then i'm "not listening" and i was "told on page x".

 

I'm the one that needs to determine A) which suggestion i think i can understand because i'm not a huge techy guy and B) which i think is suitable, because everyone is here saying they know better than the man on their right.

[sc302 Veteran]

redacted everything.....

 

 

 

Edit: Yea, this is way above your needs.  And you are way overcomplicating things.  Just make a file and put it on google drive or onedrive or box or dropbox.  Zip it up and password protect it with a password you all know.  damn man...use lastpass and document there.  give everyone in your family the password for lastpass and document there.  

 

[Mindovermaster Global Moderator]

  On 21/12/2018 at 21:29, Technique said:

It's ok certain members here getting all huffy because i "don't listen" to THEM. Thing is i do, but i also have people on the internet disagreeing with each other. Google Drive is no good, Google Drive is fine. Encryption is overkill, Encryption is required. The password from within Excel is fine enough, the password from within Excel can get cracked in 5 seconds flat. That only applies to older Excel versions, no it doesn't it applies to newer ones also.

Expand  

When did we ever disagree with each other? That was you asking 100 questions and not understanding us.

[Technique]

I went on YouTube to see about this gpnub thing or whatever it is. See how to use it. No wonder it baffled the F out of me.

They were showing you having to do coding. I've never done coding just like i never do foreign languages! Only language i do is English.

 

So then i had a look on YouTube at that VeraCrypt and how you use it. Made it look quite easy to understand.

Creating a file which operates like a hard drive (or so it seems to my eyes) that is encrypted.

I saw how to make a USB flash drive encrypted. My only wondering then though is that could you put the VeraCrypt installer on the USB stick (i'm guessing not) because the chances of anyone remembering what program they need to install to open the files on there would be a bit slim.

UNLESS you could partition the USB stick, which i've never actually done.

But yeah, VeraCrypt looked much easier to understand.

 

[+BudMan MVC]

So your google fu is just as bad as the rest of your tech skills it seems.

 

Did you think of just RTFM?

https://www.gpg4win.org/doc/en/gpg4win-compendium_24.html

Signing and encrypting files

 

So now your going to partition USB sticks.. Vs just right clicking a file and picking encrypt or decrypt?  Because you did a google and saw someone use a cmd line?

 

How exactly are you going to update these remote USB sticks with an encrypted partition on them?  Vs storing a file in the cloud that these people have access to.. Or just emailing them a new copy.. Or having them sync the new copy to their machines via dropbox, or any of the other sync packages..

 

To be honest the lastpass emergency access is going to be the EASY no Brianer way for you to do this... And is FREE you do not have to use premium..  No "coding" involved... 

 

Other then you read some idiot on the net telling you not to store stuff online...

 

Was it this guy?

[Technique]

  On 22/12/2018 at 12:22, BudMan said:

So your google fu is just as bad as the rest of your tech skills it seems.

 

Did you think of just RTFM?

Expand  

If i knew what RTFM was then i'd answer you. That's the problem when tech guys use abbreviations on non-tech guys.

Makes them feel good inside because they know something someone else doesn't - or at least this statement applies for certain types.

  Quote

So now your going to partition USB sticks.. Vs just right clicking a file and picking encrypt or decrypt?  Because you did a google and saw someone use a cmd line?

Expand  

Once again you jump the gun. As much as i may not get what you say or at least not immediately, you sure do like to jump the gun.

LOOKING AT partitioning USB sticks was one possibility. I had a look that Windows only 'sees' or lets you use the first partition so that's that option out of the window. That's the thing - i look at possibilities and decide from there whether +/-.

And yeah i "did a google" or rather i used YouTube, because i have on one side someone saying "this is easy, just do it". Niiiiiiiiiiice. So i went looking to find someone to show me how to do it (YouTube) and saw command lines and that's when i said you know what - typical of this guy. He's aware of my limitations (remember from before - car shiny, car go fast?) so he's suggested something more technical than a suitable other option because he knows what's going to happen when i try it.

  Quote

 

How exactly are you going to update these remote USB sticks with an encrypted partition on them?  Vs storing a file in the cloud that these people have access to.. Or just emailing them a new copy.. Or having them sync the new copy to their machines via dropbox, or any of the other sync packages..

Expand  

Like i said, USB has been put aside now, it's not really an option.

 

 

 

Is there a reason you appear to be against VeraCrypt for example? I know you haven't word-for-word said you're not but you're saying encrypt the file and as far as i can see that's what VeraCrypt does, it's just a different program. I can get from A-B in a Ford just like i can get from A-B in a Nissan. I'm still getting from A-B.

[Technique]

If i have to do this first

Then i got as far as name and email address. It then asks me whether i want to back it up or not and regardless of whether i say yes or no, it returns an invalid argument error and the program crashes.

 

[Mindovermaster Global Moderator]

  On 22/12/2018 at 13:00, Technique said:

If i knew what RTFM was then i'd answer you. That's the problem when tech guys use abbreviations on non-tech guys.

Makes them feel good inside because they know something someone else doesn't - or at least this statement applies for certain types.

Expand  

https://en.wikipedia.org/wiki/RTFM

 

 

[+BudMan MVC]

Dude how is you have found neowin back in 2003.. And have never seen RTFM? 

 

Is ROFL, or LOL unknown to you as well?

 

Here is a clue when you see an acronym how about you freaking google, or hey alexa what does RTFM mean

 

Back in my day before the internet teacher would hand you the dictionary when there was a word you didn't understand.. It's the same thing - is this freaking 2nd grade?

 

Literally it would take you less time to look up that acryonm then post your response.  I mean really.. Its like you like to come to a tech site and play like this is your first day with a freaking computer..  The more I read your stuff the more I think your just freaking trolling..  Do you not know what trolling means?  Here let me google that for you

http://bfy.tw/i5j