How to make a spreadsheet (be it Google Sheets or MS Excel) secure?


Recommended Posts

Password encrypt the documents you update and print to PDF to give to family members and that way then can't modify any data.  If you get hit by a bus then they'll need to take the latest PDF they received and give it to the next person that'll fill your roll.

 

I have a client who manages the "family money" of a prominent local family and it wasn't this hard to do this when he asked for something similar. You're over complicating things...

  On 21/12/2018 at 14:45, Mindovermaster said:

What didn't work why encrypting it? As Budman says, It's very very easy...

Expand  

I'll talk you through the steps and you can tell me where i went wrong.

Bear in mind that i am a typical caveman who can't(doesn't) read instructions. I know i should. My impatience is something that irritates the wife endlessley so i KNOW i'm impatient.

 

But before this, can i ask - is there an encryption software that you can use that DOESN'T need to be installed on the machine that is trying to open the file, or will it always need to be installed on there? (Which may make this tricky if they forget what software they need to then go download, or that software no longer exists).

 

* Went here: https://www.gnupg.org/download/index.html

* Saw the stuff saying "source code" and "To use them you need to build the binary version from the provided source code" and thought that sounds well beyond my capabilities. Let's scroll further to see if something looks appealing...

* Got to [GnuPG binary releases] & downloaded [Gpg4win] next to where it said Windows.

* Installed the thing and got to the screenshot i uploaded earlier.

* Looked at it and thought WTF now?

* As i want to encrypt something i looked for something saying encrypt so clicked "sign/encrypt" in the top left, found the file and clicked open.

* encrypt02.thumb.jpg.814bea1232621c1b6be71de0aa025fc0.jpg

 

Got that one and ticked the bit that i drew a tick on as i realised when i took that screenshot it was unticked.

 

* Created a password

* It 'encrypted it'

* Went to click open the new file but wasn't asked for a password.

encrypt03.thumb.jpg.21798689ddea5a574b2072ff06163fe0.jpg

 

Save or discard. I just want to open the damn thing.

 

And i saw no pages like Budman showed where you can set how long it stays encrypted for or whatever.

  On 21/12/2018 at 14:48, c.grz said:

Password encrypt the documents you update and print to PDF to give to family members and that way then can't modify any data.  If you get hit by a bus then they'll need to take the latest PDF they received and give it to the next person that'll fill your roll.

Expand  

There'll be no 'next person' unless they learn themselves which they have no interest in doing because for most people moving money around to make it work as hard as it can is "too much work" and "boring". Weird that i have no patience yet i have time to help them all with this. I'm not really that knowledgable in many areas so i like to help where i can.

  9 minutes ago, c.grz said:

 

I have a client who manages the "family money" of a prominent local family and it wasn't this hard to do this when he asked for something similar. You're over complicating things...

Expand  

So i get told...very very frequently. So frequently in fact that i just shut off to it now and say yeah right ok to those who can't suggest a suitable alternative.

 

Some (on this topic) think putting it down on paper is a 'suitable alternative'. Good for them. It's not.

  On 21/12/2018 at 14:59, Technique said:

So i get told...very very frequently. So frequently in fact that i just shut off to it now and say yeah right ok to those who can't suggest a suitable alternative.

Expand  

I'll put it this way; the issue you have requires a $10 solution, so why go looking for a $1000 solution?

  On 21/12/2018 at 14:56, Technique said:

I'll talk you through the steps and you can tell me where i went wrong.

Bear in mind that i am a typical caveman who can't(doesn't) read instructions. I know i should. My impatience is something that irritates the wife endlessley so i KNOW i'm impatient.

 

But before this, can i ask - is there an encryption software that you can use that DOESN'T need to be installed on the machine that is trying to open the file, or will it always need to be installed on there? (Which may make this tricky if they forget what software they need to then go download, or that software no longer exists).

 

 * Went here: https://www.gnupg.org/download/index.html

* Saw the stuff saying "source code" and "To use them you need to build the binary version from the provided source code" and thought that sounds well beyond my capabilities. Let's scroll further to see if something looks appealing...

* Got to [GnuPG binary releases] & downloaded [Gpg4win] next to where it said Windows.

* Installed the thing and got to the screenshot i uploaded earlier.

* Looked at it and thought WTF now?

* As i want to encrypt something i looked for something saying encrypt so clicked "sign/encrypt" in the top left, found the file and clicked open.

 

Got that one and ticked the bit that i drew a tick on as i realised when i took that screenshot it was unticked.

 

* Created a password

* It 'encrypted it'

* Went to click open the new file but wasn't asked for a password.

 

 

Save or discard. I just want to open the damn thing.

 

And i saw no pages like Budman showed where you can set how long it stays encrypted for or whatever.

Expand  

It does not encrypt the .gnupg file, it encrypts the file within it. Try opening the .pdf file IN it. It will ask you for a password.

 

Unless you enable it, will never expire...

  On 21/12/2018 at 15:04, c.grz said:

I'll put it this way; the issue you have requires a $10 solution, so why go looking for a $1000 solution?

Expand  

Why play crosswords when you can get straight to the point? The Riddler was never my favourite Batman character.

 

So basically then, are you saying that all this encryption is unnecessary and for the information that will be stored a simple Excel password will be perfectly fine?

 

That's one of the issues i'm having as i'm looking in to it more & more. Some people are responding like i should treat it as though i'd need to 'secure' my shopping list - so i could stick it in the local newspaper it doesn't really matter and the other end of the scale people seem to be saying i should treat it like the most confidential government file in history with security levels that don't even exist yet.

 

I'm not actually sure how secure it should be & that's the point.

 

The chances of someone wanting to get in to MY google drive out of all the google drives out there for information that wont even get them direct in to my accounts (no usernames/passwords will be stored) is slim. Obviously there's always a chance but it's slim, so to my mind a simple password from within Excel and from within Word SHOULD be fine, in theory.

 

But when people who i always consider more knowledgable than I anyway start talking about the need for encryption, it makes me wonder.

  On 21/12/2018 at 15:36, Technique said:

Why play crosswords when you can get straight to the point? The Riddler was never my favourite Batman character.

 

So basically then, are you saying that all this encryption is unnecessary and for the information that will be stored a simple Excel password will be perfectly fine?

 

That's one of the issues i'm having as i'm looking in to it more & more. Some people are responding like i should treat it as though i'd need to 'secure' my shopping list - so i could stick it in the local newspaper it doesn't really matter and the other end of the scale people seem to be saying i should treat it like the most confidential government file in history with security levels that don't even exist yet.

 

I'm not actually sure how secure it should be & that's the point.

 

The chances of someone wanting to get in to MY google drive out of all the google drives out there for information that wont even get them direct in to my accounts (no usernames/passwords will be stored) is slim. Obviously there's always a chance but it's slim, so to my mind a simple password from within Excel and from within Word SHOULD be fine, in theory.

 

But when people who i always consider more knowledgable than I anyway start talking about the need for encryption, it makes me wonder.

Expand  

So would you equate this spreadsheet with a shopping list? If so, even applying a password is overkill.

 

You said you had a document that you want to edit while everyone else can just read. That solution was presented already on the first page.

 

What sort of data is on this spreadsheet? Usernames and passwords? Bank Accounts?

  On 21/12/2018 at 15:47, c.grz said:

So would you equate this spreadsheet with a shopping list? If so, even applying a password is overkill.

Expand  

No, obviously i would not. The point i was making which i'm sure you got was that OTHERS are ranging from one extreme to the other and as this is my ball game i'm the one who needs to work out which road to go down. Obviously no protection whatsoever is a bad idea so it needs a MINIMUM of a password, but perhaps that's also the MAXIMUM it needs, i don't know.

  13 minutes ago, c.grz said:

 

You said you had a document that you want to edit while everyone else can just read. That solution was presented already on the first page.

Expand  

Yes i do. I'm the one entering all this info. The family members are just there to read it. The last thing any of us wants (my mother would be the most likely culprit) is accidentally hitting a few cells, rewriting the info in there & saving it & not realising what they've done.

  13 minutes ago, c.grz said:

 

What sort of data is on this spreadsheet? Usernames and passwords? Bank Accounts?

Expand  

No, no usernames or passwords. They don't need that. Sure it'd be helpful but i don't want to get too technical with it. I want to keep it as simple as possible. I don't know how the American banking system works but i imagine somewhere similar to the UK one, so...

 

sort codes & account numbers.

Direct debits set up on each account - who the direct debit is paying, what it's for, an explanation of that payment if required, how much it is (if fixed amount) and how frequent it is.

Standing Orders on the account - who to (persons name), account it goes to, the amount it's for, why it's in place, how frequent it is.

Lists of current accounts (bank accounts), savings accounts including ISAs, brief pension account details including the banks/building societies/companies these are all with.

And a word document that will details for each person what they are to do in order to simplify everything - what needs to be cancelled etc so that it can run easily for them.

 

In the event i died they could go to each bank and say look, my son/brother/husband sorted out my money for me, these are the details i know about what i apparently hold with you and this is what he's instructed i do.

 

And each family member would have legal rights to do it all - because it'd all be in their own names, so they could prove ID without issue.

 

The average man would not be able to use any of that information to access the accounts and obtain the money inside because there are no usernames & passwords. Indeed, even beyond this i don't know how they'd access the money because while i'm monitoring it i'll notice anything that isn't right, like i did earlier in the year, and got in touch with the banks fraud department and had the money returned.

 

 

 

Sorry it's a bit long winded but if that helps you to help me then it's needed.

All I can say is don't use Excel for securing anything super important.  I've had many password protected spreadsheets that I've had to crack at work, and all it took was a 2 minute Google search for an Excel add-on that would crack the password.  It was actually kind of sad how easy it was.

  On 21/12/2018 at 16:09, Technique said:

sort codes & account numbers...

 

Expand  

This is exactly what the client I'm supporting has. The data was coming from an Access database but what he gave the clients was a PDF. Changes were made quarterly and updated PDF's set out in a secure site for the clients to login and take.

  On 21/12/2018 at 16:19, Astra.Xtreme said:

All I can say is don't use Excel for securing anything super important.  I've had many password protected spreadsheets that I've had to crack at work, and all it took was a 2 minute Google search for an Excel add-on that would crack the password.  It was actually kind of sad how easy it was.

Expand  

Was that for Excel files from 2010 onwards? Because i read the Excel software from 2007 & previous was 'apparently' easy to hack.

I also saw a YouTube video today which apparently showed you how to hack sheets but all the replies were coming in saying if the actual file is passworded then the hack doesn't work.

 

  On 21/12/2018 at 16:34, c.grz said:

This is exactly what the client I'm supporting has. The data was coming from an Access database but what he gave the clients was a PDF. Changes were made quarterly and updated PDF's set out in a secure site for the clients to login and take.

Expand  

It's about 17 years since i used Access on a Windows 3.1 or 3.11 machine or whatever it was. That long i can't even remember the version. I do remember needing some sort of programming knowledge but then that's what the teacher was for.

 

At the end of the day whatever is in place needs to be simple - both for me AND especially them.

 

My changes will be made whenever changes are made. It's taken me a week to put this together & i've not even finished yet because i find this part of it boring so i keep getting distracted. If i don't edit the whole thing as something changes then it'll get to the point where i have to do so much editing that i'll not want to bother, plus i'll forget so it needs to be done the moment anything changes.

 

I wonder about the .pdfs you mention and the secure site but at the same time i also do wonder about whether it makes things easier or not.

 

Now if a simple (ok not simply as in "password") password on the file is good enough then it can get thrown in to Google Drive which they can access no problem. That's only "IF" a password on the file is enough. Depends how easy they can be cracked.

  On 21/12/2018 at 16:44, Technique said:

Was that for Excel files from 2010 onwards? Because i read the Excel software from 2007 & previous was 'apparently' easy to hack.

I also saw a YouTube video today which apparently showed you how to hack sheets but all the replies were coming in saying if the actual file is passworded then the hack doesn't work.

Expand  

It was on Excel 2016. The add-on would decrypt and even display the password.

I've since moved to Office 365 and haven't retried the add-on, so I'm not sure if it still works.

Well there is excelsafe.  Probably the only way to really secure the file.  

http://www.ofnisystems.com/products/excelsafe/

 

Excel shouldn't really be used though.  If you are trying to secure excel you should be considering sql and building an app to support your needs/ui.

No offence but you're talking a totally foreign language to me now and this could fast start getting way away from me. Nothing against what you're saying but my understanding can't keep up with you.

 

I'll have to look at the encryption side of things.

  On 21/12/2018 at 19:56, Technique said:

No offence but you're talking a totally foreign language to me now and this could fast start getting way away from me. Nothing against what you're saying but my understanding can't keep up with you.

 

I'll have to look at the encryption side of things.

Expand  

Who me?  I thought what I said was very simple. 

  On 21/12/2018 at 20:56, sc302 said:

Who me?  I thought what I said was very simple. 

Expand  

"sql"s and "building apps". I'm no app creator, i wouldn't even know where to begin. What i'm saying is i think it's beyond my capabilities. Maybe it isn't but at the moment with the understanding i have, it is.

 

I'm in the process of going ahead with the Excel file as it's what i know. Not to say it can't change at a later date if i can extract the info without manually entering it all again but i need something in place this week as i'm off work. Once i'm back at work i guarantee 100% i wont feel like doing it so it needs to be done now.

What i'm looking for is something simple. Nothing too technical. If i don't need encryption then i don't need it, if i do then i do. If Google Drive is ok then it's ok, if it's not then i need an alternative.

 

It's ok certain members here getting all huffy because i "don't listen" to THEM. Thing is i do, but i also have people on the internet disagreeing with each other. Google Drive is no good, Google Drive is fine. Encryption is overkill, Encryption is required. The password from within Excel is fine enough, the password from within Excel can get cracked in 5 seconds flat. That only applies to older Excel versions, no it doesn't it applies to newer ones also.

 

And if i don't do what 'one' of them says then i'm "not listening" and i was "told on page x".

 

I'm the one that needs to determine A) which suggestion i think i can understand because i'm not a huge techy guy and B) which i think is suitable, because everyone is here saying they know better than the man on their right.

redacted everything.....

 

 

 

Edit: Yea, this is way above your needs.  And you are way overcomplicating things.  Just make a file and put it on google drive or onedrive or box or dropbox.  Zip it up and password protect it with a password you all know.  damn man...use lastpass and document there.  give everyone in your family the password for lastpass and document there.  

 

  • Thanks 1
  On 21/12/2018 at 21:29, Technique said:

It's ok certain members here getting all huffy because i "don't listen" to THEM. Thing is i do, but i also have people on the internet disagreeing with each other. Google Drive is no good, Google Drive is fine. Encryption is overkill, Encryption is required. The password from within Excel is fine enough, the password from within Excel can get cracked in 5 seconds flat. That only applies to older Excel versions, no it doesn't it applies to newer ones also.

Expand  

When did we ever disagree with each other? That was you asking 100 questions and not understanding us.

I went on YouTube to see about this gpnub thing or whatever it is. See how to use it. No wonder it baffled the F out of me.

They were showing you having to do coding. I've never done coding just like i never do foreign languages! Only language i do is English.

 

So then i had a look on YouTube at that VeraCrypt and how you use it. Made it look quite easy to understand.

Creating a file which operates like a hard drive (or so it seems to my eyes) that is encrypted.

I saw how to make a USB flash drive encrypted. My only wondering then though is that could you put the VeraCrypt installer on the USB stick (i'm guessing not) because the chances of anyone remembering what program they need to install to open the files on there would be a bit slim.

UNLESS you could partition the USB stick, which i've never actually done.

But yeah, VeraCrypt looked much easier to understand.

 

So your google fu is just as bad as the rest of your tech skills it seems.

 

Did you think of just RTFM?

https://www.gpg4win.org/doc/en/gpg4win-compendium_24.html

Signing and encrypting files

 

So now your going to partition USB sticks.. Vs just right clicking a file and picking encrypt or decrypt?  Because you did a google and saw someone use a cmd line?

 

How exactly are you going to update these remote USB sticks with an encrypted partition on them?  Vs storing a file in the cloud that these people have access to.. Or just emailing them a new copy.. Or having them sync the new copy to their machines via dropbox, or any of the other sync packages..

 

To be honest the lastpass emergency access is going to be the EASY no Brianer way for you to do this... And is FREE you do not have to use premium..  No "coding" involved... 

 

Other then you read some idiot on the net telling you not to store stuff online...

 

Was it this guy?

2pkx8y.jpg

  On 22/12/2018 at 12:22, BudMan said:

So your google fu is just as bad as the rest of your tech skills it seems.

 

Did you think of just RTFM?

Expand  

If i knew what RTFM was then i'd answer you. That's the problem when tech guys use abbreviations on non-tech guys.

Makes them feel good inside because they know something someone else doesn't - or at least this statement applies for certain types.

  Quote

So now your going to partition USB sticks.. Vs just right clicking a file and picking encrypt or decrypt?  Because you did a google and saw someone use a cmd line?

Expand  

Once again you jump the gun. As much as i may not get what you say or at least not immediately, you sure do like to jump the gun.

LOOKING AT partitioning USB sticks was one possibility. I had a look that Windows only 'sees' or lets you use the first partition so that's that option out of the window. That's the thing - i look at possibilities and decide from there whether +/-.

And yeah i "did a google" or rather i used YouTube, because i have on one side someone saying "this is easy, just do it". Niiiiiiiiiiice. So i went looking to find someone to show me how to do it (YouTube) and saw command lines and that's when i said you know what - typical of this guy. He's aware of my limitations (remember from before - car shiny, car go fast?) so he's suggested something more technical than a suitable other option because he knows what's going to happen when i try it.

  Quote

 

How exactly are you going to update these remote USB sticks with an encrypted partition on them?  Vs storing a file in the cloud that these people have access to.. Or just emailing them a new copy.. Or having them sync the new copy to their machines via dropbox, or any of the other sync packages..

Expand  

Like i said, USB has been put aside now, it's not really an option.

 

 

 

Is there a reason you appear to be against VeraCrypt for example? I know you haven't word-for-word said you're not but you're saying encrypt the file and as far as i can see that's what VeraCrypt does, it's just a different program. I can get from A-B in a Ford just like i can get from A-B in a Nissan. I'm still getting from A-B.

If i have to do this first

Then i got as far as name and email address. It then asks me whether i want to back it up or not and regardless of whether i say yes or no, it returns an invalid argument error and the program crashes.

 

  On 22/12/2018 at 13:00, Technique said:

If i knew what RTFM was then i'd answer you. That's the problem when tech guys use abbreviations on non-tech guys.

Makes them feel good inside because they know something someone else doesn't - or at least this statement applies for certain types.

Expand  

https://en.wikipedia.org/wiki/RTFM

 

 

Dude how is you have found neowin back in 2003.. And have never seen RTFM? 

 

Is ROFL, or LOL unknown to you as well?

 

Here is a clue when you see an acronym how about you freaking google, or hey alexa what does RTFM mean ;)

 

Back in my day before the internet teacher would hand you the dictionary when there was a word you didn't understand.. It's the same thing - is this freaking 2nd grade?

 

Literally it would take you less time to look up that acryonm then post your response.  I mean really.. Its like you like to come to a tech site and play like this is your first day with a freaking computer..  The more I read your stuff the more I think your just freaking trolling..  Do you not know what trolling means?  Here let me google that for you ;)

http://bfy.tw/i5j

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Because Win7 was beautiful, much faster and more functional than XP. Win10 (glossing over 8 as many do) was slightly faster in some cases, more functional in some cases, but some people such as myself hated how it looked and decided it wasn't worth the upgrade. Some people liked (or were ok with) the look, and thus it is a good upgrade. Win11 is like 10, but is less functional between key features being removed and constant bugs/crashes either due to updates, or just things that were never patched. It literally has nothing going for it, and I use it every day at work so I'm quite familiar with it.
    • I switched my mom from Chrome to Firefox and she had a serious meltdown. She even managed to figure out how to reinstall Chrome, which really surprised me. What finally got her to switch was Chrome no longer being supported on Win7 and me putting a Chrome skin on FF, and setting it up identically.
    • Feels very much like most other gnome based Linux distros. There is minimal amounts that are influenced by Windows 11, maybe just enough to make people who are switching comfortable enough with the idea. As far as I can tell its mainly just turning the 'taskbar' panel as a 100% sized static panel, rather than the default dynamic sized. Turning it from the Mac OS Dock into the Windows taskbar. The Arc Menu - that I assume you're taking not with from the screenshots, is indeed the Windows 11 style one, but it has lots of other options too, from the more traditional gnome, Windows 7 etc. Still free to install what ever Window Manager you want once you're comfortable enough with Linux though.
    • Wow, and here I'm still happily using 1080p...
    • Added an extra filter to Fail2Ban.  I thought about just adding this to my existing aibots filter, but for the time being I'm keeping it separate because it's "possible" real humans may trigger this one so as long as it doesn't start filling my inbox I'd like to get notified about these so I can adjust it as necessary in the future. I'm still holding close to 10k unique IP addresses at any given time that have been banned via the "aibots" filter that looks for certain user agent strings of known AI scrapers.  However, I've been getting an increasing amount of traffic trying to scrape the site with sanitized user agent strings that just look like normal web browsers, however... Because I enabled authentication I can now see that they're racking up lots of 401 (unauthorized) responses in the Apache "access.log" file, but they're not triggering anything in the Apache "error.log" file, which is where failed attempts to log in would appear.  Basically, if an actual human tried to log in with an invalid username and password they don't immediately go into "access.log" as a 401, they go into "error.log" with a status message such as "user FOO not found".  The only way to trigger a 401 simply by visiting the site, as far as I'm aware, is to hit "Cancel" on the login prompt, or otherwise try to access files directly without properly authenticating. So, given the fact I'm getting a few thousand 401 errors a day from sanitized user agent strings that don't show up in "error.log", which means no attempt at logging in properly, I added another jail/filter set to Fail2Ban to immediately ban anybody who triggers a 401.  This feels a bit nuclear so I may need to adjust it in the future, but as far as I'm aware so far no real humans are being inconvenienced so all I'm doing is wasting the time of some AI scraper bots. Example log entry 61.170.149.70 - - [25/Jun/2025:20:01:04 -0400] "GET /content/mdwiki_en_all_maxi_2024-06/A/Neuroregeneration HTTP/1.1" 401 3287 "https://kiwix.marcusadams.me/content/mdwiki_en_all_maxi_2024-06/A/Neuroregeneration" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43" Contents of /etc/fail2ban/filter.d/apache-401repeat.conf #Fail2Ban filter for bots and scrapers that try to access #files directly without entering credentials for apache2-auth #and therefore trigger lots of 401 errors without triggering #the apache-auth jail. # #Marcus Dean Adams [Definition] failregex = ^<HOST> .+\" 401 \d+ .*$ Contents of /etc/fail2ban/jail.d/apache-401repeat.local [apache-401repeat] enabled = true ignoreip = 10.1.1.1 port = 80,443 filter = apache-401repeat maxretry = 1 bantime = 672h findtime = 10m logpath = /var/log/apache2/access.log Oh, and all this traffic is AFTER I explicitly banned Alibaba's IP ranges that were absolutely blowing me up day and night. Observation; two of the IP addresses that have triggered this jail in the 30 or so minutes since I turned it on were owned by Microsoft.  Wonder if they're doing their own AI scraping/probing, or if that's just an Azure VM owned by somebody else.
  • Recent Achievements

    • Rising Star
      Phillip0web went up a rank
      Rising Star
    • One Month Later
      Epaminombas earned a badge
      One Month Later
    • One Year In
      Bert Fershner earned a badge
      One Year In
    • Reacting Well
      ChrisOdinUK earned a badge
      Reacting Well
    • One Year In
      Steviant earned a badge
      One Year In
  • Popular Contributors

    1. 1
      +primortal
      552
    2. 2
      ATLien_0
      208
    3. 3
      +FloatingFatMan
      175
    4. 4
      Michael Scrip
      151
    5. 5
      Som
      138
  • Tell a friend

    Love Neowin? Tell a friend!