Secure Your Credentials
Table of Contents
- What Happens When Credentials Are Stored Insecurely
- Why Secure Credential Storage Matters
- My Preferred Approach
- Sharing Credentials With External Teams
- One-Time Secret Sharing
- Final Thoughts
Credentials are not limited to technical projects or software systems. Everyone uses credentials in daily life — from project logins and mobile devices to banking applications and server access.
One of the most common mistakes people make is storing passwords in plain text. In many cases, passwords are also weak and predictable, often based on personal information such as dates of birth, names, or simple combinations like 12345.
Before discussing secure ways to store credentials, it is important to understand what can happen when credentials are not handled securely.
What Happens When Credentials Are Stored Insecurely
CISA GitGuardian Leak
In May 2026, a major data exposure impacted the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
An external contractor reportedly created a public GitHub repository named Private-CISA, which remained exposed for several months. The repository contained sensitive internal data, including:
- AWS GovCloud administrative keys
- Entra ID SAML certificates
- Plaintext passwords stored in CSV files
- Internal DevSecOps deployment details
The exposure demonstrated how dangerous insecure credential storage can become, especially when sensitive information is stored in repositories without proper protection.
A single mistake exposed highly privileged infrastructure credentials to the public internet.
password.txt Files
Another common issue is the practice of storing all passwords inside files such as:
password.txtnotes.txt- spreadsheets
- desktop notes
This has become a very common target for malware. Many modern malware variants specifically search for files containing keywords such as:
- password
- login
- bank
- wallet
Once discovered, attackers can gain access to highly sensitive accounts, including banking platforms, cloud services, and internal company systems.
Lack of Password Rotation
Another major security issue is failing to rotate passwords regularly.
Many users and organizations continue using the same credentials for years. If those credentials are ever exposed through phishing, malware, leaks, or insider access, attackers may continue using them undetected for long periods.
Regular credential rotation significantly reduces long-term exposure risk.
Why Secure Credential Storage Matters
Credentials should always be stored in a way that:
- prevents unauthorized access
- avoids plain text exposure
- supports secure sharing
- reduces the impact of accidental leaks
A password manager or encrypted credential vault is one of the safest and most practical approaches.
My Preferred Approach
Storing Project Credentials Internally
For internal credential storage and sharing, I prefer using:
- KeePass — https://keepass.info
- KeePassXC — https://keepassxc.org
One important advantage of these tools is that they do not require storing your passwords on a third-party cloud platform.
Instead, they generate an encrypted database file that you can store in your own preferred storage location, such as:
- Google Drive
- OneDrive
- internal company storage
- private cloud storage
The credential database is encrypted and not stored in plain text, making it significantly harder to misuse even if someone gains access to the file itself.
The only password you need to remember is the master password used to unlock the credential database.
Sharing Credentials With External Teams
When credentials must be shared with external teams or vendors, I prefer sharing them through an encrypted KeePass database instead of sending passwords directly through email or chat platforms.
A safer approach is:
- Share the encrypted KeePass file through one channel.
- Share the master password through a completely separate communication channel.
For example:
- send the file through cloud storage
- share the password through a phone call or separate messaging platform
This separation makes unauthorized access significantly more difficult.
One-Time Secret Sharing
For temporary sharing, another useful option is one-time secret-sharing platforms such as:
- Yopass — https://yopass.se
These services allow credentials or secrets to:
- expire automatically
- be viewed only once
- reduce long-term exposure in chat history or emails
Final Thoughts
Credential security is not only a concern for large enterprises or cybersecurity teams. It affects every individual and every organization.
Simple habits such as:
- avoiding plain text storage
- using encrypted password managers
- rotating passwords regularly
- sharing secrets securely
can significantly reduce the risk of credential leaks and unauthorized access.
In many cases, security incidents happen not because of advanced attacks, but because sensitive credentials were stored or shared insecurely.