Hackers use various creative tactics to get their hands on sensitive information. Companies and individuals should to be ready to fend off cyber security attacks through effective defence strategies.
Excel offers several ways to protect a workbook. One of them is to encrypt your files and set a password to open them. By default, Office uses AES 128-bit advanced encryption to help make your files quite secure.
Excel offers several ways to protect a workbook. One of them is to encrypt your files and set a password to open them. By default, Office uses AES 128-bit advanced encryption to help make your files quite secure.
How To Password Protect An Excel Workbook With File Encryption
In Excel, navigate to the Save As dialog box (File > Save As > Browse) or click the SaveAs QAT icon. In the Save As dialog box, click the Tools drop-down menu near the bottom of the dialog box.
SaveAs dialog in Excel
- Select 'General Options...' from the Tools menu
- Then type in your file-open password in the Password to Open field
- Click OK and verify your password by entering it in again
- Your file has now a password to prevent unauthorized access
- Finally, click the Save button to save your file in an encrypted format.
Password Strength Explained
While entering the password you may think: what if I cannot open the document I urgently need, if I lose my password? So, you may opt for an easy to remember password and compromise security.
If you really need to password protect an Excel 2007-2016 workbook and take full advantage of the new AES encryption algorithm, create long, complex passwords by using uppercase and lowercase characters, numbers, spaces, and symbols e.g. a string that would never be assembled into a common dictionary. Please read about password strength here.
Examples of weak passwords:
• Any part of your name or computer username or names of friends, family members or pets
• Your school or work ID number, bank pin or account number and/or credit card number
• Computer related terms (including websites, programs, commands, etc.)
• Characters in alphabetic or numeric order (ex. 123456, 0123, abc, xyz)
• Any of the above with just a digit added to it (ex. abc1)
A best practice is to create a different, strong password for each of your files. You can store all these passwords in our printable password log template.
If you really need to password protect an Excel 2007-2016 workbook and take full advantage of the new AES encryption algorithm, create long, complex passwords by using uppercase and lowercase characters, numbers, spaces, and symbols e.g. a string that would never be assembled into a common dictionary. Please read about password strength here.
Examples of weak passwords:
• Any part of your name or computer username or names of friends, family members or pets
• Your school or work ID number, bank pin or account number and/or credit card number
• Computer related terms (including websites, programs, commands, etc.)
• Characters in alphabetic or numeric order (ex. 123456, 0123, abc, xyz)
• Any of the above with just a digit added to it (ex. abc1)
A best practice is to create a different, strong password for each of your files. You can store all these passwords in our printable password log template.
How To Crack An Encryption Password To Open-Up Your File
An 128 or 256-bit AES encryption algorithm is quite time consuming to break using brute-force attacks. Your cutting edge computer may have to work around the clock for days, weeks or even months without any result, if you have no idea what the password could be e.g. cannot remember any partial text or its potential max length or if you cannot exclude special characters or capitals from the search.
A good trick to get the password by your 'personal brute force attack' is to try all of the passwords you have ever used with varying forms of capitalization, accidental keystrokes etc. Excel will not lock-out after any number of failed attempts to enter the password.
In rare circumstances that you need to recover Excel workbook passwords, please ensure that your document contents and your personal information are never sent to any third-party service and thus remain confidential e.g. avoid using online recovery services, which require your files to be uploaded to a server.
Backdoor: How To Remove Or Reset File-to-Open Passwords In Office
You can use Group Policies to push registry changes that associate a certificate with password-protected documents. This certificate information is embedded in the file header. Later, if the file-to-open password is forgotten or lost, use the DocRecrypt command line tool and the private key to unlock the password protected Open-XML formatted Word, Excel, and PowerPoint files and, optionally, assign a new password.
The DocRecrypt tool gives IT admins who have configured the Escrow key feature options to get access to password protected files. The admin uses the tool and the private key of the escrow certificate to decrypt the file.
Download: Microsoft Office 2013 DocRecrypt Tool
The DocRecrypt tool gives IT admins who have configured the Escrow key feature options to get access to password protected files. The admin uses the tool and the private key of the escrow certificate to decrypt the file.
Download: Microsoft Office 2013 DocRecrypt Tool
Encrypted File Header
The first 4 bytes in every encrypted Office Open XML file header should be D0 CF 11 E0.
Conclusions
- Excel 2007 (or later) workbooks are encrypted using strong, either 128 or 256 bit AES, algorithm. Unless you have access to resources of three-letter government agencies, a complex, long password-to-open is usually extremely difficult to crack with home or business computers.
- The legacy Office 97-2003 file formats are NOT as secure as the new OpenXML file formats. Please use MS-Office 2007 or later with the new OpenXML file formats only (.xlsx, .docx etc), if the protection strength of an AES-128 encryption algorithm is required. Security can be compromised, if legacy files are used with MS-Office 2007 or later. The encyprtion used for Office documents saved in 97-2003 legacy file formats is RC4, which is not as secure as the recommended AES encryption used in OpenXML files by default.
- Sometimes, I tend to avoid using file passwords, especially when the workbooks need to be opened automatically by VBA code. Instead, I prefer to restrict access to my files in the first place e.g. by setting proper user permissions or by using Sharepoint for file collaboration and avoid email attachments. Nevertheless, a complex password-to-open is always a very strong additional layer of security.
Further Readings
- Plan cryptography and encryption settings for Office 2013
- Backdooring MS Office documents with secret master key: [1, 2, 3, 4]
