Important Aspects of Password and Encryption Protection

Microsoft® Office Excel 2003, Microsoft Office Word 2003, and Microsoft Office PowerPoint® 2003 offer several features to help restrict access to files through the use of passwords or encryption. These file-level security measures are separate from any operating system–level security options.

The use of file encryption is another method of protecting a document from unauthorized changes versus saving the file in a permissions-enabled hard disk or folder. When saved, the file is scrambled with an encryption code, making the contents of the document unreadable to anyone who does not have the password and ciphers required to decrypt the document. To use encryption, users working with a file must set and remember a password.

Embedded password references

Setting encryption of documents for most Microsoft Office 2003 applications can be partially automated through the use of macros or custom programs using the application object. However, the practice of hard-coding a password into any kind of program is not recommended because programs are routinely examined by attackers for clear text use of passwords. Embedding a password into a macro or program can lead to weakened security.

For example, to set the automatic encryption of a document in Word, use the SaveAs method in Visual Basic® for Applications. This method has four password related arguments — LockComments, Password, WritePassword, or ReadOnlyRecommended. These arguments allow a programmer to prompt the user for a password in order to save a document and ask for a password from the user to apply to the file. If however, the password is saved as part of the macro, it is an exposed password ready to be obtained by an attacker. The password, if used programmatically, should never be stored in a macro; it should be requested by means of a dialog.

For good security, applying strong password methods and implementing encryption helps to provide additional protection against any attempted security attacks. Documentation regarding the implementation of strong password methods is available by searching the Windows NT Server Security Web site using the phrase strong password.

Microsoft Office Access 2003 does not provide the same method of password and file encryption methods available with Excel, Word, and PowerPoint. For encryption, password, and security-related schemes for Access 2003, see "Overview of Access Security" from the Contents pane of Access 2003 Help.


 Note    To use encrypted documents in collaboration, you must clear the Encrypt document properties check box in the Encryption Type dialog (Tools | Options | Security tab | Advanced). Clearing this check box is required because the routing information within the document must be accessible by the routing handling programs.


Protecting Excel workbooks

Microsoft Excel supports three levels of workbook file protection when a file is saved. These three options can all be used together or separately:

  • Password to open

Requires the user to enter a password to open a workbook. The supplied password is the cipher used by the encryption algorithm.

  • Password to modify

Requires the user to enter a password to open the workbook with read/write permission. The user can click Read Only at the prompt, and Excel opens the workbook in a read-only state.

  • Read-only recommended

Prompts the user to open the workbook in a read-only state. If the user clicks No at the prompt, Excel opens the workbook with read/write permission, unless the workbook has a different method of password protection enabled.

Encryption is provided by various cryptographic methods available from the Advanced button on the Security dialog (File | Save As | Tools | General Options menu option). Default encryption can also be set for users by implementing a policy. See the section "Advanced encryption options" later in this topic.

In addition to applying protection to an entire workbook, you can also help to protect segments within a workbook from unauthorized changes.


 Note    The Protect Workbook option is not as secure as using a password to encrypt the entire workbook because Excel does not use encryption when you apply protection to only specific segments.

For example, hidden cells on a protected worksheet can be viewed if a user copies across a range on the protected worksheet that includes the hidden cells, opens a new workbook, pastes, and then uses the Unhide command to display the cells.


You can provide a modicum of protection to a workbook with the following protection options (Tools menu | Protection option):

  • Protect Sheet

Allows the creator of the workbook the ability to apply protection to a worksheet and the contents of locked cells. It also allows the creator of the file the option of restricting the following formatting capabilities:

  • Select locked cells
  • Select unlocked cells
  • Format cells
  • Format columns
  • Format rows
  • Insert columns
  • Insert rows
  • Insert hyperlinks
  • Delete columns
  • Delete rows
  • Sort
  • Use AutoFilter
  • Use PivotTable reports
  • Edit objects
  • Edit scenarios
  • Allow Users to Edit Ranges

Provides the creator of a workbook the ability to let other users make changes to specific ranges in a worksheet. This method uses network security permissions (NT Authentication) so the creator can select the UserID of an individual and provide specific access rights to data within a range of a worksheet.

  • Protect Workbook

Allows the creator of a workbook the option to help protect the structure or windows of the workbook with a password. Protection of these two elements of a workbook are:

  • Structure

Worksheets and chart sheets in a workbook with protection cannot be moved, deleted, hidden, unhidden, or renamed, and new sheets cannot be inserted.

  • Windows

Windows in a workbook with protection cannot be moved, resized, hidden, unhidden, or closed. Windows in a workbook with protection are sized and positioned the same way each time the workbook is opened.

  • Protect and Share Workbook

Allows the owner of the workbook the ability to help protect it with a password and disable the ability of others to make changes without maintaining a history of what has changed. Protected change histories (Track Changes enabled) cannot be cleared by the user of a shared workbook or by the user of a merged copy of a workbook.

Protection methods can be implemented on other aspects of a workbook, such as the cells or formulas of a worksheet, graphic objects, or scenarios.

  • Cells or formulas on a worksheet, or items on a chart sheet

Contents of protected cells on a worksheet cannot be edited. Protected items on a chart sheet cannot be modified. Implement by right-clicking on the cell of interest, select Format Cells, then click the Protection tab). Use of this feature on a protected cell requires the worksheet of which it is part to be protected.


 Tip   You can also hide a formula so only the result of the formula appears in the cell.


  • Graphic objects on a worksheet or chart sheet

Protected graphic objects can be locked. This prevents the object or chart from being moved or edited. Requires the worksheet of which it is part to be protected. Option to lock the object or chart is available in the Properties tab of the Format Chart Area dialog.

  • Scenarios on a worksheet

Definitions of protected scenarios can be set to locked (Tools menu, Scenarios option, Add button, Prevent changes).


If a user assigns password protection to a workbook and then forgets the password, it is impossible to perform the following activities:

  • Open the workbook.
  • Gain access to the workbook's data from another workbook through a link.
  • Remove protection from the workbook.
  • Recover data from the workbook.

You should advise users to use strong passwords that are not based on words that can be found in a dictionary or that can be easily derived by references to familiar items, people, or places they have visited. The use of strong passwords helps to reduce the possibility of someone guessing the password used to apply encryption to the file. Only if absolutely necessary should passwords be written down. If they are, they should be stored in a secure place.


Protecting Word documents

Microsoft Word supports three levels of document protection. These protection methods are accessed by clicking File, clicking Save As, clicking Tools, and then clicking Security Options. These three options can all be used together or separately:

  • Password to open

Requires the user to enter a password to open a document. This applies an encryption algorithm by using the password as a cipher to encrypt the file. Click Advanced for encryption options if you wish to use an encryption algorithm other than what is supplied as a default, or if you wish to change the encryption key length.

  • Password to modify

Requires the user to enter a password to open the document with read/write permission. If the user clicks Read Only at the prompt, Word opens the document as read-only and does not require a password to view the contents. Setting the Read-only recommended check box to checked is meaningless if you have provided a File modify password.

  • Read-only recommended

Prompts viewers of the document to open it as read-only if they do not need to make any edits to the content. Even though this option appears in the same section of the Security dialog as Password to open and Password to modify, this is not a form of protection by itself. If a user chooses to respect the Open as read-only option, this option helps to protect the original document from being overwritten by an inadvertent save (or by the automatic Save AutoRecover feature). The ability of a user to ignore this protection option is as easy as selecting No at the Open as read only prompt when a document is opened. Nothing prevents the user from ignoring the read-only recommended setting unless it is combined with a more secure protection option. If No is selected, Word opens the document with read/write permission, unless the document has other password protection methods in place.

Encryption is provided by various cryptographic methods available from the Advanced button on the Security dialog (File | Save As | Tools | Security Options menu option). Default encryption can also be set for users by implementing a policy. See the "Advanced encryption options" content later in this material.

In addition to encrypting an entire document, you can also add a modicum of protection to specific elements of a document to restrict viewers of the document from making unauthorized changes. This method is not as secure as encrypting the entire document because Word does not use encryption when you apply protection to only selected elements. These methods are more for collaboration purposes than for security needs. Protection of this type is not meant to protect intellectual property from malicious users. For example, field codes can be viewed in a text editor such as Notepad even if forms or sections of a document are set to use the following protection methods instead of using encryption.

Specific elements you can set to a protected mode in a document are:

  • Tracked changes

Changes made to the document cannot be accepted or rejected, and change tracking cannot be turned off.

  • Comments

Users can insert comments into the document but cannot change the content of the document.

  • Forms

Users can make changes only in form fields or unprotected sections of a document.

To restrict edits to tracked changes in a Word document

  1. Open the document in Word.
  2. Select the Protect Document menu option (Tools menu).
  3. Select Editing restrictions.
  4. Set the Allow only this type of editing in the document option to checked.
  5. In the drop-down combo box, select Tracked changes.
  6. Under the Start enforcement section, click the Yes, start enforcing protection button.
  7. In the resulting Start enforcing protection dialog, you can optionally add a password to the Enter new password (optional) text box.
  8. Save the document.

After setting the protection status of a document, you can unprotect it at any time. To do so, select the Unprotect menu option (Tools menu) and provide the password used to set the protection.


If a user assigns password protection to a document and then forgets the password, it is impossible to perform the following activities:

  • Open the document.
  • Gain access to the documents data from another document with a link.
  • Remove protection from the document.
  • Recover data from the document.

You should advise users to use strong passwords that are not based on words that are found in a dictionary or that can be easily derived by references to familiar items, people, or places they have visited. The use of strong passwords reduces the possibility of someone guessing the password used to encrypt the file. Only if absolutely necessary should passwords be written down. If they are, they should be stored in a very secure place.


Protecting PowerPoint presentations

Microsoft PowerPoint supports two levels of presentation file protection. The user who creates a presentation has read/write permission to a presentation and controls the protection level. The two levels of presentation protection are:

  • Password to open

Requires the user to enter a password to open a presentation. Click the Advanced button on the Security dialog (File | Save As | Tools | Security Options menu option) for encryption options if you wish to use an encryption algorithm other than what is supplied as a default.

  • Password to modify

Requires the user to enter a password to open the presentation with read/write permission. The user can optionally click Read Only at the prompt, and PowerPoint opens the presentation as read-only.

PowerPoint encrypts password-protected presentations by using encryption algorithms. Encryption is provided by various cryptographic methods available from the Advanced button on the Security dialog (File | Save As | Tools | Security Options menu option). Default encryption can also be set for users by implementing a policy. See the "Advanced encryption methods" section later in this material.

Optionally, you can encrypt document properties, too. To do so, click the Advanced button and set the Encrypt document properties check box to checked. This helps to restrict unauthorized people from opening the presentation using a text editor and viewing any clear text (ASCII text) in the presentation.


If a user assigns password protection to a presentation and then forgets the password, it is impossible to perform the following activities:

  • Open the presentation.
  • Gain access to the presentation data from another presentation through a link.
  • Remove protection from the presentation.
  • Recover data from the presentation.

You should advise users to use strong passwords that are not based on words that are found in a dictionary or that can be easily derived by references to familiar items, people, or places they have visited. The use of strong passwords reduces the possibility of someone guessing the password used to encrypt the file. Only if absolutely necessary should passwords be written down. If they are, they should be stored in a very secure place.


Protecting Project plans

Microsoft Project helps support file protection when a plan is saved. Unlike other Office 2003 applications, users set password protection options in Project through Files | Save As | Tools | General Options. The following options can be used together or separately:

  • Protection password

Requires the user to enter a password to open the Project plan.

  • Write reservation password

Requires the user to enter a password to open the Project plan with read/write permission.

  • Read-only recommended

Prompts the user to open the Project plan in a read-only state. If the user clicks No at the prompt, Project opens the file with read/write permission, unless the plan has a different method of password protection enabled.


 Note    Although Project 2003 helps support password protection on saved files, it does not support encryption. For more information about protecting Project plans, see Project 2003 Help.


Password and encryption options

Password and encryption options are in the Security tab within the Tools | Options dialog. They can also be accessed from the File | Save As | Tools | Security Options option (File | Save As | Tools | General Options for Excel).

There are also hot keys for these options. The groups and controls are:

File encryption options for this document

  • Password to open
  • Advanced

File sharing options for this document

  • Password to modify
  • Read-only recommended
  • Digital Signatures
  • Protect Document

 Note    The use of the term digital signature is not the same as when used with code signing or certificates attached to executable code. In this instance, a digital signature is the unique identifying element of an individual's mark on a document, like a legal and binding signature at the bottom of a page. When attached to a document, workbook, or presentation, it implies the user has signed the document and has validated its contents.

Search the World Wide Web for a certificate authority that issues digital signatures.


Privacy options

  • Remove personal information from file properties on save
  • Warn before printing, saving, or sending a file that contains tracked changes or comments
  • Store random number to improve merge accuracy
  • Make hidden markup visible when opening or saving

Macro security

  • Macro Security

Protect Document dialog

Within the previous release of Word the File sharing options for this document section of the Security tab (Tools | Options | Security tab) is a button to access the Protect Document dialog. This button provides the same functionality as the Tools | Protect Document menu option and the File | Save As | Tools | Security Options | Protect Document button. The user interface of this feature of Word has changed significantly. A dialog no longer appears. A task pane has replaced the dialog and appears to the right of the document window with the options you can select to set the document protection.

Encryption

Encryption is a standard method of securing the content of a file. There are several encryption methods available for use with Word, Excel, and PowerPoint files; Access can use encryption as well, but implements it using a different method. Microsoft Office Outlook® 2003 allows for encryption as well, but also implements it using different methods.

If you work for a government agency, contract for a government agency, or are at the corporate level where security is much more important, it is highly recommended you use the most secure form available, exercise great care in the distribution of encrypted files, and keep tight control of the passwords used to gain access to the content of encrypted files. Also, it is highly recommended that you use a different password for each and every file, and not use a password that can be found easily in a dictionary, that is the name of a current project in the company, or is any easily derived number (phone number, Social Security Number, Driver's License Number, License Number to a car) or anything that could be derived through a relatively simple search into an individual's background or family life.

Encryption types available to Office 2003 are whatever encryption types are available on the operating system when Office is installed. Only Weak Encryption (XOR) and Office 97/2000 Compatible encryption are installed by Office, and they are installed for compatibility reasons only. If you want to create a different type of encryption for your company, you will need to use a programming language that supports CSP (Cryptographic Service Provider). Information on how to create, install, and deploy a new encryption type is usually included with the CSP documentation.

Types of encryption

Encryption is a form of scrambling the content of a file to render the information within it unusable unless the correct password is used to unlock the cipher used to encrypt the file. The bit length of the cipher used to encrypt a document helps to determine the overall security of the document. The longer the bit length, the harder it should be for someone to decrypt the content. Encryption offsets the character values in a document by the value of the encryption mask. A bit mask is directly related to the bit length (40-bit, 128-bit, 256-bit, or a custom length as defined in the Advanced button of the Security dialog). For example:

Content of File A:

The Quick Brown Fox Jumped Over The Lazy Dog.

Content of File A after saved with a 16-bit encryption string (two characters) using a simple bitmask with the values "AZ":

2$z/(9*z.-/z59z
/,*$>a7?3z2$z
;;#a-.=oz

While some people might find this to be well scrambled, others with good encryption knowledge and a few minutes could probably decrypt this with some simple programs. As a rule, the longer the encryption bit length, the harder it is for someone to decode the content of the file.

Some of the possible encryption types you might find in the Encryption Type dialog are:

  • Weak Encryption (XOR)

Not recommended, provided for legacy files only

  • Office 97/2000 Compatible

Not recommended, provided for legacy files only

  • RC4, Microsoft Base Cryptographic Provider v1.0
  • RC4, Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
  • RC4, Microsoft DH SChannel Cryptographic Provider
  • RC4, Microsoft Enhanced Cryptographic Provider v1.0
  • RC4, Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
  • RC4, Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
  • RC4, Microsoft RSA SChannel Cryptographic Provider
  • RC4, Microsoft Strong Cryptographic Provider

For an in-depth discussion of security, see the Microsoft Security site.

Updating encryption

Other than possibly changing the default encryption type, there are no issues associated with the maintenance of encryption within Office 2003, unless you choose to create your own encryption type using Cryptographic Service Provider (CSP) support from your software compiler.

Advanced encryption options

Administrators have the option of adding three values to a registry entry to each user's computer to set a default encryption type for all Office applications that can use encryption methods. The values can be included in a transform, configuration maintenance file, or Office profile settings file (OPS file), or they can be distributed by using a REG file. (The policy version can be distributed using Active Directory®.) When created for use as part of a REG file, it is advisable to add them to the registry of a test computer and then export the value using the File | Export option of regedit.exe.

The default encryption type for a typical Office installation is not the strongest possible encryption type available for Office; therefore, for commercial use it is advisable to set a higher level encryption type and larger key length value than provided by the default installation. Administrators can change the default encryption type only through the use of these registry entries:

HKCU\Software\Microsoft\Office\11.0\Common\Security

HKCU\Software\Policies\Microsoft\Office\11.0\Common\Security

Value name: DefaultEncryption

Value type: MultiString

Value data: "<Encryption Provider>","<Encryption Algorithm>","<Encryption Key Length>"

Example:

DefaultEncryption="Microsoft Enhanced Cryptographic Provider v1.0","RC4","128"


 Important   For the previous example, enter the supplied data into the Value data field with each text string on a separate line:

Microsoft Enhanced Cryptographic Provider v1.0
RC4
128

To find the Encryption Provider information for this registry value

  1. Start any encryption-enabled application, such as Word.
  2. Select File | Save as.
  3. Select the Tools extended menu option.
  4. Select Security Options from the drop-down list.
  5. Click the Advanced button.
  6. From the Encryption Type dialog, copy the name of the encryption type name and encryption algorithm from the Choose an encryption type list.
  7. For the selected encryption type, determine the minimum and maximum key length the algorithm can use by scrolling the key length entry control.

Assemble your information into the DefaultEncryption value data field.


 Note    The larger the key length value, the more difficult it is for anyone to discover the encryption key used to encrypt the file. It is recommended that you use the largest value possible (128 in most cases).


To disable advanced encryption on all users' computers, administrators can set the following registry entry:

HKCU\Software\Microsoft\Office\11.0\Common\Security

HKCU\Software\Policies\Microsoft\Office\11.0\Common\Security

Value name: DisableCustomEncryption

Value type: DWORD

Value data: [ 0 | 1 ]

Example:

DisableCustomEncryption=1

To disable the ability of users to create encrypted files, administrators can disable access to the password user interface in all Office applications by using the following registry entry.

HKCU\Software\Microsoft\Office\11.0\Common\Security

HKCU\Software\Policies\Microsoft\Office\11.0\Common\Security

Value name: DisablePasswordUI

Value type: DWORD

Value data: [ 0 | 1 ]

Example:

DisablePasswordUI=1

 
 
Applies to:
Deployment Center 2003