# Just how safe are MS Word files that are password protected?



## Alex Ethridge (Apr 10, 2000)

I have one file in particular that has every log-in info for every on-line account I have from banks to help forums to complete details on every credit card I have. That file is password protected in MS Word.

Just how safe is it? Just how difficult is it to crack?

Is there a better way?


----------



## md2lgyk (Jul 3, 2003)

Encrypt it?


----------



## jimr381 (Jul 20, 2007)

Very very unsafe. I will not go into details, since we cannot on the forum. But I could get into it in a mere matter of minutes. I would look into something like Roboform which encrypts that password data as well.


----------



## Zack Barresse (Jul 25, 2004)

Bottom line: There is no Office file which should EVER be considered as safe. Office file encryption is a joke and they were never meant to be 'secure'.


----------



## slurpee55 (Oct 20, 2004)

But, there are a number of excellent free and/or cheap encryption softwares out there, which are also generally very easy to use. The best allow you to select which algorithm to use, but do some investigation and choose one and encrypt your files I have used 3 different ones in the last 2 years ( 1 I didn't like very much due to the interface, so I switched to the 2nd, and the other change came when I bought a new PC and, upon doing some research, found that the 3rd one was my current favorite free one).


----------



## Rollin_Again (Sep 4, 2003)

If you want to add an extra layer of security just zip the file and password protect the zip file. I ususally convert my important documents into password protected PDF and then save them to a password protected ZIP file.

Regards,
Rollin


----------



## John0000 (Sep 28, 2007)

Let's take a closer look at it.

What version of Word is it created with? Word 95,97 and 2000 do not provide proper security.

If the document is created with Word 2002 or 2003, it can be secure if the default encryption settings have been changed AND if a strong password is used (min length 8 positions, complexity rules, etc). Documents created with these non-default settings cannot be opened with Word 2000 or older. This can be encrypted with 128 bits RC4 at most, which the crack tools don't break within a day. In this case it comes down to brute-forcing the password. The time to crack depends on the password strength, speed of cracker software and PC.

Could take months or years if the password is strong enough.

You might want to read more at
office.microsoft.com/en-us/ork2003/HA011403111033.aspx
or
http://www.oraxcel.com/projects/encoffice/help/protect_word.html

The latest version of Winzip supports 256 bits AES, so that definitely is a stronger encryption algorithm but here you have to use a strong password as well.

Bottom line: I keep using MS-Word password protection and none of the guaranteed password crackers has been able to crack it up till now 

Best regards,

John


----------



## Alex Ethridge (Apr 10, 2000)

Thanks for that answer. I had already decided it probably wasn't secured against the tech savvy; but, it is good to know some more details.

The document I am concerned about is one in which I store about every key to every financial connection I have as well as every user name and password for every on-line forum and on-line parts dealer I do business with.

I'm gonna' have to find another more secure storage method.


----------



## slurpee55 (Oct 20, 2004)

There are some good encryption programs out there - I often use a free one called AxCrypt. It is easy to use, although there are not many options.


----------



## kris2000 (Jun 14, 2007)

http://www.elcomsoft.com/

I wouldnt bother with MS encryption....

Passwords are NOT secure (unless you make the unmanageably long).


----------

