Microsoft Word is the world’s most common word processing package, and offers some security options to keep your data safe. What type of password security does Word use and how can you recover your lost Word password? Read on to find out more about Word password security.

Word password types

There are two main types of passwords used in Word; the file open password and the file reservation password.  Word files can also have VBA passwords, but they are less common than in Excel.  

File reservation passwords are not secure.

The security of the file open password depends on the version of Office you use, and the password you selected.

File open passwords prior to version 97 are not secure, and can be readily and instantly recovered.

Office 97 introduced 40 bit RC4 encryption.  The password is used as an encryption key.  At the time that this was introduced, it was thought to be quite secure.  The same scheme is used in Word 2000, and by default in Word 2003.

A password protected 97 – 2003 file (2003 using default encryption) can only be opened by either trying every possible password (which could take a very long time), or by searching for the correct encryption key and using this to decrypt the file without the password.

Searching for the encryption key for Word 97, 2000 and 2003 (with default encryption for 2003) is feasible because it only uses a 40 bit key.  It is faster to search all the possible key combinations than try all the possible passwords!  In practice, a recovery service can do this key search in under 10 seconds, using specialised computers.  The encryption algorithm has some weaknesses that allow some shortcuts.  Once the key is found, the document can be opened without needing the password.

In Office 2003, Microsoft introduced some more secure save options.  The default was still the 40 bit RC4, but there were also some optional very secure options called cryptographic service providers.  The only feasible way of recovering this is to try different passwords – it is not feasible to do a key recovery.

Word 2007 uses the industry standard AES algorithm, which is again very secure.  It is not feasible to find the encryption key for this due to the key length.  It is also time consuming to find the password, because this algorithm is a lot slower than the old RC4, and doesn’t contain any known weaknesses or shortcuts.

What to do

If you have a file reservation password, then you are best off with simple password recovery software. This will recover your password instantly.

If you have a Word 97, 2000 or 2003 file with a lost file open password with default encryption, we recommend that you select software or a service that provides key recovery. Please see our Word/Excel password recovery page for our current recommendations.

If you would rather have a service do this, it will take less than 10 seconds, and your document is kept confidential (they only need a small part of it).  We recommend Decryptum as they have an excellent automated recovery service which costs $29.

If you have a Word 2003 file (with secure encryption), or an Word 2007 file, then you will need to have software that tries all possible combinations of passwords, and is compatible with these versions of Word (older software will not work). This can take a long time because of the huge number of combinations. Consider software that checks the most likely combinations first (for example, it is likely that the password will be a combination of words, or numbers rather than completely random characters).

Tags: file open password, word password, word security

This entry was posted on Wednesday, December 10th, 2008 at 7:42 pm and is filed under Word Passwords. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.