Password rules for Office 2010

What are the Password Rules for Office 2010?

Word, Excel, and PowerPoint have been able to password protect documents for several versions by setting the "password to open". What we felt could be improved was the ability to enforce password strength rules, similar to what may be required when logging into your computer.

 

In Office 2010, the encryption password can be set as below. The process is consistent across the core Office suite (Word 2010, Excel 2010, PowerPoint 2010 etc.). The example uses Excel 2010.

• 1. Click File > Info > Protect Workbook > Encrypt with Password.

  

• 2. The Encrypt Document dialog window appears. Type in a strong password and then select OK.

  

• 3. Re-enter your desired password in the Confirm password window and click OK.

  

• 4. Then a window will pop up to show the new required permissions.

Password encryption is just one way to protect sensitive information. Depending on your business needs and risks, using other ways might be better choices, such as IRM or BitLocker. What's more important, you should take the complexity into consideration.

The importance of password complexity

A short or commonly used password makes the document less secure, since it is easier for an attacker to guess it.

If an attacker needed to try all possible passwords of 5 lowercase letters from a-z, there are only 265, or about 11 million total passwords to guess during a brute force search. Searching dictionary words might even more quickly find the password.

Attackers can also harness the parallel processing power of graphics cards to help with their attack.

So the length and character set of the passwords can make a big difference. Enforcing a minimum password length and character set complexity requirements can make passwords more difficult for attackers to guess.

How to enable password complexity?

Complexity settings are not enforced, and registry settings are used to control this feature.

There are 2 registry settings to control this, PolicyLevel and MinLength.

• HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Security\PasswordComplexity
• HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Common\Security\PasswordComplex

When the policy level is 2 or 3, then the password must contain characters from at least three of four character sets, lowercase a-z, uppercase A-Z, digits 0-9, or non-alphabetic character. When this complexity is enforced, the minimum password length needs to be at least 6, but can be more depending on the MinLength.

What if you forgot password?

You have had idea to make the Office Open XML password encryption to be strong and difficult for attackers to crack, which makes password recovery slow. There is no back door, no key escrow, and the 128-bit AES key makes guessing the password the best option.

What's worse, Microsoft support engineers can't help you retrieve passwords of files and features in Microsoft products that are lost or forgotten.

Don't panic. Solution is often after problem. Office Password Recovery can easily remove and recover password for Office documents, including MS Office 2013, 2010, 2007, and so forth

So the Office Password Recovery, along with the password complexity settings are designed to help balance the need to secure information with the risk of information with the risk of information loss.

The password rules feature is just one security enhancement in Office 2010. You really can refer to more information of this issue.

Download SmartKey Office Password Recovery:

comments powered by Disqus