NORTH AMERICA:  
800 707 4492
UK & EUROPE:  
+44 (0) 1292 430290
sales@locklizard.com
Locklizard
  • Products
    • Our DRM software
      • Product Overview
        • Restrict PDF use
        • Watermark PDF
        • Expire PDF
        • Revoke PDF
        • Disable Print
        • Track PDF
      • Safeguard PDF Security
      • Safeguard Enterprise
    • Secure PDF Viewers
      • Viewer Overview
      • Viewer Demo
      • Web Viewer
      • USB Viewer
    • Add-ons
      • All Add-ons
      • Web Publisher
      • Safeguard Portable USB
      • Ecommerce API
      • Command Line
      • Own Branding
      • Custom Email
    • Purchase
    • Book a Demo
  • Solutions
    • Industry sectors
      • All Industries
      • Auctions
      • Engineering
      • Government
      • Healthcare
      • Libraries
      • Mergers & Acquisitions
      • Publishing Ebooks
      • Publishing Media
      • Publishing Standards
      • Membership Associations
      • Reports & Analysis
      • Tax Advisors
      • Training & Education
    • Vertical sectors
      • All Sectors
      • Board Documents
      • Internal Company Use
      • Large Publishers
      • Small Publishers
    • Business processes
      • Processes Overview
      • Secure Document Sharing
      • Sell Documents Securely
      • Document Retention
      • Prevent Document Leakage
      • Internal Document Control
      • Regulatory Compliance
      • Secure PDF Forms
      • Secure Data Rooms
      • Data Room Security
      • Application Integration
    • Business benefits
    • Regulatory compliance
      • Compliance Overview
      • NIST & DFAR Compliance
  • Downloads
    • Free 15 day trial
    • Viewers
      • Windows Viewer
      • Mac Viewer
      • iOS Viewer
      • Android Viewer
    • Writers
    • Manuals
  • Support
    • Support
    • FAQs
    • Guides
    • Videos
    • White papers
  • About Us
    • Contact us
    • Our customers
      • Customer Overiew
      • Case Studies
      • Testimonials
    • Our technology
    • Blog
    • Why Locklizard?
      • Competitors
      • PDF DRM protection
      • Password protect PDF
      • Product Awards
  • Search
  • Menu Menu

Why you should not password protect a Word document

in Blog, Document Security, DRM, PDF Security

Why Word password protection is not secure & how to restrict editing.

This blog will guide you through the process of protecting a Word document, but we’ll also answer an important question: is Microsoft Word password protection suitable in a business environment?

  How does Microsoft Word password protection work?

Despite heavy competition from the likes of Google Docs, Microsoft Word has remained the text editor of choice for many businesses.  It’s used for anything from note-taking to documentation, contracts, reports, and legal documents.  Given the sensitive nature of some of these documents, it’s natural that businesses want to secure them.  Microsoft Word uses simple yet effective encryption for its document protection.  While the document remains encrypted, it cannot be read – presenting itself as a jumble of numbers and letters to anybody who does not hold the decryption key.  Entering the password allows a user to decrypt the document and therefore view and edit it.

Microsoft Word has another, lesser-used password protection that controls whether or not users can edit.  This does not use encryption and is instead enforced by the software, which disables the ability to type, delete characters, and modify formatting.  We’ll talk about both methods today.

  The problem with password-based encryption


The issue shared by all password-based encryption mechanisms is that they take a strong encryption algorithm (such as AES) and make it far less secure.  Instead of requiring a long, complex, and randomly generated encryption key, all an attacker needs is a human-created, often short and simple, encryption password.

This fact applies to Word documents just as well as it does to other Office docs, PDFs, password-based folder encryption, etc.  And make no mistake – after decades of passwords being used for everything from social media to bank accounts, tools have become very effective at cracking them.

The bigger issue, however, is not that passwords are crackable, but that they are shareable.  Any legitimate user that you give the document to, along with the password, can share both of those things with an unauthorized party.  This could be intentional, in the case of an internal leak, or unintentionally, through social engineering, the storage of the password in an insecure location, etc.

The same applies to the contents of the document itself.  If there are no additional editing or copy protection controls, a user with the password can just copy the content to another file or into an email or text chat and share the document that way.

Ultimately, then, password encryption only protects documents from being intercepted and when they are sitting on the recipient’s PC, unopened.  But even then, due to the human nature present in password choice, it is of limited effectiveness.

So, what about Word’s in-built editing protection?  Is that effective at preventing sharing?

  Restrict editing in Word: is it effective?


As you would expect, Word’s restrict editing feature has the same issue as any other password protection: sharing and cracking.  However, in this case it’s worse than that because the document has already been decrypted.  A user can easily:

  • print the document to a PDF
  • copy and paste content into another document
  • save it as another document type and then convert to Word
  • screenshot it and run it through an OCR tool.

The restrict editing tool, then, is mostly there to prevent somebody from editing a document accidentally, rather than offering any real protection.

We will now show you how to lock a Word document to prevent opening and editing and how easily you can remove those restrictions.

   How to password protect a Word document to prevent opening

Though as we discussed password-protecting a Word document will not stop leaks or unauthorized sharing, it can be useful to protect documents before they are opened.  Doing so is thankfully quite easy:

  1. With the document open, press “File” in your ribbon, then “Info”.
  2. Click on the “Protect Document” button and choose “Encrypt with Password” from the list.
  3. Enter a strong, unique password and press “OK”.
  4. Enter the password a second time to confirm it. Press “OK”.

    Word has now encrypted your document.  Next time you open it, you will be prompted to enter the password before you can view its contents.

   How to password protect a Word document to restrict editing

Microsoft Word’s editing protection isn’t good for much, but it will stop you or a recipient from accidentally changing the contents of a document.  You can also enable it very quickly via the “Review” tab.

  1. Open the “Review” tab of your ribbon and click “Restrict Editing”.
  2. In the “Editing Restrictions” section, choose the type of editing you’d like to allow via the dropdown.  If you don’t want users to edit the Word document then select the option ‘No changes (Read only)’.
  3. Press “Yes, Start Enforcing Protection” and enter a password. Press “OK”.

    You’ll see that when you try to edit text the “Restrict Editing” sidebar will appear.  Users will have to press “Stop Protection” and enter the password before they can edit the document.

   How to hack a password-protected Word document

If you forgot the password to your password-encrypted Word document, it is possible to recover the file.  In fact, if you only applied a password to restrict editing, this is trivial.  For documents that were encrypted using a password, the process will be much lengthier, requiring a brute force attack.  Let’s start with the easy option.

  How to unlock an edit-restricted Word document without a password

The easiest way to unlock a Word document with Restrict editing applied is to not unlock it all.  Though Word disables editing, it doesn’t disable other functionality that enables you to bypass editing restrictions.

3 simple ways to remove restrict editing in Word
  1. Copy and Paste: Select the text and images in your word documents, press Ctrl + C, then press Ctrl + V in a new document.
  2. Print to PDF: Press ‘File > Print’. Select the printer ‘Microsoft Print to PDF’ and then press the Print button.

    Open the PDF in Word, then save it as a Word document again.
  3. Save as PDF: Press ‘File > Save As’. From the save dialog, choose PDF from the ‘Save as type’ dropdown.

    Open the PDF in Word and save as a Word document.

It’s as easy as that.  Any of these methods will remove the protection in less than a minute.

Unlock your edit-restricted Word document with a password-cracking app

If for whatever reason you want to keep the original document intact, you can unlock the edit restricted document using a password recovery app instead.  There are various paid options out there – just google “Word password recovery”, but we’ll be using Passware because its free trial allows you to see if the unlock was successful before you purchase.

Unlocking a Word document using such software is easy.  After installing the trial, just:

  1. Browse to the file and press “Open”
  2. Wait a few seconds for the software to remove the protection.

You can buy the software to gain access to the file.  It should be able to remove the restrict editing password 100% of the time, as there is no encryption involved in Microsoft Word’s controls.

  How to unlock an open password encrypted Word document

Unlocking a password-protected Word document that uses encryption is going to take time if you do not already know the password.  How much time will depend entirely on how long and complex the password was used to protect the document.  Either way, you’ll have to use paid software to do so, such as Elcomsoft Advanced Office Password Recovery, though it does not have to be too expensive.

We’ll be using Passware because its free trial tells you part of the password for free, allowing you to be sure the document can be unlocked before paying.  Here’s how to use it:

  1. Browse to your document and press “Open”.
  2. Choose the “Run Wizard” option.
  3. Enter any details you already know about the password and click “Recover”.
  4. Wait for the software to find the password.
  5. Purchase the software if it is successful and open the unprotected file.

Depending on the password length, how much information you’re able to provide, and your PC’s specs, this process could take anywhere between seconds and years.  In our testing, the software was able to crack a simple four-character password in about four seconds.

Of course, the easiest way to crack longer passwords will usually be to either ask somebody who knows it or perform a social engineering/phishing attack.

   A better way to protect documents


The protection Microsoft Word can provide is not suitable for document sharing in a business environment.  It is definitely not suitable for the protection of confidential and sensitive information.  Its editing protection is basically useless, and its password encryption is only suitable when the document is in transit or at rest.

For serious protection of sensitive and confidential documents, organizations should use a document DRM solution instead.  Document DRM is designed to protect your file in all situations while retaining modular controls.  Here’s how Locklizard PDF DRM works:

  1. You encrypt a PDF on your local PC and add any DRM controls you desire.  These can include anti-screenshotting and copying techniques, printing controls, watermarks, device/location locking, and more.
  2. The protected PDF is saved to your disk as a .PDC file and a record of the document is recorded on the Admin System.
  3. You create a user account for each person who you want to be able to view the document.
  4. Users receive an email with a license file and a link to download the Safeguard secure viewer.
  5. After installing the viewer, the user clicks the license file to activate it on their PC.  Once activated, the license file cannot be registered elsewhere (unless otherwise specified).
  6. You choose which documents users can access via the Admin System.
  7. You send the encrypted PDF file to users just like any other file (via email, file sharing, messaging, etc.)
  8. The user opens the PDF with their secure viewer application.

The licensing server transfers the decryption keys from the server securely, transparently, and only to authorized users that hold a valid license file.  Once received, the keys are saved in an encrypted keystore that cannot be shared with other devices.

As a result, users without a valid license cannot decrypt and view the file.  Those who do have permission to view the file cannot edit or otherwise share it, as its contents are only ever decrypted in memory and the secure viewer application prevents editing, copying, screenshotting, and printing (if desired).

Of course, while PDF DRM like Locklizard offers far better protection it’s also an additional cost.  So you need to decide: how important is document security to your business?  Do you often share sensitive documents with untrusted parties, or will simple password protection do?  Ultimately, only you can decide – but do not underestimate the impact of a leaked document on your business or how far people are willing to go to break your security.

   FAQs

What type of encryption does Microsoft Office use for Word and Excel files?

All Office files (Office 2016 and above) that you password-protect are encrypted with AES 256-bit.  Office 2010 and above uses AES 128-bit.  Older versions of Microsoft Office use a proprietary encryption algorithm.

How secure is an encrypted Word document?

How secure Word encryption is depends on what you are trying to achieve:

  1. To restrict access.  If you use a strong password to protect a Word doc then it is as secure as any other type of password encryption.  If the password is unknown, attackers will have to use password removal software to try and crack it.
  2. To prevent sharing.  If you protect a Word doc with a password to prevent unauthorized sharing then it is not very secure since an authorized user can share the password with others or simply remove it.
  3. To prevent editing.  If you want to restrict editing in Word then you are wasting your time since the security can be easily bypassed.
What is Word read-only mode?

This option enables users to view a Microsoft word document but not edit it.  However, it does not prevent users copying content into another Word doc, saving it to another format or printing it to a file driver – all of which defeats the purpose of a read-only mode.

You select read-only mode in the Restrict Editing section.

Does adding a Digital Signature make a Word doc more secure?

A digital signature is an invisible signature used for authentication purposes.  It differs from an electronic signature (a visible image of your written signature) but can be used in conjunction with it.  A digital signature is an encrypted stamp of authentication and is created by using a signing certificate, which if issued by a reputable Certificate Authority, proves identity.

Adding a digital signature to a Word doc confirms that the information originated from the signer and has not been altered.  Recipients need your certificate and public key to verify the signature.  So if users remove editing restrictions from an Office document and alter it after it has been digitally signed then you will be alerted to this.

Does Word only have a password option to protect docs?

No, you can restrict access and prevent editing, copying and printing by using Microsoft Rights Management Services (RMS).  This uses cryptographic keys instead of passwords to protect content.  Additional controls such as expiry, and tracking is also available in Azure RMS (the cloud version).  However, Microsoft RMS can be bypassed by any user with view access.

How do I create a simple Word file that is password protected?

Follow the instructions in this guide:

  • How to password protect a Word document to prevent opening
  • How to password protect a Word document to restrict editing

Bear in mind that the security is pretty useless so should not be used for the protection of sensitive and confidential business documents.

Does Locklizard protect Word docs & other Office file types?

Locklizard does not protect Office files in their native format.  If you want to encrypt a Word document with DRM, then just like if you want to protect PowerPoint presentations, you have to convert Word to PDF and then protect it.

If you want to lock a Word document from editing, copying, copy paste, sharing and printing then save it as a PDF file before protecting it with Locklizard Safeguard.  Wtih Locklizard you can also lock a Word document to a device and location, add expiry, and remotely revoke access.

How can you make a Word document expire?

There is no option in Word to make a document expire.  You have to use MicroSoft RMS (used by Azure 365 and AD) or another form of DRM.  The same applies is you want prevent a Word document from being printed, copied, edited, or shared.

Locklizard enables you to expire Word docs that have been converted to PDF format.  You can make a document expire on a fixed date, after a number of views, days or prints.

What advantages does Locklizard provide over Word password protection?

Locklizard does not use passwords to protect Word documents, so there are no passwords for users to share or for tools to remove.  We use secure and transparent key management with a licensing system, AES 256-bit encryption, and DRM controls.

Locklizard gives you full control over your documents:

  • Stop sharing
  • Prevent copy paste
  • Prevent editing
  • Prevent printing or allow degraded and watermarked prints
  • Stop screenshots
  • Add permanent and dynamic watermarks to identify users
  • Expire files automatically on a date, after a number of days, opens, or prints
  • Lock use to devices and locations
  • Track use
  • Revoke access remotely at any time

Locklizard provides the same level of security for offline and online files, and there are no complex policies or keys to manage.

 

Tags: document encryption, encrypt with DRM, microsoft word, microsoft word security, password encryption, password protect word, password protect word document, password removal, password security, passwords, pdf drm, pdf drm security, prevent copying, prevent editing, prevent printing, prevent sharing, protect word document, restrict edit word, restrict editing in word, word encryption, word read only mode
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
https://www.locklizard.com/wp-content/uploads/2022/10/password-protected-word-doc2B.png 288 479 Ryan Maskell /wp-content/uploads/2015/02/logo.png Ryan Maskell2022-10-11 13:02:362023-02-14 14:31:04Why you should not password protect a Word document

Free Trial

“Fantastic product… outstanding support.”

“We would recommend Locklizard to others”

“The clear leader for PDF DRM protection”

“Our ebook sales have gone through the roof”

“Simple & secure – protects IPR from theft”

Trusted by:

Protect IPR

See why thousands of companies use Locklizard to safeguard their documents and increase revenue streams.

  • Our Customers
  • Customer Testimonials
  • Customer Case Studies
  • Locklizard vs Competitors

Latest Posts

  • Amazon DRM & Kindle publishing is penalizing authorsMarch 10, 2023 - 6:51 pm
  • Adobe Experience Manager & Cloud Document SecurityFebruary 28, 2023 - 7:38 pm
  • How to prevent users removing security from PDF filesFebruary 20, 2023 - 7:40 pm
  • How to protect a Word document without a passwordFebruary 10, 2023 - 6:25 pm
  • Using Dynamic Watermarks to Protect DocumentsJanuary 31, 2023 - 7:13 pm
PDF DRM Features
  • Protect PDF files
  • Stop PDF sharing
  • Stop PDF copying
  • Restrict PDF editing
  • Add PDF watermarks
  • Disable PDF printing
  • Stop screenshots
  • Expire PDF files
  • Revoke PDF files
  • Lock PDF to devices
  • Lock PDF to IP
  • Track PDF opens

How To Guides

Prevent PDF security removal
Protect Word without password
Add a dynamic watermark
Password protect Google Doc
Add a watermark in Word
Make a PDF non editable
How to create a stamped PDF
How to prevent ebook piracy
Password protect a Word doc
How to protect a PDF securely
How to revoke document access
Change PDF security settings
How to disable printing of PDFs
Sell online courses securely
How to add security to a PDF
Encrypt a PDF without Acrobat
Share documents securely
How to prevent PDF sharing
Protect confidential documents
How to publish ebooks securely
How to restrict PDF editing
How to password protect a PDF
How to protect ebooks
How to sell Reports securely
How to make a PDF read only
How to send a PDF securely
How to watermark a PDF
How to lock a PDF from editing
How to encrypt a PDF
How to make a PDF expire
How to password protect a PDF
How to protect online courses
How to email a PDF securely

Try Safeguard today

Start protecting your PDF files and documents from sharing & piracy

PRODUCTS

Product Overview
Safeguard
Safeguard Enterprise

Add-ons

  • eCommerce API
  • Command Line
  • USB Protect
  • Web Publisher
  • Own Branding
  • Custom Email

Secure PDF Viewers

  • Web Viewer
  • USB Viewer

SECURITY FEATURES

Stop copying, editing, saving
Disable PDF Prints
Block Screenshots
Disable Copy Paste
Dynamic Watermarks
Expiry & Self Destruct
Revoke Documents
Device Locking
Location Locking
Track PDF Use

PRICING

Purchase & Pricing
Instant Quote

RESOURCES

FAQs
Locklizard Blog
Knowledgebase
Security Guides
White Papers
Viewer Demo
Videos

DOWNLOADS

Secure Viewers

  • Windows
  • Mac OS X
  • iOS
  • Android

Writers
Product Manuals
FREE Trial

DOCUMENT SECURITY

Share Documents Securely
Protect Online Courses
Stop Ebook Piracy
Document Encryption
Secure PDF Distribution
Protect Confidential Documents
Ebook DRM

Protect PDF Files

  • PDF Copy Protection
  • Lock PDF files
  • Encrypt PDF
  • Secure PDF
  • PDF DRM

INDUSTRY SECTORS

Training & Elearning
Publishing Ebooks
Publishing Standards
Online Libraries
Membership Associations
Engineering
Government
Healthcare
Mergers & Acquisitions
Secure Reports From Theft

  ABOUT US

About Us
Our DRM Technology

Customers

  • Case Studies
  • Testimonials

Locklizard vs Competitors

  • Secure Data Rooms

Company Brochure

  CONTACT

sales@locklizard.com
support@locklizard.com

Business Hours:
Mon – Fri: 8AM to 5PM EST
Tel (US): +1 800 707 4492
Tel (UK): +44 (0)1292 430290

© Copyright 2004-2022 Locklizard Limited. All rights reserved.Privacy Policy|GDPR Policy|Cookie Policy|SITE MAP

Scroll to top