Don’t be fooled – protecting isn’t bullet-proof

SharynAvatarBlog120x120When I’m asked to teach a class on how to restrict editing within a document, the first 5 minutes of my instruction is usually spent explaining that protecting isn’t bullet-proof.

Why do I do this?  Because I have met so many people who assume that restricting the editing of a document by adding a password is in fact securing it so that only the holder or holders of the password can access the file.  Not true!  Via the Internet you can easily access a multitude of work-arounds that coach you through how to easily access the content of a restricted file.

Password required to open a file

Thankfully the new XML data formats of .docx, .xlsx and .pptx now offer greater security to files that require a ‘password to be opened’.  However, in saying this I can’t help but notice the growing number of software products available on the Internet that promise they can recover your password quickly and easily (at a cost of course).  I haven’t trialed any of these products so I can’t say if they work or not.  But it does make me mindful of the fact that my password protected files may not be as bullet-proof as I would like them to be.

Password required to modify a file

The most common type of document security I see used is ‘password to modify’ type security.  This is where someone can open the file but cannot make modifications to areas that have been restricted without supplying a password first.  This type of security can be easily side-stepped.

As an example for this blog I Googled “unprotect password protected Excel sheet”, had a read through the recommendations and found a workaround that I thought looked nice and easy.  It involved uploading my password restricted Excel file to Google Drive and then opening the file using Google Sheets.  Did it work?  It worked perfectly.  Not only could I access restricted ranges in my worksheet, I could also access hidden sheets that I had restricted access to through protecting the structure of my workbook.

I repeated the steps using a Word document that contained areas that required a password to modify.  When I opened the document using Google Docs the restriction was no longer there.

Of course, there are very viable reasons for wanting to access a password protected document.  For example, if you have genuinely forgotten the password or if someone has protected a document and then left your ogranisation.  In each of these cases the steps above would be extremely helpful.

Why bother applying protection if it can be side-stepped?

Microsoft’s® support page describes Protecting as a feature you can use to help prevent other people from opening or modifying your documents, workbooks, and presentations.

Perhaps the key word in this statement is ‘prevent’.  Applying password protection is a bit like fencing a property.  The fence is there to restrict access.  Fabulous when trying to prevent unauthorised access to those who may not know enough to work safely in the restricted area.

However, as we add restrictions we need to remain aware that the fence could easily be cleared by anyone who really wanted to get in.

What if we need more than just a fence?  What if we need a caged vault?

There are many different encryption software applications available for purchase that may offer you the level of security you require.  I’m unable to recommend one to you.  I would however recommend that before you purchase you really do your homework to make sure the software delivers the level of security you require.

Perhaps the best way to help prevent modification of data, and to help protect confidential information, is to limit access to your files by storing documents in locations available only to authorised users. For example, a secure SharePoint document library, a document management system or a restricted folder on your company server.

Please ‘Like’ and ‘Share’ if you found this helpful.

If you enjoyed this post you may enjoy:

For a full list of our Excel and Word courses please visit