ScoobyNet.com - Subaru Enthusiast Forum - How secure is password protecting Excel docs ?

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)

- Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)

- - How secure is password protecting Excel docs ? (https://www.scoobynet.com/computer-and-technology-related-34/618503-how-secure-is-password-protecting-excel-docs.html)

How secure is password protecting Excel docs ?

I have an Excel file on my laptop thats got a lot of important info on it & its protected by a password.
If the laptop gets stolen how safe is that file? Is the password easy to bypass if you know what you are doing ?

Cheers.

Quote:

Originally Posted by RoShamBo (Post 7078238)

Is it excel 2003/XP, if so then its very secure, afaik it can only be broken by brute force dictionary attacks, try making it as long as possible and with a combination of numbers/letters.

If its an older excel then you can get free password crackers online which will do it instantly.

Excel is part of MS Office 2003 running on XP - so I guess ok.

Thanks bob.

Earlier versions used to be opened with OpenOffice ;)

Interlore do various office password hackers for around $30, as i said they can only work on brute force for 2003 files and they claim to be able to check 5.5million combinations per minute so try make your password as long as possible.

Also make sure you use at least one letter, one number and one other character (better with at least two and in different case), as that means any brute force attack has to use all three character sets making the possible combinations much much bigger.

i.e.

S©o0byN3t

Any password can be broken. All it takes is time and CPU power.

It took someone 3 weeks to break the payroll password on excel.

That was using 3 multi-core boxes using a distributed brute force attack.

Password was strong (like S©o0byN3t) but only 7 chars long. If it were 8 chars long it would not be worth it.

Great thanks - looks like I will make it 8+ characters long, combination of letters, numbers, symbols etc, just to be safe.

Quote:

Originally Posted by RoShamBo (Post 7079823)

Great thanks - looks like I will make it 8+ characters long, combination of letters, numbers, symbols etc, just to be safe.

And then change the extension, just for good measure :D

Or just use:

TrueCrypt

and store it in plain text on the encrypted virtual drive.

The primary defense against a brute force attack must be enforcement of a strong password policy. As mentioned earlier, dictionary words make poor passwords. Password size is also important: the longer the password, the more difficult it will be to force. While there is no strict definition of a strong password that will be harder to determine via a dictionary attack, some good guidelines would be:

Minimum length of at least seven characters
Must include both upper and lower case characters
Must include numeric characters
Must include punctuation

These guidelines may seem overly strict, but there is little chance that a password created with these restrictions will be found with a brute force attack. There are almost 70 trillion combinations of characters that can be seven digits long and can include upper case characters, lower case characters, numbers, and punctuation. Even a dictionary attack tool that could make one hundred requests per second would still take over 11,000 years before it would be statistically likely to guess the password.