Last week a client asked us to help access a password protected Excel document. A former employee had worked on the document and put a password on it. The former employee was not being cooperative. Our team was able to find a version of the file that was not password protected in the backups. But this got us thinking...
Firstly, this is an issue that should be top of mind, with all the remote working going on currently. You should have a clear policy that is communicated to all employees to not put passwords on files. If for some reason you feel you need that extra protection. Make sure you have a way of getting that password and keeping track of them, ideally in a password manager. If you do have a situation with a former employee that password protected company files. Best solution would be to contact them and have them provide the password. If they are not being cooperative, contact your attorney. This can be considered a form of business disruption and can have legal ramification such as destruction of company property or tortious interference.
We also looked at this from a technology perspective which gets into a conversation about password cracking. Many tools (paid and free) and services are available to help crack all kinds of passwords and encryption. This company Terahash offers a $30,000 server specially designed to crack passwords fast. What it comes down to is time. The simple rule is the longer the password the more time it will take to crack.
For a deep dive on strong passwords please read our post: The Ultimate Guide to Passwords