Excel Passwords and Password Cracking

Last week a client asked us to help access a password protected Excel document. A former employee had worked on the document and put a password on it. The former employee was not being cooperative. Our team was able to find a version of the file that was not password protected in the backups. But this got us thinking…

Firstly, this is an issue that should be top of mind, with all the remote working going on currently. You should have a clear policy that is communicated to all employees to not put passwords on files. If for some reason you feel you need that extra protection. Make sure you have a way of getting that password and keeping track of them, ideally in a password manager. If you do have a situation with a former employee that password protected company files. Best solution would be to contact them and have them provide the password. If they are not being cooperative, contact your attorney. This can be considered a form of business disruption and can have legal ramification such as destruction of company property or tortious interference.

We also looked at this from a technology perspective which gets into a conversation about password cracking. Many tools (paid and free) and services are available to help crack all kinds of passwords and encryption. This company Terahash offers a $30,000 server specially designed to crack passwords fast. What it comes down to is time. The simple rule is the longer the password the more time it will take to crack.

Here are the quick tips on passwords

  • How long should my password be?
    10 characters long, minimum, but make it as long as possible. Length is the most important factor to strength.
  • Does my password need special characters to be strong?
    Nope.
  • Does my password need numbers to be strong?
    Nope.
  • How often should I change my password?
    Only change it if you think it’s been compromised. Never force users to rotate passwords, this actually lowers security.
  • Can I use the same password on multiple sites?
    Absolutely not. Every service should have its own unique password so that you don’t have to change all of them when (not if) they get breached.
  • How can I remember my password?
    Don’t try to remember your passwords, use a password manager. If you don’t want to, write it down.
  • What about two-factor authentication?
    Always turn on 2FA if it’s an option. Use the strongest 2FA method you can. A text message is weaker than an authenticator app is weaker than hardware-based authentication. Never give a service your phone number if you can help it.
  • What about password recovery questions?
    Don’t give honest answers to these. For maximum security, generate a secondary random password for each question and store it in your password manager.

Want to learn more about passwords?

For a deep dive on strong passwords please read our post: The Ultimate Guide to Passwords

Posts

See More Articles

Automating Account Testing with PowerShell: Verifying Local Credentials

Ensuring the functionality of local and domain accounts is crucial for maintaining security and operational integrity. Manual testing of credentials can be a time-consuming and error-prone process. However, automating this task using PowerShell can streamline the process, saving valuable time and reducing the likelihood of human errors. In this article, we’ll guide you through how to automate the verification of local credentials using PowerShell, complete with code examples and explanations to help you implement this solution in your own environment.

Learn more

A single source for all your IT needs, no gaps or compromises.

We take pride in being the only provider offering a truly all-encompassing solution for your IT needs. With us, you won’t need multiple vendors—we offer everything in one place, ensuring efficiency, security, and peace of mind.

IT Provisioning

Automates setup and configuration of devices, ensuring efficient deployment and consistent IT standards globally.

Cybersecurity

Provides robust protection for networks and data through firewalls, encryption, and threat detection.

SaaS Access Management

Centralized control over software-as-a-service platforms, ensuring secure, role-based access to cloud applications.

Mobile Device Management (MDM)

Enables secure management of thousands of mobile devices, ensuring compliance, updates, and device monitoring.

Mac OS Device Management

Specialized management of Apple devices, offering updates, security enforcement, and software deployment capabilities.

Global Procurement

Streamlines the global acquisition of IT equipment, including mobile, desktop, and peripheral devices, across over 150 countries.

Backup and Disaster Recovery

Implements on-site backup systems with failover mechanisms to ensure business continuity and rapid data restoration.

On-Premise Infrastructure Management

Comprehensive management of servers, networks, and storage systems to ensure optimized performance and reliability.

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We schedule a call at your convenience 

2

We conduct a discovery call

3

We prepare a proposal 

Book Your Free Demo