How secure is the Word "Password to modify" option?

  • Thread starter Thread starter Top Spin
  • Start date Start date
T

Top Spin

Can anyone say anything about how secure (or insecure) the "Password
to modify" facility is? I am referring to the option available from
the "Save as..." control under Tools / General options.

Is there anything in Word that is more secure?

Thanks
 
G'Day 'Top Spin'

Let's just say that if you lose that password -
YOU'LL BE TOTALLY STUFFED!!
--
Regards,
Pat Garard
Australia

______________________________________
 
It depends what you mean by secure. You would be hard pressed to get past
the password to edit the original document, but you could save it as a new
document and lose the password protection.


--
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
Graham Mayor - Word MVP

Web site www.gmayor.com
Word MVP web site www.mvps.org/word
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
 
If you are using Word 2003 then Information Rights Management is far
more secure. IRM doesn't password protect the document but rather it
stores user data/ permissions and authentication on a secure server
which, as I understand it, modifies the authentication hash table
regularly.

You can prevent printing, distributing, modifications, set an
expiration date, and the permissions can be modified *after* the
document has been distributed. For example if I contact you and
request permission to print the document you can change the permission
on your end to allow me the privilege.

Prior to Word 2003, if you want individuals to be able to read and not
modify your documents then your best bet is to use PDF.

--
Please post all follow-up questions to the newsgroup. Requests for
assistance by email can not be acknowledged.

~~~~~~~~~~~~~~~
Beth Melton
Microsoft Office MVP

Word FAQ: http://mvps.org/word
TechTrax eZine: http://mousetrax.com/techtrax/
MVP FAQ site: http://mvps.org/
 
It depends what you mean by secure. You would be hard pressed to get past
the password to edit the original document, but you could save it as a new
document and lose the password protection.
Click to expand...

Which sound to me like essentially zero protection. I tried putting a
"modify" password on a document and sending it to a colleague. He had
no trouble opening the document, modifying it, and saving it as a new
document. I thought maybe I had done it wrong, but apparently not.

I prepare a lot of legal documents. I am increasingly getting requests
from clients to send them the "document". Pasting the text into an
email is not satisfactory because the formatting gets lost.

A few months ago, I sent a client a document and he made several
subtle changes before signing it and sending it back. He never
disclosed that he had made any changes. Since then, I have not sent
the document itself to anyone.

Last week, a client asked and when I said no, he said just protect it.
I tried it and it seemed not to work, so I posted here. Apparently, it
does not work at all. I cannot understand why MSFT even calls it
"protection". It seems to be worse than nothing because not only does
it not work, but it claims to do something.

Thanks
 
If you are using Word 2003 then Information Rights Management is far
more secure. IRM doesn't password protect the document but rather it
stores user data/ permissions and authentication on a secure server
which, as I understand it, modifies the authentication hash table
regularly.

You can prevent printing, distributing, modifications, set an
expiration date, and the permissions can be modified *after* the
document has been distributed. For example if I contact you and
request permission to print the document you can change the permission
on your end to allow me the privilege.
Click to expand...

Does this work only on our network?
Prior to Word 2003, if you want individuals to be able to read and not
modify your documents then your best bet is to use PDF.
Click to expand...

That's what I thought. But there are shareware programs out there to
crack PDF files, too.

Thanks
 
In answer to this and the other branch in the thread, it is first necessary
to recognize what the protection is for. In the case of the protection
against editing, then indeed it does protect against that. You cannot edit
the *original* document and save the results *in that document*, without the
password. Similarly, you can password protect against *opening* the
document, which will keep all but the most determined hacker out of your
document. Yes the password can be cracked - eventually - but the time and
expense are usually sufficient to deter. Word's encryption is very good
indeed, but if you have a fast enough computer and enough time, you can test
every possible password combination - one of them will be right.

This is obviously not what you want, however before offering alternative
suggestions, it is worth bearing in mind that *any* document that can be
opened and viewed can be copied. I have seen travellers cheques copied so
accurately with an Apple Mac - 10 years or so ago - that the company issuing
them had difficulty recognising them as false, so your Word document is
child's play.

PDF would have been my choice, as it is fairly robust, and you can impose
protection that will limit what a user can do with the document, but
ultimately there is nothing to stop the user from scanning the document and
using OCR to convert it back into a document again, making the changes and
returning it to PDF format.

Whatever scheme you come up with, if you allow someone to view the document,
it can be copied. So the only truly safe answer is to only allow the
document to be viewed and signed in your presence, or if that is not
practicable ensure that the returned documents are compared *very* carefully
with the originals.

In any case, you are the legal person, but I would have thought that
altering a document in this manner would amount to a criminal act - it
certainly would be here.

--
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
Graham Mayor - Word MVP

Web site www.gmayor.com
Word MVP web site www.mvps.org/word
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
 
In answer to this and the other branch in the thread, it is first necessary
to recognize what the protection is for. In the case of the protection
against editing, then indeed it does protect against that. You cannot edit
the *original* document and save the results *in that document*, without the
password. Similarly, you can password protect against *opening* the
document, which will keep all but the most determined hacker out of your
document. Yes the password can be cracked - eventually - but the time and
expense are usually sufficient to deter. Word's encryption is very good
indeed, but if you have a fast enough computer and enough time, you can test
every possible password combination - one of them will be right.

This is obviously not what you want, however before offering alternative
suggestions, it is worth bearing in mind that *any* document that can be
opened and viewed can be copied. I have seen travellers cheques copied so
accurately with an Apple Mac - 10 years or so ago - that the company issuing
them had difficulty recognising them as false, so your Word document is
child's play.
Click to expand...

I am not trying to defeat criminals -- just careless or lazy
paralegals and clients. I just want a scheme that will allow me to
distribute my original Word document in a form that allows them to
browse it and print it, but not alter it (including as a difrferent
document).
PDF would have been my choice, as it is fairly robust, and you can impose
protection that will limit what a user can do with the document, but
ultimately there is nothing to stop the user from scanning the document and
using OCR to convert it back into a document again, making the changes and
returning it to PDF format.
Click to expand...

I was hoping that Word would provide something more or less similar
even if not quite as secure.
Whatever scheme you come up with, if you allow someone to view the document,
it can be copied. So the only truly safe answer is to only allow the
document to be viewed and signed in your presence, or if that is not
practicable ensure that the returned documents are compared *very* carefully
with the originals.
Click to expand...

Again, I am not trying to defeat criminals -- just ensure that anyone
who does modify the document has do to something to do so.
In any case, you are the legal person, but I would have thought that
altering a document in this manner would amount to a criminal act - it
certainly would be here.
Click to expand...

It probably is, but this is not the point.
 
You have moved the goalposts. It was you who brought up the issue of a
client subtly altering the document not me and I responded with that in
mind.

For the sake of the lazy paralegal who simply has to view and print the
file, protect it for forms. The protection is defeatable but will keep out
casual and accidental changes, without preventing the printing of the
document.

I will repeat, there is no way on earth to prevent a document that can be
viewed from being copied.

--
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
Graham Mayor - Word MVP

Web site www.gmayor.com
Word MVP web site www.mvps.org/word
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
 
This is an interesting thread, but I wonder if Top Spin needs a technical
solution at all. In dealing with clients, I just tell them that if they
want to make changes, they should "redline" them. Why would a client not
want me to know what's in the document they paid me to draft?

Good luck, Dan Schaffer
 
Back
Top