Why you shouldn’t password protect your Office Documents

Protecting your sensitive data with a password seems like a good thing to do, right? So why would we say it is not a clever idea? Because protecting the location is better than protecting the document.

Let us just be clear from the start – it is ALWAYS a good idea to password protect sensitive data! Indeed, everything in your company is sensitive, and probably everything personal to you too. Unless you’re willing to put it up online for the whole world to see, you should have some sort of password in front of it.

But the way you protect something is important, because in certain cases having a password is not such a good idea. Here, we’ll look at a specific scenario of protecting an Office file.

Scenario

You have a spreadsheet with some sensitive financial data on it, company accounts for the last year, and you’ve spent hundreds of hours on it. You need to share it with your accountant who works externally. Being security conscious, you put a password on it before you send it, just in case someone got hold of it (you of course send the password via a different channel).

If you’ve done this before, you will see the following message. While it does say something is important, it doesn’t quite go far enough in my opinion, and encourages something we’ve always said you should never do!

The key line here is “Caution: If you lose or forget the password, it cannot be recovered”. This is important – the password only exists in the document; it cannot be reset by an administrator or anyone else. If you do password protect a document to send it to someone, do make sure you have protected a copy of it that you are sending, not the original.

The next part of the warning leaves me feeling a bit uncomfortable – you should not keep a list of passwords anywhere outside of a password manager, and that’s not really a list. If you’re only sending the spreadsheet as a one off there’s no need to keep a record of it anywhere, just send it via a text message or another secure method (which means, don’t just email it separately to the same address).

Problem

Keeping a list of passwords is not ideal. Always use a password manager (see links at the end). But there’s more. If you’re using modern Office 365 Services like OneDrive, SharePoint, or Teams, Office applications work well together, allowing concurrent collaboration, auto saving, and much else. If you password protect your Office documents stored in these locations, they don’t work properly!

Putting a password on a document, spreadsheet, presentation, or other Office file, encrypts it. This means that OneDrive (the sync application) cannot autosave your changes. You must remember – and who doesn’t sometimes forget – to manually save as you go.

But, more than this, that same autosave is part of what allows multiple contributors to work on a document together, at the same time. The result is that only one person can work on it at a time. Conflicts are resolved easily, and where there is a problem you get a clear path to review. Now, at first, this doesn’t seem to matter because we’re used to working on things by ourselves, but the more you start utilising the fact that you can review the same document with colleagues at the same time, you’ll realise how powerful this is.

Password protecting a document also prevents you opening it on the web for quick review or editing. You have to use the desktop version of the app.

There’s another problem. If you work on a document, and make changes, even if you save them there is a chance that someone else may open it before those changes have synced (remember, no live syncing if you’re opening from Explorer on your PC or Laptop). This means that potentially someone else could open an older synced version of the document, choose their version over yours, and you lose everything.

Solution

All of this can be avoided by protecting the location of the file, rather than the file itself. Yes, there are situations where you might need to send a password protected version to someone. In that case, fine, just make a protected COPY of the file and send that. Always send the password through a separate medium, like SMS.

But, by protecting the location of the file you avoid all the pitfalls of breaking modern application collaborative working and auto saving functionality. Access rights set centrally, are consistent, and easily audited. Passwords, sufficiently protected by 2FA and strong password policies, can be easily changed and accounts locked out in the event of a breach. A password set on a document is subject to zero complexity requirements, zero central management, and zero auditing.

If you share a file using OneDrive or SharePoint (permissions permitting) then you can set an expiration date, read only access, block download, or additionally protect access using a PIN or other secure authentication. Access is easily removed. There’s no need to apply file specific permissions at all, and you keep control of the file.

Summary

Protecting your data is critical. But think about access to the one single version of the document you have and want to keep, rather than thinking about protecting multiple copies, all of which, once you’ve sent them, are out of your control.

Firefox Lockwise (Personal Recommendation). If you’re a Firefox user, this is great. It also has a mobile app.

PC Mag: The Best Password Managers of 2020

If you would like to know more please get in touch.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

How to make a secure password

It can be hard to think of a password that you can remember when you need it, let alone multiple passwords and variations. What can make this is easier is using a methodology or naming convention for your passwords.

Read More »

Why you need a secure password

A strong password is essential for preventing others from gaining unauthorised access to your account or device. The stronger the password the more difficult it will be for a hacker to crack.

Read More »

Teams or Zoom?

Both applications do the job of video conferencing well, and they’re not the only ones (e.g. Google Meet, Starleaf, Webex). But what’s the real difference, and when should you use one over the other?

Read More »

Want to hear what customers have to say?

Watch out customer story videos and find out today...

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

Scroll to Top

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five High-Value Business Initiatives That’ll Provide Massive Impact and Help You Get Noticed at Work"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Ideas That'll Help you Tame Unruly Systems and Team Members"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Powerful Ideas That’ll Take Your Personal and Business Development to the Next Level"

Are you an Office Manager who’s looking for next-level ideas? You need to read this Ebook — you’ll get it for free when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? helpful articles, invites to events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Your Ultimate Guide To Office Delegation"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.