excel compiler, excel vba protection, excel macro protection, online spreadsheet application, spreadsheet exe, Microsoft Excel security, protect excel spreadsheet, excel spreadsheet protection

excel compiler, excel vba protection, excel macro protection, online spreadsheet application, spreadsheet exe, Microsoft Excel security, protect excel spreadsheet, excel spreadsheet protection

Excel Spreadsheet Protection


Introduction

In this article, we will provide you with a brief overview of the Microsoft ® Excel security environment and examine in more detail the effectiveness of Microsoft ® Excel's built-in protection features.

We assume that readers of this article already have some experience with regards to the Microsoft ® Excel spreadsheet protection system.

Undoubtedly, the security environment can prove to be cumbersome even for experienced users. In addition, there are numerous methods which an intruder can use to bypass any security aspect of the Microsoft ® Excel application.

According to scientific literature and academic research, the general consensus is that Microsoft ® Excel's security environment is weak.

The following native protection measures can be employed in a Microsoft ® Excel spreadsheet:

  • Password to open or modify the workbook
  • Password to protect sheet contents/ workbook structure
  • Password to protect VBA code (VB Project Protection)

We will now examine each of these options in more detail.


Password to open or modify the workbook

By using a password to open a Microsoft ® Excel file, you are effectively encrypting its contents. Thus, only individuals who know this password can access any of the workbook's contents.

Even so, the default encryption standard in versions 97 – 2003 of the Microsoft Excel application is very weak and commercial password crackers can be used to crack the password and access the contents of the file. Commercial password crack tools can always recover a password in the 97 – 2003 versions irrespective of its length.

However in Excel 2002 and 2003, you have the option when saving your file with a password to change to the RC4, Microsoft Strong Cryptographic Provider through the “Advanced” options.

By using a strong password with a length of at least 15 characters which contains alphanumeric characters you effectively mitigate the risk of commercial password crack tools.

Microsoft ® Excel 2007 and later versions began to use 128 bit AES for password encryption and according to the US Government the AES encryption algorithm may be used for classified information.

Evidently, no matter how strong a password is there is nothing that prevents a dishonest user from sharing the password with other individuals and compromising the security of your Microsoft Excel spreadsheet.

A user who knows the password for your file could also very easily “Save as” your file without the password and distribute it freely to other parties.


Password to protect sheet contents/ workbook structure

Microsoft Excel offers the ability to users to protect the sheet contents and workbook structure of their spreadsheet so that users cannot change any formulae or be able to add/delete sheets for example.

The security of this feature is a common misconception. Freely available tools on the internet can bypass this level of protection in a matter of seconds. All versions of Microsoft Excel from 97 to 2010 use a very weak encryption system for sheets/ workbook protection.

A dishonest user can always unprotect your formulae and amend data in your spreadsheet using these tools.


Password to protect VBA code (VB Project Protection)

If your spreadsheet contains VBA code which you would like to protect then you can set a VBA password through the “Tools” menu in the VBA editor.

Unfortunately, Microsoft has not improved the protection algorithm of VBA projects and commercial tools are available online which can crack any length of VBA password for all Microsoft Excel versions 97 – 2010.

A remedy for this is our award winning software VBASafe which can be used to scramble your VBA code thus making it extremely difficult for someone to interpret and copy your VBA code.


Conclusion

In summary, dishonest users can obtain, manipulate and distribute data stored in workbooks with relative ease.

DataSafeXL is at an ideal position to provide customized security solutions tailored for each company's circumstances and needs. Click here to learn more about our consulting services.




Download article in PDF Format

You can obtain permissions to re-use this article by emailing us at info@datasafexl.com.