(2.7MB Flash demo)
Choose Currency for Purchase
Home » Features: Native Excel

Why can't I rely on Excel's native spreadsheet 'protection'?

Content and location security limitations

The problem with the native 'protection' provided by Microsoft ExcelŽ is that it provides only weak intellectual property security, and no location security capability at all.

Excel does provide worksheet and workbook password-based protection, cell locking and hiding of formulas, and password protection of macros and Add-ins.  The level of protection provided, however, is relatively low, and provides a first line of defense only.  These protections can all be broken fairly easily.  Un-protect programs and services are available on the internet.  Excel does not prevent someone with access to a confidential spreadsheet from copying worksheets, ranges, or formulas and pasting them into another spreadsheet.

Thus, no secure protection of the intellectual content of the spreadsheet, formulas, algorithms etc is available by using native Excel protection.

"The encryption on Worksheet and Workbook structure passwords is extremely weak.  Passwords can be cracked in minutes with free software.  Even Microsoft acknowledges that worksheet and workbook protection is a 'display' feature and not a 'security' feature.  Passwords will only stop the casual user and cannot be relied upon as a security feature in distributed applications."  Doug Tyrrell, Excel Consultant

"MS Office file passwords are not secure and were never intended to be.  There are a great many third-party utilities available on the Internet to recover lost Office file passwords.  Therefore these password features will never be effective for preventing customers from seeing proprietary or trade secret information, for example, or for serious confidentiality or security concerns inside the workplace."  Jim Dettwiler

"If I protect my worksheet with a password, is it really secure?  No. Don't confuse protection with security. Worksheet protection is not a security feature.  Fact is, Excel uses a very simple encryption system for worksheet protection. When you protect a worksheet with a password, that password -- as well as many others -- can be used to unprotect the worksheet.  Consequently, it's very easy to "break" a password-protected worksheet.  Worksheet protection is not really intended to prevent people from accessing data in a worksheet. If someone really wants to get your data, they can. If you really need to keep your data secure, Excel is not the best platform to use."  John Walkenbach

"Excel features related to hiding data or locking data with passwords are not intended to secure or protect confidential information in Excel.  These features are merely meant to obscure data or formulas that might confuse some users or to prevent others from viewing or making changes to that data."  Microsoft 2006

Access security limitations

Furthermore, no form of location security is provided by Excel.  File access to a particular spreadsheet file can be prevented by:

  • network access control and restriction for corporate and networked environments
  • physical access restriction for small businesses/home offices
  • protection based on encapsulation or encryption of the file, preventing access to the file's contents

However, in order for a user to be able to use the spreadsheet, they must have access to the spreadsheet file and any password required to decrypt it.  Once in possession of this information, the file contents can then easily be copied as if access had never been restricted.

 
 

[ Home ]   [ Features ]   [ Q&A ]   [ Get a Copy ]   [ News ]   [ Contact Us ]   [ Privacy Policy ]   [ Site Map ]