Microsoft Office Document Encryption

Faculty and staff are encouraged to encrypt all documents containing sensitive information. Please note that while the example below refers to Microsoft Word 2003, the method is equally available under other Microsoft Office versions (XP, 2007) and other Office components (Excel, PowerPoint).

1. Assuming your document is ready to encrypt, select 'Save As...' under the main File Menu; click 'Tools'; then click 'Security Options...'

{Screen Capture}

2. Next, enter a 'Password to open' and/or a 'Password to modify', as appropriate. While 'Password to open' best addresses confidentiality concerns, 'Password to modify' can instead or additionally be useful in instances where you want to protect your document against accidental and/or intentional modification.

{Screen Capture}

3. Note when you click 'OK' bottom of above menu, you will be asked to confirm the password(s) you have entered. Much like making any password change, if the two strings you enter do not match, your attempt to password protect your document will fail.

{Screen Capture}

4. Click 'OK' and 'OK' to return to the main 'Save As' window, then save as usual.

5. To test you've done all this correctly, exit Word, then double-click or otherwise re-open your document. You should be prompted for a password.

That in a nutshell is the mechanics of Microsoft Office encryption; now for several important caveats.


First, it is vitally important to understand that if you encrypt your only copy of a document and forget the password, you will never be able to open that document again. Encryption passwords cannot be reset like login passwords; once the password is forgotten, so is your ability to open your file. It is therefore imperative that you never forget your encryption passwords.

Second, if you intend to email or otherwise share a protected document, the recipient must be told the password(s) used if they are to be able to open or modify it. It therefore follows you should never use your email password or any other personal password to protect documents you intend to share. It also follows you should not send the password in the same email or with the same media containing the encrypted document - otherwise anyone lucky or devious enough to intercept the document would also have the means to decrypt it. The safest way around this dilemma is to share the encryption password using entirely separate means. If you send your document via email for instance, provide the password either face-to-face or over the phone.

Third, in the same way you should not use the same password for all of your accounts, you should not use the same password to protect all of your documents. If you have documents you would share with a colleague Bill for instance but never with another colleague Ted, you should really use different passwords with each (otherwise Ted will be able to read your documents to Bill should he ever come into possession of them).



Information Technology Services

230 Elizabeth Ave, St. John's, NL, CANADA, A1B 3X9

Postal Address: P.O. Box 4200, St. John's, NL, CANADA, A1C 5S7

Tel: (709) 864-8000