Happy new year to all our WindowSecurity.com readers and a big “thank you” to all of those who have welcomed me to my new position, taking over the site duties for Tom so he can go to work full-time for Microsoft and help to make the products even better. I’m looking forward to getting to know you better in 2010.Microsoft Office applications (Word, Excel and PowerPoint) provide the ability to password protect the documents that you create with them, and when you save to the XML formats (.docx, .xlsx and .pptx), 128 bit AES encryption is used to make passwords more secure. This allows you to require that a user know the password in order to open the file. But a problem with all password-based security is that weak passwords are easily cracked. That’s the reason we have Group Policy to enforce password strength and complexity rules for logging onto Windows computers and networks. Now, with Office 2010, we finally have a password rules feature for Office password protection, as well.
Registry settings are used to enable and control this feature, and you can set minimum lengths and/or character set requirements.
For more information about password protection in Office 2010 and how to edit the registry to configure it, see Alan Myrvold’s post on the Microsoft Office 2010 Engineering Blog at: http://blogs.technet.com/office2010/archive/2009/1….aspx.