If you deal with sensitive information, you’ll likely be very cautious with your data. But it’s not only those dealing with sensitive data that want to keep their information secure, away from prying eyes. We’ve seen the exposure of multiple surveillance schemes affecting the entire global community and, understandably, many of us are keen to hold onto our right to be a private citizen.
It is a mammoth task to comprehend, but it doesn’t have to be. It can start with the documents and programs you use each day. Some security and privacy advocates would argue that it is simply not enough, but you can at least understand how to keep your Microsoft OneNote and other Microsoft Office files protected at all times.
I’ll explain how encryption works in OneNote and Office 2013/2016, whether it is strong enough for your requirements, and how you can go about protecting your data.
Encryption in Microsoft Office 2013/2016
Microsoft makes encrypting your files exceedingly easy. It really is. Head to File > Info > Protect Document, and select Encrypt with Password. Enter a password. Press Enter. Your file is now encrypted, and will not open without the correct password.
See, that was easy, right?
Microsoft upgraded their de facto encryption standard for Office 2013, from a random Triple DES 168-bit key implemented by Windows CAPI (Cryptographic Application Programming Interface), to the more rigorous AES (Advanced Encryption Standard), 128-bit key length, SHA1 (a cryptographic hashing algorithm which generates an almost unique 160-bit key to replace the plaintext) , and CBC (cipher block chaining).
Encryption in Microsoft OneNote 2013/2016
Encryption in Microsoft OneNote works somewhat differently to other Office programs. Documents created in Word, Excel, and PowerPoint are all encrypted using a single password. In OneNote, your “documents” can be comprised of many different notes, spanning different notepads. Unfortunately, this makes the process of encrypting individual notebooks somewhat longwinded, as each must be assigned an individual password.
Of course, you can use the same password for each notebook, at your own risk. But you’ll still have to manually assign them.
To encrypt a notebook with a password, right-click the desired section and select Password Protect this Section. A new Password Protection info-bar will appear on the right of the application. Enter a memorable password and press OK.
Lock All Password Protected Sections
If you have multiple password protected OneNote sections, you can lock them all using the Password Protection info-bar. Right-click a section with an existing encryption password. Under All Protected Sections select Lock All. You can also try the shortcut CTRL + ALT + L.
Once your notebook sections are locked, they will not be searchable, until they are individually unlocked. With this in mind, please do not simultaneously lock all of your notebooks to test this feature. Create a handful of practice notebooks and lock those. I don’t want you traipsing through 100+ sections, cursing me with every password entry.
Auto-locking Encrypted Sections
Any unlocked password protection sections will automatically lock after a set amount of time, if you’re not actively working on them. This is obviously an extremely handy security tool, but it can cause a nuisance if you’re jumping between sections. We can customize the lock time, as well as control the ways password protection is applied to specific sections.
Head to File > Options > Advanced. Scroll down until you spot Passwords, where you’ll note the three options:
Alter the time-lock to something that suits you. OneNote can also lock password protected sections as soon as I navigate away from them.
Should I Change the Encryption Strength?
In a word, no. Unless you have a very specific reason to alter the encryption settings from the default, I wouldn’t go there. Microsoft Office uses AES with a 128-bit key, plus SHA1 salting and cipher block chaining. While there is a extremely unlikely chance your encryption could be cracked, it would take a seriously knowledgeable individual to actually complete the hack, and even then it would require 2126.2 computational power to recover an AES-128 key.
In other words, there are currently no practical methods for cracking an AES-128 key.
That said, if you really do want to rummage around, you can use the Office Customization Tool, which also has a relatively thorough reference page for you to peruse. I won’t give detailed instructions on how to use the OCT, as it really would be best to leave the encryption settings alone – but I cannot deny the whims of those that wish to tinker.
I would suggest setting up a virtual machine, installing Office 2013/2016, downloading the Office Customization Tool, and playing around in there, leaving your regular installation well alone.
Keep Your Files Close…
The encryption offered by Microsoft Office is strong. AES is unlikely to be broken in the extremely immediate future, and if it is, the computational requirements will be extremely high, out of reach of regular cyber criminals.
But that doesn’t mean you can be complacent. You’d be more likely to accidentally introduce a malicious entity to your network, allowing access to sensitive information from inside the gates. With this in mind, consider where that email came from, or just who you’re sending a file to, and you won’t be the weak security link being cursed around the office.
Do you use the integrated Microsoft Office encryption? Or do you make use of an external tool? How do you manage your password protected OneNote sections?