Enforcing password rules for Office 2010

Word, Excel, and PowerPoint have been able to password protect documents for several versions by setting “password to open”. In Office 2010, encryption password can be set using Office Backstage View, as well as “Password to open” on General Options. Password encryption’s just one way to protect sensitive information. Depending on your business needs and risks, using IRM or BitLocker might be […]

Word, Excel, and PowerPoint have been able to password protect documents for several versions by setting “password to open”. In Office 2010, encryption password can be set using Office Backstage View, as well as “Password to open” on General Options. Password encryption’s just one way to protect sensitive information. Depending on your business needs and risks, using IRM or BitLocker might be better choices. Enforcing a minimum password length and character set complexity requirements can make passwords more difficult for attackers to guess. There’re 2 registry settings to control this, PolicyLevel and MinLength.

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Security\PasswordComplexity
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Common\Security\PasswordComplexity

  • Value name: PolicyLevel
  • Value type: DWORD
  • Value data: [ 0 | 1 | 2 | 3 ]
  • Use 0 to for no complexity (default), 1 for minimum length, 2 for minimum length plus requiring 3 of 4 character groups, and 3 for all these checks plus enforcing Windows domain password rules.
  • Value name: MinLength
  • Value type: DWORD
  • Specifies the minimum length of password required.

More infoOffice 2010 blog