Everything About Password Recovery

password recovery

In this post, I will discuss password recovery for Microsoft Office files (Excel/Word/PowerPoint), PDF files, and RAR/ZIP archives. The underlying principles apply to all these file types.

Password Types

MS Excel offers three ways to password-protect a file: ‘Encrypt with Password’ secures the file for opening, ‘Protect Current Sheet’ prevents editing of sheets, and ‘Protect Workbook Structure’ restricts the addition or deletion of sheets. The latter two password types fall into one category which is the password required for editing an Excel file.

Microsoft Excel password types

MS Word provides two methods for password protection: ‘Encrypt with Password’ protecting the document from opening, and ‘Restrict Editing’ preventing others from editing it.

Microsoft Word password types

MS PowerPoint only offers one way for password protection: ‘Encrypt with Password’ restricting access to opening the presentation. However, when you save your files, you may see Tools > General Options, and then you will see the screen below. There you can set a password to prevent the PowerPoint file from being modified.

two options to password protect files

PDF also has two types of password: Document open password, requiring a password for file access, and Permissions password, asking for a password when you’re trying to edit the file.

RAR and ZIP offer two types of encryption. One encrypts the entire compressed package, making the enclosed files inaccessible without the password for extraction. The other encrypts individual files, allowing you to see the file names inside the compressed package, but requiring a password for extracting the files. Both are the password for opening the archive.

We can conclude that MS Excel, MS Word, MS PowerPoint, and PDF files come with 2 types of password: password for opening which restricts access entirely and makes it impossible for you to view anything in the file without the password, and password for editing which allows viewing of the content but requires a password for any modifications. RAR/ZIP archives only have the password for opening or extraction.

Based on current technology, unlocking a file with a password for opening requires password recovery, and it cannot be removed without knowing it. However, the password for editing can be removed within seconds without knowing it, but recovery is not possible.

I am specifically addressing the password for opening in this article. I mention the information above aiming to prevent any confusion between the two types of passwords and guide you to the correct method for unlocking your files.

To unlock Excel worksheets and workbooks when you forget the password, please check this post.

How Is a Password Recovered?

When recovering the password, it’s impossible to directly find it from the file itself because of the more and more complicated and advanced encryption algorithm. Therefore, we have to attempt all potential passwords until we find the correct one. This is called Brute Force Attack.

How many potential passwords are there? Passwords usually consist of 4 types of characters:

  • Numbers: 0123456789
  • Capital letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • Lowercase letters: abcdefghijklmnopqrstuvwxyz
  • Special characters: !”#$%&'()*+,-./:;<=>?@[\]^_`{|}~

The length of passwords can range from 1 to 16 characters or even more. Here is the breakdown of password combinations for different character lengths:

  • 1 character: 95 combinations
  • 2 characters: 9,025 combinations
  • 3 characters: 857,375 combinations
  • 4 characters: 81,450,625 combinations
  • 5 characters: 7,737,809,375 combinations
  • 6 characters: 735,091,890,625 combinations
  • 7 characters: 69,833,729,609,375 combinations
  • 8 characters: 6,634,204,312,890,625 combinations

For results beyond 8 characters, you can use LostMyPass Brute Force Calculator to get the results. Clearly, the quantity of password combinations exponentially increases with each additional character.

Now, let’s talk about the speed of attempting each password combination (checking whether the password works or not).

Currently, there are 2 types of tools: online tools employing cloud servers, like LostMyPass, and desktop software relying on a home computer, like PassFab. The speed difference between these 2 types of tools can be significant, ranging from hundreds to thousands of times. In addition, if you use desktop software, the speed also varies on different computers depending on the performance of the computer.

Another factor that can influence the speed is the version of your file applications, such as MS Office. Generally, the older the version, the faster the speed. Below is an example of LostMyPass’s password-checking speed for MS Office applications:

  • MS Office version ≤2003: 14 GH/s  (14 billion hashes per second)
  • MS Office version 2007: 7 MH/s  (7 million hashes per second)
  • MS Office version 2010: 4 MH/s  (4 million hashes per second)
  • MS Office version ≥2013: 504 KH/s   (504K hashes per second)

If we have to attempt all password combinations to find the correct one, how much time would it take? With LostMyPass’s speed (based on cloud servers), recovering a 6-character password for a file created by MS Office version 2013 or later takes 17 days, recovering a 7-character password extends to 5 years, and an 8-character password would take 418 years.

Therefore, we can conclude that when the password lengths are more than 6 characters (applicable to MS Excel 2013 and later), it is impossible to recover the passwords considering the time needed. Of course, you may recover the password within a reasonable timeframe using a brute force attack, but it’s completely a matter of luck.

However, if you have some clues about the password, things will be much easier. For example, if you know your password includes specific characters or won’t exceed 6 characters, then the number of password combinations will be significantly reduced. These clues can be used to create masks, narrowing down the potential passwords, and allowing them to be checked within a reasonable time. The key point is that any mistakes in the clues can render all efforts futile. This is what we call Brute Force Attack with a Mask. It greatly improves the possibility of password recovery. 

Another method to reduce the number of possible passwords is a Dictionary Attack. It uses a dictionary, which is a list of passwords that people commonly use. Since the number of passwords in a dictionary is usually limited, the process of attempting all the passwords inside can be completed within a reasonable time. This method has proven to be helpful for some people.


I hope I have clearly explained everything about password recovery. If not, please leave a comment below to let me know.

Michael Yang

Michael Yang

Michael is the founder of ClarifyHow and has also been a test engineer for phones and computers since 5 years ago. He gets various problems while working and fixes most of them by himself or his colleagues, so he would like to share his experience and knowledge.

You May Also Want to Read

Leave a Comment