How to unprotect Word files when you don’t know the password

How to remove unknown passwords from protected Microsoft Word files I’m regularly annoyed at password-protected Microsoft Word files that only permit editing of certain aspects of the document such as form fields. By itself, Word’s “Restricted Editing” isn’t necessarily a bad thing. It’s the fact that file creators are usually very conservative and prefer to disallow editing something “just in case”, rather than giving users the option to add text somewhere unexpected.
The result is often that in order to complete a form, one must print it out and amend it with a pen, or convert to PDF and use the “comment” function.

Looking for a way around, I recently found out how to remove the Document Protection from Word files without knowing the actual password*:

* Note that this method only works with Word Docs that are protected from editing, not files that require a password to open.

    1. Open the Word file in question (doc, docx)
    2. Choose “File”, “Save File As”, and make sure the file format is set to “Rich-Text-Format (*.rtf)”. Close the file in Word (important!)
      Choose "File", "Save File As", and make sure the file format is set to "Rich-Text-Format  (*.rtf)".  - ow to remove unknown passwords from protected Microsoft Word files
    3. Open the new Rich-Text file with a text editor (e.g. Notepad or Notepad++). You can do so by dragging and dropping it into the editor window, or choose “File”, “Open File”, and set the file format to “All files (*.*)”.
    4. Find (ctrl-f) “passwordhash” and replace the string that follows with something else (e.g. “nopassword”). Save and close the file in your text editor.
      Find (ctrl-f) "passwordhash" and replace the string that follows (marked here in green) with anything else (e.g. "nopassword"). Save and close the file in your text editor. - How to remove unknown passwords from protected Microsoft Word files
    5. Re-open the modified Rich-Text file in Word, go to “Review”, “Restrict Editing” and click on “Stop Protection” (german version: “Überprüfen” – “Bearbeitung Einschränken” – “Schutz aufheben”). Uncheck all tick-boxes.
      Re-open the modified Rich-Text file in Word, go to "Review", "Restrict Editing" and click on "Stop Protection". Uncheck all tick-boxes. - How to remove unknown passwords from protected Microsoft Word files Re-open the modified Rich-Text file in Word, go to "Review", "Restrict Editing" and click on "Stop Protection". Uncheck all tick-boxes. - How to remove unknown passwords from protected Microsoft Word files
    6. Done. You’ve unprotected your Word file without ever knowing the password.
    7. Optional: Convert your file back to its original file format by selecting “File”, “Save As”, and choosing the original file format.

I’ve successfully tested the above workaround with Microsoft Office Professional Plus 2010 and Microsoft Office Professional Plus 2013. Please let me know whether this works with older/newer Office versions by commenting on this post!

Also, if this tutorial just saved you a lot of time and work, my paypal page is always open for a cup of tea or, preferably, a piece of cake. :)

298 thoughts on “How to unprotect Word files when you don’t know the password

  1. nope didnt work in O365 word, cant open file, so cant save it as rtf.

  2. worked very well on Windows with Word 2010. Could not figure it out on Word 2011 for Mac.

  3. Thanks so much – this has saved me hours of re-creating a document I had forgotten the restriction password to!!!

  4. WOW! Such an amazing tip and a great help! Thanks a LOT! Dankeschön!

  5. This works on a mac too! I used dreamweaver to open up the RTF and change to nopassword then saved the file to a new name. Goodness gracious thank you, you saved me from having to re-do this sheet!

  6. the find for “passwordhash” didn’t yield any results for me. Any other keywords to search on?

  7. Brilliant – I struggled for ages and came across this post and it did the trick!!

  8. Amazing. Worked!
    I thought that the password was the one after the “passwordhash”, but most probably I was wrong.

    Thank you!

  9. I am able to do this in Office 365. Pay attention to your formats when you save as sometimes the RTF can hide from you but this was successful for me. Thanks

  10. For Word on a MAC. Just save the file as an RTF. Then open it in TextEdit. Save the file make no changes, just hit save. Close Textedit, reopen in Word the RTF file you just saved in Textedit, then Save As a word version. It should be fully editable now.

  11. Thanks a lot …really it is very helpful after I spent 3 hours trying to edit!!

  12. It worked! You are the man! Weird thing though…I can’t save it in Word at the end. I mean, it saves but then when I go to get it, it’s not there. If I go to save it again, It IS there. Tried every which way from Sunday and I can’t figure it out. I was able to save the final Word doc to the desktop though so that’s good enough for now. And my boss thinks I’m a magician with mad skills! Thank you!

  13. Thank you, this worked beautifully. I had a doc to edit over vacation and it had a section I had to do that was locked.

  14. Worked like a charm, unlocked an important urgent work document that someone has mistyped the password into, now a god amongst mortals ?

  15. Open the Word file in question (doc, docx)
    HOW DO YOU DO THAT WHEN YOU NEED THE PASSWORD TO OPEN IT?

  16. if you look at the beginning of the tutorial, you’ll see a disclaimer there, stating: “Note that this method only works with Word Docs that are protected from editing, not files that require a password to open.”

  17. This worked for for MS365 Word! Great information and thank you for sharing.

    Does anyone know of the encryption in use with the hash, as displayed in the RTF?

    As expected the “restricted editing” protection has now been bypassed, however we do not know the original password. The bypass is not a lossless process and effects, textboxes, and other details were destroyed in the downgrade to rtf. If we were able to load the hash into JTR or Hashcat perhaps we could obtain the true password used in the protection which would enable disable editing while preserving the entirety of the file structure.

    For “encrypted with a password” protected documents see
    https://tinyapps.org/docs/hashcat.html#fn1
    https://www.blackhillsinfosec.com/crack-passwords-password-protected-ms-office-documents/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.