P
Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?
Is there a way to reset it without the old one?
B
Ben M. Schorr - MVP (OneNote)
Not natively, but Google is your friend...
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q
M
Mike
Just to satisfy my curiousity I did a Google search for "crack onenote
password" and found a list of tools to crack the OneNote password. So I'm
confused. If these tools work and it is this easy to compromise OneNote and
gain access to a password protected section then what is the benefit of
having a password protected section?
password" and found a list of tools to crack the OneNote password. So I'm
confused. If these tools work and it is this easy to compromise OneNote and
gain access to a password protected section then what is the benefit of
having a password protected section?
Y
YouBetcha
Doesn't OneNote use triple DES encryption?
Ben M. Schorr - MVP (OneNote) said:
B
Ben M. Schorr - MVP (OneNote)
It's not intended to be Department of Defense certified security. If
you need that level of protection then you should be implementing
operating system level measures like drive encryption and strong
passwords.
Like a deadbolt on a glass door -- it's not intended to stop a
determined and skilled attacker. It's intended to deter the casual
browser/thief.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q
you need that level of protection then you should be implementing
operating system level measures like drive encryption and strong
passwords.
Like a deadbolt on a glass door -- it's not intended to stop a
determined and skilled attacker. It's intended to deter the casual
browser/thief.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q
M
Mike
It doesn't take a skilled and determined attacker to search Google and
download a password recovery tool.
http://www.lostpassword.com/onenote.htm
It looks like the password protection is useless except for superficial
protection. Someone please tell me I'm wrong!
download a password recovery tool.
http://www.lostpassword.com/onenote.htm
It looks like the password protection is useless except for superficial
protection. Someone please tell me I'm wrong!
Y
YouBetcha
Mike,
Read the following from their web page:
"MS OneNote uses relatively strong encryption algorithm that makes instant
password calculation impossible. Brute-force attack is the slowest approach
and can test all the passwords of up to 6 characters. Xieveâ„¢ attack is much
faster and is capable of recovering passwords of up to 9 characters.
Dictionary attack is the fastest method - there is no limitation on password
length. "
Their software relies on you using an "easy" password and it tries various
combinations of words. When they say "instant password calculation [is]
impossible" what they do not tell you is, how long it would take the software
to actually crack it, if it is not something from their dictionary.
You should send them an e-mail, give them a reasonably strong password
(something with combinations of letters and numbers, say a string of 10-12
characters and numbers, that can't be looked up in a dictionary) and ask them
how long it might take. I'm not sure from the description above it would be
able to do it at all. But make sure you tell them it is OneNote 2007 (not
Word 97). Let us know their response.
Read the following from their web page:
"MS OneNote uses relatively strong encryption algorithm that makes instant
password calculation impossible. Brute-force attack is the slowest approach
and can test all the passwords of up to 6 characters. Xieveâ„¢ attack is much
faster and is capable of recovering passwords of up to 9 characters.
Dictionary attack is the fastest method - there is no limitation on password
length. "
Their software relies on you using an "easy" password and it tries various
combinations of words. When they say "instant password calculation [is]
impossible" what they do not tell you is, how long it would take the software
to actually crack it, if it is not something from their dictionary.
You should send them an e-mail, give them a reasonably strong password
(something with combinations of letters and numbers, say a string of 10-12
characters and numbers, that can't be looked up in a dictionary) and ask them
how long it might take. I'm not sure from the description above it would be
able to do it at all. But make sure you tell them it is OneNote 2007 (not
Word 97). Let us know their response.
B
Ben M. Schorr - MVP (OneNote)
"It doesn't take a skilled and determined attacker to search Google and
download a password recovery tool."
Well...Paul didn't do it, did he?
"Superficial" is a subjective word here. OneNote's password protection
deters the casual browser and if you have picked a sufficiently strong
pass phrase then it may well thwart the more determined effort too.
If you use "hello" as your password then it probably doesn't much matter
what algorithm you use.
OneNote's password feature is a padlock, not a bank vault.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com/onenote.htm
download a password recovery tool."
Well...Paul didn't do it, did he?
"Superficial" is a subjective word here. OneNote's password protection
deters the casual browser and if you have picked a sufficiently strong
pass phrase then it may well thwart the more determined effort too.
If you use "hello" as your password then it probably doesn't much matter
what algorithm you use.
OneNote's password feature is a padlock, not a bank vault.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com/onenote.htm
B
Ben M. Schorr - MVP (OneNote)
It can still be brute-forced under some circumstances.
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com/onenote.htm
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com/onenote.htm
E
Erik Sojka (MVP)
Correct - with any password system, you should choose a password which is
not easily found in a dictionary, and is very long. I typically choose
whatever catchphrase or song lyric that is rattling around in my head,
change a few characters to alternate case or number/symbols, adjust the
spacing, and I then have a very long password (which should be impossible
to crack) which I can still remember.
"tiptoe through the tulips"
becomes
"T!ptoe through theT\/lip3"
That's a nigh-uncrackable 25-character password.
not easily found in a dictionary, and is very long. I typically choose
whatever catchphrase or song lyric that is rattling around in my head,
change a few characters to alternate case or number/symbols, adjust the
spacing, and I then have a very long password (which should be impossible
to crack) which I can still remember.
"tiptoe through the tulips"
becomes
"T!ptoe through theT\/lip3"
That's a nigh-uncrackable 25-character password.