I forgot my password for Office One Note.

Discussion:

(too old to reply)

Paul

2008-06-29 15:26:01 UTC

Permalink

I forgot my password for Office One Note.

Is there a way to reset it without the old one?

Ben M. Schorr - MVP (OneNote)

2008-06-29 17:14:54 UTC

Permalink

Not natively, but Google is your friend...

--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

Mike

2008-06-30 18:25:00 UTC

Permalink

Just to satisfy my curiousity I did a Google search for "crack onenote
password" and found a list of tools to crack the OneNote password. So I'm
confused. If these tools work and it is this easy to compromise OneNote and
gain access to a password protected section then what is the benefit of
having a password protected section?

Post by Ben M. Schorr - MVP (OneNote)
Not natively, but Google is your friend...
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
http://tinyurl.com/5m3f5q

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

Ben M. Schorr - MVP (OneNote)

2008-06-30 22:41:29 UTC

Permalink

It's not intended to be Department of Defense certified security. If
you need that level of protection then you should be implementing
operating system level measures like drive encryption and strong
passwords.

Like a deadbolt on a glass door -- it's not intended to stop a
determined and skilled attacker. It's intended to deter the casual
browser/thief.

--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
Author - The Lawyer's Guide to Microsoft Outlook 2007:
http://tinyurl.com/5m3f5q

Post by Mike
Just to satisfy my curiousity I did a Google search for "crack onenote
password" and found a list of tools to crack the OneNote password. So I'm
confused. If these tools work and it is this easy to compromise OneNote and
gain access to a password protected section then what is the benefit of
having a password protected section?

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

Mike

2008-06-30 23:28:03 UTC

Permalink

It doesn't take a skilled and determined attacker to search Google and
download a password recovery tool.

http://www.lostpassword.com/onenote.htm

It looks like the password protection is useless except for superficial
protection. Someone please tell me I'm wrong!

Post by Ben M. Schorr - MVP (OneNote)
It's not intended to be Department of Defense certified security. If
you need that level of protection then you should be implementing
operating system level measures like drive encryption and strong
passwords.
Like a deadbolt on a glass door -- it's not intended to stop a
determined and skilled attacker. It's intended to deter the casual
browser/thief.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
http://tinyurl.com/5m3f5q

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

YouBetcha

2008-07-01 22:35:01 UTC

Permalink

Mike,

Read the following from their web page:

"MS OneNote uses relatively strong encryption algorithm that makes instant
password calculation impossible. Brute-force attack is the slowest approach
and can test all the passwords of up to 6 characters. Xieve™ attack is much
faster and is capable of recovering passwords of up to 9 characters.
Dictionary attack is the fastest method - there is no limitation on password
length. "

Their software relies on you using an "easy" password and it tries various
combinations of words. When they say "instant password calculation [is]
impossible" what they do not tell you is, how long it would take the software
to actually crack it, if it is not something from their dictionary.

You should send them an e-mail, give them a reasonably strong password
(something with combinations of letters and numbers, say a string of 10-12
characters and numbers, that can't be looked up in a dictionary) and ask them
how long it might take. I'm not sure from the description above it would be
able to do it at all. But make sure you tell them it is OneNote 2007 (not
Word 97). Let us know their response.

Post by Mike
It doesn't take a skilled and determined attacker to search Google and
download a password recovery tool.
http://www.lostpassword.com/onenote.htm
It looks like the password protection is useless except for superficial
protection. Someone please tell me I'm wrong!

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

Erik Sojka (MVP)

2008-07-01 23:00:14 UTC

Permalink

Correct - with any password system, you should choose a password which is
not easily found in a dictionary, and is very long. I typically choose
whatever catchphrase or song lyric that is rattling around in my head,
change a few characters to alternate case or number/symbols, adjust the
spacing, and I then have a very long password (which should be impossible
to crack) which I can still remember.

"tiptoe through the tulips"
becomes
"T!ptoe through theT\/lip3"

That's a nigh-uncrackable 25-character password.

Post by YouBetcha
Mike,
"MS OneNote uses relatively strong encryption algorithm that makes
instant password calculation impossible. Brute-force attack is the
slowest approach and can test all the passwords of up to 6 characters.
Xieveâ¢ attack is much faster and is capable of recovering passwords
of up to 9 characters. Dictionary attack is the fastest method - there
is no limitation on password length. "
Their software relies on you using an "easy" password and it tries
various combinations of words. When they say "instant password
calculation [is] impossible" what they do not tell you is, how long it
would take the software to actually crack it, if it is not something
from their dictionary.
You should send them an e-mail, give them a reasonably strong password
(something with combinations of letters and numbers, say a string of
10-12 characters and numbers, that can't be looked up in a dictionary)
and ask them how long it might take. I'm not sure from the
description above it would be able to do it at all. But make sure you
tell them it is OneNote 2007 (not Word 97). Let us know their
response.

Post by Mike
It doesn't take a skilled and determined attacker to search Google
and download a password recovery tool.
http://www.lostpassword.com/onenote.htm
It looks like the password protection is useless except for
superficial protection. Someone please tell me I'm wrong!

Post by Ben M. Schorr - MVP (OneNote)
It's not intended to be Department of Defense certified security.
If you need that level of protection then you should be
implementing operating system level measures like drive encryption
and strong passwords.
Like a deadbolt on a glass door -- it's not intended to stop a
determined and skilled attacker. It's intended to deter the casual
browser/thief.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
http://tinyurl.com/5m3f5q

Post by Mike
Just to satisfy my curiousity I did a Google search for "crack
onenote password" and found a list of tools to crack the OneNote
password. So I'm confused. If these tools work and it is this
easy to compromise OneNote and gain access to a password
protected section then what is the benefit of having a password
protected section?

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

Ben M. Schorr - MVP (OneNote)

2008-07-01 22:55:01 UTC

Permalink

"It doesn't take a skilled and determined attacker to search Google and
download a password recovery tool."

Well...Paul didn't do it, did he? :-)

"Superficial" is a subjective word here. OneNote's password protection
deters the casual browser and if you have picked a sufficiently strong
pass phrase then it may well thwart the more determined effort too.

If you use "hello" as your password then it probably doesn't much matter
what algorithm you use.

OneNote's password feature is a padlock, not a bank vault.

--

-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com/onenote.htm

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

YouBetcha

2008-06-30 21:19:02 UTC

Permalink

Doesn't OneNote use triple DES encryption?

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

Ben M. Schorr - MVP (OneNote)

2008-07-01 22:55:47 UTC

Permalink

It can still be brute-forced under some circumstances.

-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com/onenote.htm

Post by YouBetcha
Doesn't OneNote use triple DES encryption?

Post by Paul
I forgot my password for Office One Note.
Is there a way to reset it without the old one?

e***@gmail.com

2017-06-08 15:51:15 UTC

Permalink

I forgot my password for One Note. Is there a way to reset it without the old one?