Microsoft Word to secure stored data

By default, Microsoft Office 2016* uses AES-256-CBC with 100000 rounds of SHA1 for password verification using a 16 byte salt. AES256 is currently considered the industry standard by many for symmetric encryption. SHA-1 isn't considered a very secure algorithm for password storage since it's a fast algorithm and can be accelerated massively using GPUs. However, since a 100000 iterations are used, this weakness is significantly mitigated (although it still isn'tanywhere near as good as a dedicated password hashing function like bcrypt/argon2), and if you use a strong password, it shouldn't matter either ways. So the cryptography used by Office 2016 is strong enough to be currently uncrackable provided a sufficiently strong password is used.

Does having strong encryption make Office a good choice for storing financial information?

Probably not. Word creates lots of temporary files when it opens a document which probably aren't encrypted. These files will usually be recoverable for some time even after they have been deleted and could easily leak the contents of your file unencrypted.


*Office 2013 uses AES-128 which is also secure


A password protected Word document is absolutely not sufficiently secure to guarantee security. Multiple iterations of Word's password protection has been broken multiple times.

Just use a password manager.

EDIT: I would have ideally expanded on this a little bit, but time was short.

Word 2013 and 2016 moved on from the weak ciphers they used in the past when password protecting documents. The problem is that if you're using backward-compatible document files (.doc, instead of .docx), then you're still using the old broken ciphers. There is also a possibility of the data being exposed in temp files or in memory.

You can attach files, including Word documents to records in KeePass, LastPass, 1Password, and other password managers.

You can also use whole-disk encryption, like Microsoft's bitlocker, Apple's Filevault if you're on a Mac, or Veracrypt.

Alternatively, you could use a solution that automatically encrypts all of the files in specific directories. These can be great in conjunction with cloud file services that don't encrypt your files.

Or you could use a cloud file service that does encrypt your files, such as ProtonDrive, or PCloud's encrypted folder option.

As for password managers, Keepass is great. I love it, and it's open source. But I finally moved on to cloud-based password managers because I have three desktop machines (two Windows, 1 Mac), two laptops (Windows, Mac), a smartphone, and an iPad, plus a VMware server running various other server and workstation instances, and syncing my Keepass file(s) between all of the devices where I need access just became a pain in the neck. I researched LastPass, initially, and satisfied myself that they're doing the cryptography right. Later, I checked out 1Password in depth and came to the same conclusion. There are others. I'm not trying to make product endorsements here.