Learning how to remove excel password protection is one of those Excel skills that quietly saves the day when you inherit a locked workbook from a former colleague, recover a sheet you protected years ago, or need to update a template that someone else secured. Excel offers several layers of protection, including workbook-open passwords, modify passwords, sheet protection, structure protection, and VBA project locks, and each layer has its own removal procedure. Understanding which lock you are facing is the first step toward unlocking it cleanly.
Microsoft Excel uses different encryption strategies depending on the version and the type of password. Files created in Excel 2013 and later use AES-256 encryption for workbook-open passwords, which is genuinely strong and almost impossible to brute force without the original credentials. However, sheet protection and workbook structure protection are not actually encrypted in modern XLSX files; they rely on a hash value stored in XML, which means a knowledgeable user can remove them in minutes using nothing more than a ZIP utility and a text editor.
This distinction matters enormously for anyone trying to regain access to their own files. If you forgot the password used to open a 2016 or later workbook, your odds of recovery without specialized software are low. But if you simply forgot the password that prevents editing a worksheet, you can almost certainly remove it yourself in under ten minutes. The same goes for workbook structure locks that prevent you from adding, deleting, or renaming sheets.
Throughout this guide, we will walk through legitimate, ethical methods for removing passwords from workbooks you own or have explicit permission to modify. Removing passwords from files you do not own may violate computer fraud laws, employment agreements, and your organization's acceptable use policies. Every method below assumes you are the rightful owner or have written authorization from the file owner.
We will start with the easiest case, removing protection when you still remember the password, then move to legitimate recovery techniques for forgotten sheet and structure passwords. We will explore Office's built-in unprotect commands, VBA macros that strip sheet protection, manipulating the underlying XML of an XLSX file, and specialized recovery tools for the genuinely encrypted workbook-open scenario. Each method includes screenshots-worth of detail so you can follow along even if Excel intimidates you.
You will also see how password protection interacts with other Excel features. For example, a protected sheet still allows formula evaluation, so a hidden vlookup excel formula will continue calculating even when users cannot view or edit it. We will cover how to handle these edge cases, what happens to named ranges and macros, and how to re-protect a file properly once you have made your changes so you do not lose audit trails or compliance documentation.
By the end, you will have a complete toolkit for handling Excel passwords in any reasonable scenario, plus a clear understanding of when professional data recovery is the only realistic option. Let us begin with the fundamentals of how Excel actually stores and verifies passwords.
Encrypts the entire file using AES-256 in modern Excel. Without the password, the file cannot be opened or read. This is the strongest protection and the hardest to recover if forgotten.
Allows opening the file in read-only mode without the password but requires the password to save changes. Stored alongside the open password but functionally weaker and easier to bypass.
Prevents editing of cells, formulas, or formatting on a specific sheet. Not encrypted in XLSX format, so it can be removed through XML manipulation or VBA scripts in minutes.
Locks the workbook so users cannot add, delete, rename, hide, or unhide sheets. Like sheet protection, this is hash-based and removable without the original password.
Hides and protects macro source code in the Visual Basic Editor. Removable through binary hex editing of the file or by copying modules to an unlocked workbook.
When you still know the password, removing it from an Excel file is straightforward and takes less than thirty seconds. Open the workbook, enter the password when prompted, then navigate to File, Info, and click Protect Workbook. From the dropdown menu, select Encrypt with Password. A dialog will appear with the current password obscured by dots. Delete every character so the field is completely empty, then click OK. Save the file. The password is now gone and anyone can open the workbook freely.
The same approach works for the modify password, though the menu path is slightly different. Use File, Save As, then click Tools at the bottom of the save dialog, choose General Options, and clear both the password to open and password to modify fields. This dialog also lets you toggle the read-only recommended setting, which is a soft suggestion rather than a real lock. Some users confuse these features, so make sure you are clearing the right field for the result you want.
Sheet-level protection works differently. Open the workbook, navigate to the protected sheet, click Review on the ribbon, and select Unprotect Sheet. If a password was set during protection, Excel prompts you to enter it. Type the password, click OK, and protection is immediately removed. The sheet now behaves like any unprotected sheet, with all cells editable. You can then re-protect with a new password or leave it open, depending on your needs.
Workbook structure protection follows the same pattern. From the Review tab, click Protect Workbook to toggle the lock off. If a password is set, you will be prompted. Once removed, you regain the ability to add, delete, rename, hide, and unhide sheets through the right-click context menu on sheet tabs. This is the protection most often used in financial templates to prevent users from accidentally deleting calculation sheets that drive downstream formulas.
VBA project passwords are removed inside the Visual Basic Editor. Press Alt plus F11 to open it, right-click the project in the Project Explorer, choose VBAProject Properties, switch to the Protection tab, and uncheck Lock project for viewing. Clear both password fields. Click OK and save the workbook in a macro-enabled format such as XLSM or XLSB. The next time the file opens, the VBA project will be fully accessible without prompting.
For modern files using strong workbook-open encryption, the only legitimate path when you have the password is the File menu method described above. There is no shortcut, no hidden command, and no registry tweak that bypasses AES-256. If you maintain a library of templates protected this way, consider using a password manager such as Bitwarden or 1Password to store the credentials so you never face the recovery scenario in the first place. This is far more reliable than relying on memory or shared spreadsheets.
Finally, remember that removing a password is a permanent change. If you need to keep an audit trail or compliance log, document who removed the password, when, and why before saving the unprotected version. Many regulated industries treat password removal as a material change to a controlled document. A simple log entry saves headaches during audits and prevents accusations of unauthorized access later.
Prepare for the Microsoft Excel exam with our free practice test modules. Each quiz covers key topics to help you pass on your first try.
The built-in method uses Excel's native Review tab and File menu commands. This is the fastest, safest, and most supported approach, and Microsoft will not consider it tampering since it requires the legitimate password. For workbook-open passwords, go to File, Info, Protect Workbook, Encrypt with Password, and clear the field. For sheet protection, click Review, Unprotect Sheet, and enter the password if prompted.
This method preserves all formulas, formatting, conditional rules, data validation, charts, and named ranges. Nothing else about the file changes. It is the only method that works for strongly encrypted workbook-open passwords in Excel 2013 and later. If you have the password, always use this approach first before reaching for VBA or XML techniques, which carry small risks of corruption if performed incorrectly on a complex file.
A VBA macro can remove sheet protection by iterating through possible password combinations using Excel's documented hash collision behavior. The classic 1990s-era macro tries combinations of A and B characters in different lengths, exploiting the fact that Excel's sheet password hash is only 16 bits long. This finds a working password in seconds, not the original but one that produces the same hash.
The VBA approach works only for sheet-level and workbook-structure protection, never for workbook-open encryption. It also fails on files created with the newer SHA-512 hash algorithm in some Excel versions. Always run it on a copy of your file, never the original, and save backups before executing any macro that modifies protected elements. Disable automatic calculation if your sheet has heavy formulas to speed up the macro.
Since XLSX files are ZIP archives containing XML documents, you can rename a copy to .zip, extract it, open the relevant sheet XML in a text editor, and delete the sheetProtection or workbookProtection element. Re-zip the contents, rename back to .xlsx, and the file opens without protection. This works on every version of Excel from 2007 onward for sheet and structure passwords.
The XML method requires no special software beyond a free tool like 7-Zip and Notepad. It is fast, reliable, and leaves the rest of the workbook completely untouched. The only risk is malformed XML if you accidentally delete too much or break the file's nested structure, which is why a backup copy is essential before you begin editing. Always validate the file opens before deleting your backup.
The single most common cause of data loss during password removal is editing the original file. Make a copy, rename it clearly with a suffix like -working or -unlock, and perform all techniques on that copy. If anything goes wrong, you still have the pristine original to retry. Test the unlocked copy opens correctly in Excel before deleting any backups, and keep the original archived for at least thirty days.
The VBA macro approach to removing sheet protection deserves a closer look because it has been the go-to method for nearly twenty years and still works on most files. Open the Visual Basic Editor with Alt plus F11, insert a new module from the Insert menu, and paste a script that loops through password candidates calling the Unprotect method on the active sheet. The macro typically tests two-character through twelve-character combinations of As and Bs plus a single trailing character, exploiting a known weakness in Excel's legacy 16-bit hash function. Within seconds, the sheet unlocks with a phantom password.
This macro does not reveal the original password, which surprises first-time users. Instead, it finds any password that hashes to the same value, which Excel accepts as valid. The unlocked sheet behaves identically to one unlocked with the genuine password. You can immediately re-protect with a new password, leave it open, or save the workbook as is. The whole process from opening the editor to running the macro typically takes under two minutes for an experienced user.
The XML editing route is even faster once you know the path. Rename your XLSX copy to .zip, extract the archive, and navigate to the xl folder. Sheet protection lives in xl/worksheets/sheet1.xml or whichever sheet number corresponds to the locked tab. Open the file in Notepad or VS Code and search for the sheetProtection tag. Delete the entire self-closing tag including its attributes, save the XML, then re-zip the folder contents and rename back to XLSX. The file now opens without sheet protection.
Workbook structure protection lives in a different file, xl/workbook.xml, in an element called workbookProtection. The removal procedure is identical, just edit a different XML file. Some users prefer to do both edits during the same session if the workbook has multiple layers of protection, since you only need to unzip and rezip once. Keep an unmodified copy of the original zip in case you need to compare files later or roll back changes.
For VBA project locks, the bypass requires a hex editor and a small modification to the project's CMG, DPB, and GC strings in the file's binary structure. This is more technical than sheet protection removal and slightly riskier. An easier alternative for VBA-locked workbooks is to create a new blank workbook, save it with a known VBA password, then copy the binary protection strings from your new file into the locked one. The locked file's password becomes whatever you set on the new workbook.
Throughout these operations, remember that Excel calculation engines still run normally on protected sheets. A hidden remove duplicates excel operation embedded in a macro will still execute, and complex lookups with functions like VLOOKUP or XLOOKUP will continue evaluating in the background. This means a protected workbook is not necessarily slow or inert, just visually locked from user edits. Understanding this helps you predict how a workbook will behave after you remove its locks.
If the file is corrupted during your editing attempts, Excel often offers automatic repair when you reopen it. Accept the repair, then check that all sheets, formulas, and named ranges survived intact. Charts, pivot tables, and conditional formatting rules are usually fine. Macros stored in the VBA project may need to be re-saved in a macro-enabled format. Always verify a few key calculations match the original file before considering the unlock successful.
When the built-in unprotect command fails because the password is genuinely forgotten, a category of specialized recovery software steps in to help. Tools like PassFab for Excel, Passper for Excel, and Stellar Phoenix Excel Password Recovery use a combination of dictionary attacks, brute force, and known weakness exploits to attempt password recovery. They work best on older XLS files from Excel 2003 and earlier, where encryption was weaker. For modern XLSX files with strong passwords, success depends heavily on password length and complexity.
Pricing for these tools typically ranges from thirty to sixty dollars for a single license, with enterprise editions offering GPU acceleration for faster brute-force attacks. Before purchasing, use the free trial mode that most vendors offer to confirm the tool can at least begin processing your file. Some tools display the first character or two of the recovered password in trial mode, which is enough to confirm the engine is actually working on your specific file rather than failing silently.
For sheet and structure passwords, free open-source alternatives exist and work reliably. Online services that promise to unlock XLSX files within minutes are usually performing the XML deletion described earlier, just inside a web interface. These services raise serious privacy concerns if your file contains sensitive financial, personal, or business data, since you are uploading the file to an unknown third party. Doing the XML edit yourself takes the same amount of time and keeps your data on your machine.
For organizations facing repeated password issues, the long-term solution is centralized credential management. Tools like Microsoft Information Protection, AIP labels, and conditional access policies replace per-file passwords with identity-based access controls. Users authenticate with their corporate account, and Excel automatically grants or denies access based on the labels applied to the file. This eliminates the forgotten password problem entirely while providing far better audit trails than ad hoc Excel passwords.
Closely related is the use of features like data validation drop-downs, which work well alongside cell-level protection to guide user input. If you find yourself frequently protecting sheets just to prevent accidental edits, learning how to create a drop down list in excel and combining it with locked cells often delivers a better user experience than blanket sheet protection. Users can edit only the input cells, and validation rules prevent invalid entries.
Once you have removed the password, take a moment to evaluate whether you should re-protect the file. If the original protection was for legitimate business reasons, restore similar controls under your own credentials. Document the new password in your password manager, share it with the appropriate people, and update any procedures that depended on the old credential. This closes the loop and prevents the same forgotten-password situation from recurring with the next file owner.
Finally, consider how Excel password protection interacts with cloud storage. Files stored in OneDrive or SharePoint have additional sharing and permission layers that supplement or replace local Excel passwords. For team workbooks, cloud-based permissions are usually superior because they handle individual access, revocation, and audit logging automatically. Local Excel passwords still have a place for files distributed outside your tenant, but they should not be the primary access control for sensitive shared documents.
Practical tips can save you hours when you face a real password situation. Start every recovery attempt with a triage step: open the file in Excel and observe exactly which prompt appears. A password-to-open dialog before you see any content indicates strong encryption and a difficult recovery path. A message about a sheet being protected only when you try to edit indicates the easy XML route. A read-only banner with a Modify button suggests a soft modify password that often has no real effect on saving as a new file.
Keep a small toolkit ready on every analyst's machine. Install 7-Zip for archive manipulation, a code editor like Notepad++ or VS Code for clean XML editing, and a password manager like Bitwarden for storing recovered credentials. Bookmark a tested VBA unlock macro in a personal macro workbook so you can run it on any file with two clicks. With this setup, ninety percent of Excel password requests in your organization can be resolved in under fifteen minutes without external tools.
Train your team on the difference between password types. Many users believe sheet protection is just as strong as workbook encryption, then are surprised when a colleague unlocks their carefully protected pricing template in minutes. Setting accurate expectations prevents misuse of Excel as a security boundary. For genuinely sensitive data, use AES-256 workbook-open passwords with strong passphrases, store them in a password manager, and combine with cloud-based access controls.
When working on inherited files from departing employees, follow a consistent handover procedure. Ask the leaving employee to remove all passwords from active business files before their last day, document any remaining protected files with the manager, and store any necessary passwords in the team's shared vault. This avoids emergency recovery scenarios that often surface weeks after the employee has left and contact is no longer possible.
For complex workbooks with many sheets, write a small VBA macro that loops through all sheets and unprotects each one with a single click. The Worksheets collection in VBA makes this trivial: a For Each loop calling Unprotect on each sheet object handles even a fifty-tab financial model in seconds. Save this macro in your personal macro workbook so it is always available regardless of which file you have open at the time.
Stay aware of version-specific quirks. Excel for Mac handles password dialogs slightly differently than Excel for Windows, and Excel for the Web supports a limited subset of protection features. Files protected in Excel Online cannot be unprotected in older desktop versions without first upgrading the file format. When you encounter unexpected behavior, check the Microsoft documentation for your specific version and protection type to confirm the issue is not a known compatibility limitation.
Finally, build a habit of testing your unlocked file thoroughly before sharing it. Open every sheet, recalculate the workbook with F9, verify pivot tables refresh, confirm macros run if expected, and spot-check at least three or four key formulas against known values from the original file. This catches the rare case where XML editing inadvertently breaks a named range, a chart reference, or a data connection. A five-minute verification routine prevents days of debugging downstream.