Free Excel Password Recovery
Excel has four separate password layers. Three of them can be removed for free in seconds — they're not real encryption. Only the file-open password is genuine encryption. Identify which layer you have before reaching for a paid tool.
Four Excel password layers — only one is real encryption
1. Sheet protection — FREE, remove in 30 seconds
You can open the file and see the data, but Excel blocks editing specific cells or sheets. This is a 4-character hash check — not encryption. The fix: rename file.xlsx to file.zip, open xl/worksheets/sheet1.xml, find and delete the <sheetProtection> element, save, rename back to .xlsx. Or use any free sheet protection remover — there are dozens. Or open the file in LibreOffice Calc which ignores sheet protection entirely. Don't pay for this.
2. Workbook structure protection — FREE, same XML trick
Blocks adding, deleting, or renaming sheets. Same mechanism as sheet protection. Fix: rename to .zip, edit xl/workbook.xml, remove the <workbookProtection> element, save, rename back. Also free, also instant.
3. VBA project password — FREE, structural removal
Blocks viewing macros. The macro source code is stored in plaintext (compressed) in the file — the password only gates the UI. Edit the DPB (Data Protection Bytes) in xl/vbaProject.bin inside the .xlsm ZIP to disable the check. Free tools like vbaProjectPasswordRemover automate this. See our VBA password guide for step-by-step instructions.
4. File-open password — Real encryption, needs recovery
Excel asks for a password before showing anything. This is actual AES encryption. Two sub-cases: .xls files (Office 97-2003) use 40-bit RC4 — always recoverable because the key space is finite. .xlsx files (Office 2007+) use AES-128/256 — recovery depends on password strength. Dictionary words and common patterns are often recoverable; random passwords are not.
Free recovery methods for file-open passwords
Try every password variant you can think of
Excel passwords are case-sensitive. Try capitalization variants, trailing numbers (years, single digits), trailing symbols (!, @, #), and passwords you used on other files from the same period. Check your password manager and browser saved passwords.
Free online dictionary check
Our free check runs common passwords, names, dates, keyboard patterns, and multi-language dictionaries against your file. You pay only if recovery succeeds. Most weak passwords are found in the first 10-15 minutes.
Hashcat on your own hardware
Extract the hash: python3 office2john.py locked.xlsx > hash.txt. Attack: hashcat -m 9600 -a 0 hash.txt rockyou.txt -r rules/best64.rule. Excel 2013+ = mode 9600, Excel 2010 = 9500, Excel 2007 = 9400, Excel 97-2003 = 9700 (Word) or 9800 (PPT). The 40-bit modes (9700/9800) guarantee recovery because they target the cipher key directly, not the password.
When free options are exhausted
Free methods reliably handle: sheet protection, workbook protection, VBA passwords (all structural, instant), .xls file-open passwords (always recoverable via 40-bit key search), and weak .xlsx passwords (dictionary words, names, dates, short patterns). They fail on modern .xlsx files with passwords that are long, random, or outside public wordlists.
The free check tells you honestly
Run the free check. If it finds the password — done. If it doesn't, you get a transparent view of what was tested and how many candidates were covered. You can then decide whether to provide hints (fragments of the password you remember, approximate length, character types) — each hint dramatically narrows the search space — or accept that the password was genuinely strong and move on.