How do I find out which protection level my Word document uses?

If Word displays a yellow 'Marked as Final' banner, it is Mark as Final. If Word opens the file, shows content, but the Review > Restrict Editing pane says 'Your permissions...', it is Restrict Editing. If Word asks for a password before any content appears, it is Encrypt with Password (real encryption).

Word Protection Tiers

Word Read-Only vs Restricted Editing — All Four Tiers

Q: What is the difference between 'Mark as Final' and 'Read-Only Recommended'?

Mark as Final is a one-click advisory setting that shows a yellow banner and makes Word open the document in read-only mode. Read-Only Recommended is slightly stronger — Word prompts every reader with 'The author would prefer you open this read-only'. Neither encrypts anything. Both are trivially removed.

Q: Is 'Restrict Editing with password' real protection?

No. Restrict Editing stores a SHA-512 hash of the password inside word/settings.xml but the document body is not encrypted. Anyone who can read the file bytes can strip the protection by deleting the documentProtection XML element. It is an advisory lock, nothing more.

Q: Is 'Encrypt with Password' real protection?

Yes. Encrypt with Password uses AES-128 or AES-256 with SHA-512 at 100,000 iterations (Word 2013+). The file cannot be opened at all without a matching password. This is the only Word password that needs GPU recovery to break.

Q: Can I remove Mark as Final without being the author?

Yes. Mark as Final is advisory — the Edit Anyway button appears in the yellow banner for every user. There is no password or permission check. Microsoft intentionally designed it as a soft reminder, not a lock.

Word offers four different ways to "protect" a document and most users think they are the same thing. In fact three of them are advisory flags that anyone can click past in seconds; only one — Encrypt with Password — is real cryptography. This guide walks through each tier, shows exactly how Word stores it, and explains how to remove every variant.

The Four Tiers at a Glance

Tier	Real encryption?	Storage	Removal difficulty
1. Mark as Final	No	docProps/custom.xml "_MarkAsFinal" property	One click
2. Read-Only Recommended	No	word/settings.xml <w:writeProtection />	One click on open
3. Restrict Editing	No (hash only)	word/settings.xml <w:documentProtection />	Delete XML tag
4. Encrypt with Password	Yes (AES)	OLE-wrapped encrypted stream	GPU recovery

Only tier 4 needs a recovery service. Tiers 1-3 can be removed with 7-Zip and a text editor in under five minutes, legally, on any document you own.

Tier 1: Mark as Final — The Yellow-Banner Warning

When the author clicks File → Info → Protect Document → Mark as Final, Word sets a custom property called _MarkAsFinal to true inside docProps/custom.xml. That is it. The next time anyone opens the file, Word reads the property and displays a yellow banner: "Marked as Final — An author has marked this document as final to discourage editing." A blue Edit Anyway button sits right next to it.

How to remove it. Click Edit Anyway. The banner disappears, the file becomes fully editable, and the next save clears the _MarkAsFinal property. No password, no permission check, no XML hacking. Microsoft designed Mark as Final as a polite signal, not a lock.

When to use it. Circulating a document for review and wanting to reduce accidental edits. It will never stop a motivated colleague.

Tier 2: Read-Only Recommended — Polite Suggestion on Open

Saved from File → Save As → Tools → General Options → "Read-only recommended". On open, Word prompts: "The author would prefer that you open this document read-only unless you need to make changes. Open as read-only?" Click No and the file opens fully editable. Click Yes and you open it read-only but can still save-as.

This flag is stored as <w:writeProtection w:recommended="true"/> inside word/settings.xml. Nothing encrypts the document body. Nothing hashes a password. There is no permission check beyond the dialog.

How to remove it. Click No on open. For a permanent removal: edit the .docx archive and delete the writeProtection line.

Tier 3: Restrict Editing — The Middle Ground

Set via Review → Restrict Editing, this protection lets the author allow some edits (e.g. tracked changes, comments, filling form fields) while blocking others. A password prompt appears when anyone tries to "Stop Protection". That is where users get stuck.

Inside word/settings.xml you will find a tag like:

<w:documentProtection
    w:edit="readOnly"
    w:enforcement="1"
    w:cryptProviderType="rsaAES"
    w:cryptAlgorithmClass="hash"
    w:cryptAlgorithmType="typeAny"
    w:cryptAlgorithmSid="14"
    w:cryptSpinCount="100000"
    w:hash="nLxYxV...==" w:salt="bS3g...=="/>

The w:hash attribute is a Base64 SHA-512 hash of the password iterated 100,000 times. Word compares any entered password against that hash when you click Stop Protection. What the spec does not do is encrypt the document body — the entire document.xml is sitting in plain text right next to settings.xml inside the ZIP.

How to remove it. Delete the entire <w:documentProtection .../> self-closing tag from settings.xml, re-zip, and reopen. The Restrict Editing pane is empty, every edit is allowed. This is a two-minute job — see the full step-by-step at our Restrict Editing removal guide.

Important: because the protection is advisory, you do not need the password. You never brute-force the hash because you do not need to. This is why no reputable vendor charges for "Restrict Editing password recovery" — the password is irrelevant.

Tier 4: Encrypt with Password — The Real One

Set via File → Info → Protect Document → Encrypt with Password. Word replaces the entire document body with an AES-encrypted blob wrapped inside an OLE2 compound container. From Word 2013 onward the key is derived from the password using SHA-512 at 100,000 iterations, producing a 128-bit AES key. Nothing about the document is readable without a correct password — not the title, not the author, not a single paragraph.

How to remove it if you know the password. Open the document, File → Info → Protect Document → Encrypt with Password, clear the password field, press OK, save. The file is rewritten as plain unencrypted Open XML.

How to remove it if you forgot the password. There is no shortcut. You need to test candidate passwords against the AES key derivation, which is where GPU recovery comes in. Success rates depend heavily on the Word version that saved the file and on the password length — see Word password recovery for realistic odds.

How to Tell Which Tier Is on Your File

Word refuses to open the file; asks for a password before any content appears → Tier 4 (real encryption). Recovery needed.
Word opens the file; yellow banner at the top says "Marked as Final" → Tier 1. Click Edit Anyway.
Word prompts "The author would prefer..." → Tier 2. Click No or open read-only.
Word opens the file; the Review tab's Restrict Editing pane shows "Your permissions" → Tier 3. XML edit.
Word says "This document is protected from unintentional editing" with an Edit Anyway button → Tier 1 or 3 depending on source. Try Edit Anyway first; if it refuses, it is Tier 3 and needs the XML edit.

Legacy Binary .doc — The Same Idea, Different Storage

In Word 97-2003 .doc files, Tiers 2 and 3 are stored inside the document's FIB (File Information Block) rather than XML. Mark as Final did not exist yet. File encryption used 40-bit RC4 — which is breakable in hours. If your .doc file prompts for a password before any content appears, our guaranteed recovery applies regardless of the password.

Do not pay for Tier 1, 2 or 3 "recovery"

Some tools and sites will cheerfully charge you to "recover" a Restrict Editing password. Do not pay. The password is not needed — the XML edit removes the protection in two minutes. Any paid recovery for tiers 1-3 is selling you time, not decryption.

Can You Combine Tiers?

Yes. A single document can carry Mark as Final and Restrict Editing and Encrypt with Password simultaneously. In practice, Tier 4 makes the others invisible — the file will not open at all until the encryption password is supplied, at which point the lower tiers become apparent in the UI.

Combined protection is the correct pattern for sensitive documents: AES encryption stops outsiders from reading the file, Restrict Editing lets authorised readers make only specific changes, and Mark as Final reminds them they are looking at a final version. All three use-cases co-exist cleanly.

Only Tier 4 needs us

If your file is Encrypt with Password (AES), upload it — we will run a free dictionary check in minutes and tell you whether recovery is plausible before you pay anything. For old .doc files, recovery is guaranteed.

Upload Word file for free check

Frequently Asked Questions

What is the difference between Mark as Final and Read-Only Recommended?

Both are advisory. Mark as Final shows a yellow banner with an Edit Anyway button. Read-Only Recommended prompts on open with 'open read-only?' and takes No for an answer. Neither encrypts anything.

Is Restrict Editing with password real protection?

No. The password is stored as a SHA-512 hash but the document body is plain XML. Anyone who opens the .docx as a ZIP can delete the protection tag in 30 seconds without knowing the password.

Is Encrypt with Password real protection?

Yes. AES-128 with SHA-512 at 100,000 iterations from Word 2013 onward. Requires GPU recovery if the password is forgotten, and success depends on password quality.

How do I tell which tier my Word document uses?

Password prompt before any content appears = Tier 4 (encryption). Yellow 'Marked as Final' banner = Tier 1. 'Open read-only?' prompt = Tier 2. Review > Restrict Editing pane showing 'Your permissions' = Tier 3.

Can I remove Mark as Final without being the author?

Yes, in a single click. Mark as Final is advisory — the Edit Anyway button appears for every reader. No password or permission check.