Sometimes when writing documentation, I need to change all occurrences of a certain font color to another. This post isn’t just about Word, it’s also about protecting SQL Server passwords. I didn’t find a complete explanation of how to globally edit font colors in Office 2007 and Office 2010, so I thought it might be helpful if I walk you through the process. As a bonus, I’ll also show you how to activate Word’s cloaking device (I’ll bet you didn’t know it had one). In the final paragraphs, I make a serious point about using the cloaking feature to safeguard passwords.
Although I’ve definitely needed to do this at work, my example is from a school assignment. One of my instructors wrote a practice test for us complete with all of the answers in red. To best take advantage of this practice test, I need a copy of it without the answers. If I manually delete the answers one by one, I’ll remember some of them, which would make the practice test less effective.
There is a neat trick for logically deleting text. If you want text to disappear, change the font color to the background color. Most of the time our background color is white, so changing a font to white makes the text disappear. By globally changing all red text to white, I can make the answers to my practice test disappear.
Begin by pressing Shift F1 to bring up Reveal Formatting.
Select one of the sections of text you want to change the color of. It will appear in the Selected text box.
Go to the Selected text box and select the menu option Select All Text With Similar Formatting
You will see that all text with exactly the same formatting is now selected.
In the Formatting of selected text section, click Font. Select the font color. Since I want to make all red text disappear, I chose white as my new font color.
Everything that was red is now white.
Now all of the answers to the practice test questions are cloaked. Although you can’t see the answers, they are still there, but they won’t appear when printed or viewed.
Remember, you can choose any color, not just white or the background color. You can change from any color to any other color.
First, let me clarify that I'm not advocating storing passwords in clear text in a file. But many people do, which creates a security vulnerability because a bystander might see the passwords displayed in the document. For those who do stored passwords in a file, if every password in the document has a white font, a bystander will have nothing to see. I personally use this technique at home to keep track of the passwords I use at the many websites I visit. As a note of explanation, I do not use the pipe character (vertical bar) in any of my passwords. Because of this, I’m able to delimit my white colored passwords with pipe characters as this example shows:
By using the cloaking technique, I can have the list of passwords up on the screen without anybody being able to see them. I position the cursor between the pipe characters, double-click, and then do Ctrl C to copy the password into my paste buffer. It’s very convenient. If you chose to adopt this approach, I recommend using EFS to secure the file.
If you want to try this out for yourself, I recommend copying the entire line shown above and pasting it into Word. The behavior of selecting white text in Word is different from the behavior of selecting white text on a web page.
Remember, security management is a balance between not revealing a password and still being able to get work done in case a password is forgotten. Relying on memory to remember every password for everything is a questionable business practice because people do forget. As reader csm correctly points out below, there are better, more secure ways of keeping track of passwords. But it is a fact that people do store passwords as text strings in files. For those who do, the technique of using the background color font does prevent an onlooker from seeing the passwords. I wouldn't use the file based approach on a production machine storing senstive data, but I think it’s okay for a low security development environment when you're not allowed to use Windows authentication exclusively.