locked
MBF file format (MS Money Sunset edition) RRS feed

  • Question

  • I have just managed to get my lovely MS Money program working again with a Registry mod which was posted elsewhere.

    I know the program has long since been un-supported by MS, but I would like to store my data backup file with the .MBF extension somewhere in the Cloud! 

    Therefore I want to know if the .MBF file (the backup of my data) is encrypted at all, or can anyone with a copy of MS Money open it and see all my data, please? 

    Many thanks, if there is anyone out there with the answer.


    Monday, August 3, 2015 1:59 PM

Answers

  • An MBF file is a copy of the user's .mny file and is protected by whatever security the user applied to his .mny file: password, Windows Live ID or Microsoft Passport.

    If you have set a blank password, anyone can open the file. Otherwise, there is no known way to retrieve information from a Money data file without the user's access credentials.

    Judge for yourself how easy it might be for someone to guess your access credentials

    Monday, August 3, 2015 5:29 PM
  • Thank you Barry and Domonic for both your replies.

    Interesting, Barry suggesting I should change the extension. But this might be less practical as I want Money just to save the backup without any fiddling with the extension. But it could be made to work.

    Domonic, although I have been a MS Money user for many years, through several versions, I had never noticed the Password Manager setting on the main menu. I have now set a password. I feel the chance of someone having a copy of MS Money and being able to guess my password is highly unlikely! So thank you for pointing me to something right under my nose, Domonic. I can now save to the Cloud!

    This thread can now be closed.

    Thank you both for being so quick and helpful. Derek

    Monday, August 3, 2015 7:15 PM

All replies

  • My version of Money does not ask for an encryption key when I backup so either the data is not encrypted or Money uses a key common to everyone with that version.  So if anyone with the same version of Money had access to your portion of the cloud they could open your mbf file.  However, if you create the backup on your system you should have no trouble encrypting it before you transfer the encrypted copy to the cloud.

    On the other hand, if you change the extension from mbf to txt or xls or abc or zzz or anything else, whoever hacks your cloud would have to know the file is an mbf before they could even think of opening it.

    Monday, August 3, 2015 4:18 PM
  • An MBF file is a copy of the user's .mny file and is protected by whatever security the user applied to his .mny file: password, Windows Live ID or Microsoft Passport.

    If you have set a blank password, anyone can open the file. Otherwise, there is no known way to retrieve information from a Money data file without the user's access credentials.

    Judge for yourself how easy it might be for someone to guess your access credentials

    Monday, August 3, 2015 5:29 PM
  • Thank you Barry and Domonic for both your replies.

    Interesting, Barry suggesting I should change the extension. But this might be less practical as I want Money just to save the backup without any fiddling with the extension. But it could be made to work.

    Domonic, although I have been a MS Money user for many years, through several versions, I had never noticed the Password Manager setting on the main menu. I have now set a password. I feel the chance of someone having a copy of MS Money and being able to guess my password is highly unlikely! So thank you for pointing me to something right under my nose, Domonic. I can now save to the Cloud!

    This thread can now be closed.

    Thank you both for being so quick and helpful. Derek

    Monday, August 3, 2015 7:15 PM
  • Note that while the passwording on the newer (2004 maybe?) versions is good encryption, it is still subject to trial and error attack. That can be automated offline. So depending on how much effort somebody might put toward trial and error cracking, you might want to have a longer password-- 14 characters or longer and not having strings that somebody could associate with you (names including pet, SSAN,  etc).
    Monday, August 10, 2015 3:38 PM
    Moderator