Encrypting files in Windows using the Encrypting Files System (EFS)Windows offers an inbuilt encryption method called EFS to protect sensitive data from unwanted users. EFS can be used only on hard drives formatted as NTFS and on professional and premium editions of Windows 10, Windows 8.1, Windows 8, Windows Vista or Windows XP. Home editions of Windows do not support this.
To encrypt files with EFS, follow these steps:-
- Right click on the file or folder you want to protect and click on Properties at the bottom of the menu.
- This will bring up the Properties window. In this window under the General tab, click on Advanced.
- In the Advanced attributes window, tick on Encrypt contents to secure data option.
- Click OK and Apply.
If you encrypt files and folders with EFS, it would not change how you access those files and folders. You would still be able to read, modify and delete those files as long as you are logged into the user account that encrypted those files. However, other users from different user accounts would not be able to do this. For example, if you carry the encrypted file in a flash drive, you would not be able to access it from other computers. To access it from other computers, you will need your encryption key.
Make sure that you backup your encryption key when Windows prompts you to do so. It will be required in case you want to access the encrypted files from a different user account or from a different computer.
To back up your encryption key, click on the Back up now option in the pop up that comes when you first encrypt a file or folder. Then, click Next on the window titled Certificate Export Wizard. Enter a password for your certificate (make sure it is tough but also easy to remember), choose a location to save it, give it a name and click Finish.
In case Windows does not prompt you to back up your encryption key, you can back it up from the File Encryption Certificates manager. Since, EFS relies on your user account to give access to protected files, it is important to choose a strong password for your Windows user account.
EFS is relatively quick and hassle free but not totally secure as Windows stores an unencrypted version of protected files in the temporary folder (when you access them) which can be easily accessed by any experienced computer user. To overcome this weakness, ensure that you clean up your temporary files with the Disk Cleanup utility every time you access your protected files.
BitLockerBitLocker is a Windows utility that allows you to encrypt hard drives and removable storage devices. BitLocker also uses EFS mentioned above with a minor difference. It encrypts the entire drive instead of encrypting individual files and folders.
BitLocker can be turned on in the Control Panel. BitLocker only works on devices having TPM. In case your PC does not have TPM, you will get an error saying “This device can’t use a Trusted Platform Module.” TPM is a special circuit that’s built onto the motherboards of BitLocker compatible computers.
BitLocker is only available on Professional editions of Windows.
7ZIP7Zip is a free and open source compression utility that has the option of allowing users to create a password protected archive. The encryption offered by 7Zip is AES-256 (AES stands for Advanced Encryption Standard), which is virtually impossible to crack and used by everyone from giant tech companies to your next door IT expert.
To encrypt files and folders with 7Zip, either create a new password protected archive from the 7Zip file manager or simply right click on the folder or file you want to protect and select “Add to archive” from the 7zip sub-menu.
You can choose either 7Zip’s .7z or .zip format. If you use .zip format, an additional encryption method called ZipCrypto is available, which is also good but not as secure as AES-256. Also, if you use a .zip archive, you cannot encrypt file names.
7Zip supports multiple platforms, is easy to use and also very fast when it comes to creating and extracting archives.
VeraCryptVeraCrypt is a fork of and successor to the extremely popular and discontinued encryption software TrueCrypt. VeraCrypt claims to have removed the issues that were raised while security auditing TrueCrypt. It supports Microsoft Windows, Mac OS X and Linux.
Like TrueCrypt, VeraCrypt is completely free and supports AES, Serpent and TwoFish encryption ciphers. VeraCrypt is simple to use and offers very fast encryption process. VeraCrypt also allows a single hidden volume to be created within another volume. The Windows version of VeraCrypt can be used to create and run a hidden encrypted operating system. The best part about this software is that its code is available for review and the developers claim an individual security audit is being planned.
- It is important to note that there are several tools and utilities available in the market that allow you to break encryption and passwords. The programs mentioned above will keep your data safe from a large majority of such tools but they, like all methods of encryption are not infallible.
- Even if you encrypt a file, it can still be deleted. So, be sure to back up your encrypted files.
- Make sure that you use a memorable password and keep your encryption key safe to prevent you from losing access to your encrypted files.