Do you have a folder or file that you don’t anyone to access? Encryption is the process of protecting a file or even a folder using a decryption key or password. Once you have encrypted files and folders in Windows, your data will become unreadable to unauthorized parties and it is only someone with the correct password or the decryption key can be able to access and read the data. This article clearly explains several methods windows users can utilize to encrypt their devices and the data stored on them.
Which Encryption options can you use?
In order to encrypt files and folders in Windows, you can use the two main built-in encryption capabilities that is, BitLocker and Encrypting File System (EFS). BitLocker is the most secure method and thus the most preferred but the problem is that you can only select and encrypt individual files and folders by creating an encrypted file container using VHD. The Encrypting File System (EFS) can also be used but the only demerit is that it is not recommended for super-sensitive data.
Before you start to encrypt files and folders in Windows note that:
- The files which have been encrypted are not 100 percent secure. Hackers can be able to albeit with difficulty and bypass encryption. If you store cryptographic keys and passwords in an unencrypted file or if a hacker has planted a key logger on your system you are at a very great risk. Malware in your computer can install Key loggers and once installed and you encrypt a single file with EFS, your computer will store an unencrypted version of that file in its temporary memory and for that reason a hacker may still be able to access it. It is recommendable that for the really valuable data to consider a paid, expert, cloud encryption solution.
- It is highly recommended to ensure that you always make unencrypted backups of your files so that in case you lose your passwords you can be able to recover them. You can store them in a safe physical location, more so offline.
- In order to be able to determine on the method of encryption to use you should, decide exactly what you need to encrypt.
How does Windows encrypt files and folders?
Using the BitLocker you can encrypt an entire volume on your hard drive or a removable device, regardless of who is logged in. You must enter a password or use a USB drive that unlocks the PC once inserted in order to unlock a drive that is protected with BitLocker.
A trusted platform module (TPM) hardware is used by BitLocker which enables your device to support advanced security features, For example, when the encryption is only at the software level, access may be vulnerable to dictionary attacks. Thus, TPM is at the hardware level, and for that reason it can protect against guessing or automated dictionary attacks.
Find out whether your device has TPM;
- Press the Windows key followed X on the keyboard and then select Device Manager.
- Click on Security devices.
- If TPM chip is present in your device, Trusted Platform Module with the version number should pop out.
Steps to set up Bitlocker:
- Open the Control Panel.
- Click on System and Security.
- Click the BitLocker Drive Encryption.
- Click Turn on BitLocker under BitLocker Drive Encryption
- Choose Enter a password
- Enter a memorable password and then confirm it and then click on Next.
- Choose the how to save a recovery key in order to be able to get an access to your drive in case you forget your password and then click Next.
- Choose an encryption option either Encrypt used disk space only or Encrypt entire drive and then click Next.
- Select from two encryption options or more: for instance New encryption mode or Compatible mode and there after click Next.
- Look at Run BitLocker system check, which makes sure that the recovery and encryption keys will work and then click Continue.
- Verify that the BitLocker is turned on. (Open My PC in Windows Explorer and check for a Lock icon displayed next to the drive.)
#2. Encrypting File System (EFS)
Encrypting File System is a Windows built-in encryption tool which is used to encrypt files and folders on NTFS drives, once the folders and the files are locked you find that any individual or app that does not have the key cannot open encrypted files and folders.
EFS gives you a chance to manually encrypt individual files and directories instead of encrypting your entire drive. EFS can only work by making encrypted files available only if the user who encrypted the files is logged in by entering the protection key. The encryption key is created by windows and then it is locally saved. The process of encryption using EFS is very easy but not very fully secure because there is a possibility of an attacker to hack the key although it is a bit difficult and for that reason it is advisable to use a strong login password that other users of your PC cannot be able to guess.
How does one encrypt folders and files in Windows 10, 8 or 7 using EFS?
- Right click on the file or folder you would like to encrypt in Windows Explorer.
- Select properties from the context-menu.
- At the bottom of the dialogue that appears click on the advanced button.
- Check Encrypt contents to secure data in the Advanced Attributes dialogue box.
- Click OK.at the bottom then click Apply
- For the case of folder encryption, a Confirm Attribute Change dialogue box will be appear asking if you want to encrypt everything in the folder. Choose Apply change to this folder only or Apply changes to this folder, subfolders and files depending on what you would like to encrypt and then click OK.
- In the pop-up message click on the Back up your file encryption key. In the case whereby the pop up message disappears before clicking it, find it in the Notification Area for your OS.
- It is recommendable that you click Back up now.
- To continue click Next.
- You should then click Next to create your certificate.
- After accepting the default file format to export, click Next.
- Enter your preferred password twice in the password box and then click Next.
- Type a name for the certificate and key you want to export, and click Save.
- To wide up with the encryption process, click Next, Finish, and then OK.
- You can now eject your USB drive and put it somewhere safe.
NB: you should ensure through all this process that you have plugged in a USB flash drive in your PC