Is it Time to Start Encrypting Your Files?

Category: Privacy

Fear government snoops and hackers drives some people to encrypt their data. Others want to be sure that personal or confidential data can travel safely over the Internet. There are lots of tools you can use to encrypt data, and many of them are free (for personal use, at least). Here are some of the most popular encryption tools...

Free Encryption Tools

I've said for years that sending email is about as secure as sending a postcard through the mail. And now, with more mobile devices, software flaws, hackers, viruses and overzealous government agencies to deal with, it seems the files on your hard drive are about as secure as the books in a public library. The answer in both cases is encryption.

I recently published an article titled Should You Encrypt Your Email?, which covered tools you can use to scramble your email messages. Today, I'll introduce you to several free tools you can use to encrypt files, folders or entire hard drives.

Microsoft’s BitLocker is built into certain versions of Windows 7, 8, and 10. Specifically, it’s in the Ultimate and Enterprise versions of Windows 7 and the Pro or Enterprise versions of Windows 8 or 10. It uses strong AES encryption with either a 128 or 256 bit key (password) to provide formidable protection. (If you don't have a qualifying version of Windows, or you don't trust Microsoft, or you use Mac or Linux, skip down to "More Free Ecnryption Tools" below.)

Encrypt Your Hard Drive

BitLocker is a “full disk” encryption tool; it encrypts nearly an entire drive or volume bit by bit. (Some files essential to boot-up, such as the Master Boot Record, must be left unencrypted.) BitLocker has its own user authentication scheme apart from the Windows logon credentials; it uses either a “startup key” or a PIN. If the computer’s hardware includes a Trusted Platform Module (TPM), the startup key is stored there and authentication occurs automatically at boot-up. Older computers lacking a TPM require the user to store the startup key on a USB drive or create a PIN; one or the other will be required each time you boot the computer.

If the boot drive is encrypted, BitLocker can detect changes to the BIOS that indicate the drive has been moved (or possibly stolen) to a new machine and lock the drive until a BitLocker recovery password is entered. The recovery password is generated and displayed before the drive is encrypted; remember to write it down and store it safely, far away from the encrypted computer.

The advantage of full disk encryption is that it requires very little from the user; all you have to do is turn on BitLocker and specify which hard drive partition(s) you want encrypted. Once enabled, BitLocker keeps data secure without relying on notoriously unreliable users to do anything. But secure from who?

BitLocker and other full disk encryption tools are best at protecting data when a computer or its drive(s) are physically stolen, or when an unauthorized user tries to access an encrypted drive. One downside to full disk encryption is that anyone with administrator privileges can still access everything on an encrypted drive. Other ordinary users of the drive will be able to access programs that you specified should be available to “all users” when you installed them, and data files stored in folders accessible to “all users.” If a hacker steals a user’s or administrator’s login credentials, he would have the same privileges. If a malware program installs itself with administrator privileges, as some do, then BitLocker won’t stop it from stealing your sensitive data.

More Free Encryption Tools

An alternative to full disk encryption is “on the fly” file-level encryption or OTFE. This technique creates an encrypted “container” file on an unencrypted drive. The container file appears as a virtual drive letter to the user and is used just as if it was a real drive. Files saved to the container are encrypted automatically, and decrypted when they are accessed. A password is required to access an encrypted container.

This method enables the co-existence of encrypted and unencrypted data on the same drive, which may be useful to some users. It also protects one user’s encrypted data against all other users of the drive, even administrators; if you don’t have the container’s password, you can’t access the data no matter what your user privileges are.

VeraCrypt is a popular open-source, cross-platform OTFE encryption tool. Versions are available for Windows, Linux, and Mac OS X. (Until a few years ago, the gold standard for open-source encryption tools was TrueCrypt. However, this tool is no longer supported and should not be used.)

Encryption on Your Mac

Apple FileVault is another full disk encryption tool, designed for OS X Lion or later machines. It uses XTS-AES 128-bit encryption and requires installation of the OS X Recovery feature on the encrypted Mac. You will find FileVault in the Security & Privacy pane of System Preferences. Click the FileVault tab in the Security & Privacy pane to enable or disable FileVault.

When FileVault is enabled it asks you to specify which user accounts on the Mac are allowed to unlock the encrypted drive. Other users will not be able to log on to the machine without the aid of an authorized user. But once a drive is unlocked, it remains available to all users until the Mac is rebooted.

FileVault also generates a recovery key when it’s enabled; helpfully, it gives you the option to store a copy of the key with Apple in case you lose yours. Three user-created challenge questions are used to authenticate requests for recovery keys stored by Apple. (Hopefully, the Men in Dark Glasses have to answer those questions as well.)

Mobile and Cloud Encryption

BoxCryptor is an “on the fly” encryption utility for Windows that uses the AES-256 and RSA encryption algorithms to encrypt individual files and store them in a designated folder. That folder can be on your local hard drive or a virtual drive in the cloud; the list of supported cloud storage providers is rather lengthy. BoxCryptor apps are available for Windows, Mac, Linux, Android, and iOS. It’s free for personal use.

Cloud storage encryption is a relatively new category. Increasingly, sensitive data is being stored in cloud services such as Dropbox, Google Drive, etc. While the data centers of these services are much better protected than most home hard drives against malware, hackers, burglars, or disasters, they are quite vulnerable to government intrusion via search warrants and National Security Letters. If you store data in the cloud, you may want to encrypt it first on your local computer, before sending it off to cloud storage.

Encryption is catching on as a standard feature among hardware makers and service providers. The latest versions of iOS and Android encrypt all user data by default. Google is using the HTTPS protocol to encrypt all connections to its services, and “encourages” all Web sites to use HTTPS or see their search rankings and traffic drop. It might seem unnecessary to encrypt your own data, as the suppliers of tech increasingly do it for you.

That would be a mistake, I think. Law enforcement hates encryption, and its leaders are pushing hard for laws that force manufacturers and service providers to leave openings in their encryption schemes for government snoops – legitimate, lawful snoops, of course. But if a hole exists in a security scheme, you can bet that someone will find a way to use it unlawfully.

Laptop and removable drives are most vulnerable to theft, and therefore are prime candidates for encryption. USB thumb drives are particularly prone to loss, and can be encrypted just like any other drive. Desktops in homes are probably least in need of encryption protection. But of course, only you know what data is stored on your home computer and what might happen if it gets into the wrong hands.

What's your opinion of encryption? Are you using it? Thinking about it? Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 19 Aug 2019

For Fun: Buy Bob a Snickers.

Prev Article:
[SPEED TIP] Are Autoruns Slowing Down Your PC?

The Top Twenty
Next Article:
Try Adding THIS to Your Anti-Malware Arsenal

Most recent comments on "Is it Time to Start Encrypting Your Files?"

Posted by:

19 Aug 2019

The penultimate version of TruCrypt, 7.1a, is fine to use (the last version was for a crippled version for recovery only).

I would encourage everybody to routinely use encryption — it needn't be state-of-the-art (unless you really have need to hide something) but standard RSA encryption or similar will effectively keep everything private that should be private.

Posted by:

19 Aug 2019

Stephe, TruCrypt is NOT fine to use. It is an end of life product, and, worse than that, when they closed it down, the developers implied it was not necessarily completely secure. So take Bob’s advice, and use VeraCrypt, which has similar facilities, and is supported.

Posted by:

19 Aug 2019

Do not lose your password! Do not trust your memory! No backdoor means no recovery, period.

Do not encrypt anything that you might want to survive you, like a will (accidents happen), unless you make sure your password is available via trusted means to your survivors.

Posted by:

19 Aug 2019

I admit to knowing very little about this (or anything), but is encryption good to use in OTHER ways besides security? For instance, although I'd like encryption, just to be safe, I have two Windows computers without it. I also have two Linux computers on which I encrypted the entire hard drive. That's good in some ways, but I have to jump through hoops to do certain things, and I MAY have to zap my entire OS if I want to change/add a different OS. The only way I can currently run another OS is from a bootable USB stick. (I have several, two with persistence.) I can log in and do my stuff, add apps, etc., but changing anything major on the hard drive is maddeningly difficult. Or is the encryption Bob wrote about COMPLETELY different?

Posted by:

20 Aug 2019

How does encryption affect the speed of saving and retrieving data?

I rely on MS Outlook (Office 365) for email, contacts and appointments. Several times a day I use "search" to find needles in a 25 GB haystack.

If there is a significant slow-down, I would need to keep the Outlook data files unencrypted.

Posted by:

20 Aug 2019

I have Bitlocker on my laptop, use Gmail and Protonmail encrypted email programs, WhatsApp Messenger and Folder Lock software program to lock down folders and create containers for stored client files and other stuff I don't want stolen eg, keys to software programs.

LastPass is my preferred password manager and ZoneAlarm Extreme I use for antivirus and fire wall.

I've never had a problem, but it could be that I'm simply not of interest to anyone. (Lol)

Posted by:

20 Aug 2019

I noticed you didn't mention "Firefox" web site e-mail and/or using their web site as my or their web site server ,does that mean that "Firefox" already uses encryption when I comment on their web site??

Posted by:

Michael C
20 Aug 2019

If I want to access my encrypted files stored in the cloud, can I do that from any computer as long as I know my password? Also, is the encryption algorithm stored in the same master folder where the encrypted subfolders reside, whether in the cloud or a computer?

Posted by:

Peter Oh
20 Aug 2019

I am still as confused as ever.
If I encrypt files that takes time, & some know how. Email was mentioned; so do I encrypt all emails & if so how do recipients read the messages? If I received an encrypted email I would not have clue & I would dump it.
Seems to me we are miles away from an easy workable, reliable system.
Oh yes I can remember passwords for a little less than 5 mins. Sure I have LastPass but opening it & locating the required encryption PW takes time.

Posted by:

20 Aug 2019

My advice is if you do a whole-disk encryption, make sure you do your backups frequently. A whole-disk encryption usually stores everything (all the files and folders) on that drive as a single, encrypted file. When it receives a request for a single file, for example, it decrypts that small portion of the whole-disk encrypted file and shows it to you.
But if anything goes wrong when that encrypted file is being written to (like a power outage or surge, or a bad spot on the disk), you are very likely to end up with an *entire disk* that is jibberish and useless.
I've seen this happen a few times. Be careful and do your backups religiously!

Posted by:

James Mills
20 Aug 2019

I used to use various versions of ZIP in the old DOS days (showing my age) and sometimes in various versions of windows. Most versions supported the -p option, followed by a password of choice. Exact syntax varied. Any personal info files (finances, medical, steamy letters to girlfriend, whatever) that you absolutely do NOT want ANYONE else to see, at least not without your permission... those files should be encrypted. Just don't lose the password.

Posted by:

Mike Hudson
20 Aug 2019

I’ve been auditioning Veracrypt full system encryption for about 6 months and am very impressed with it. No noticeable impact on performance. Highly recommend.

Posted by:

15 Jan 2020

good and decent product cannot be provided for free...Most probably they have some secrets.. In my opinion, it's better to test something before buying if seller offers it. So I tested the free version of Nordlocker to clarify its features. Version has limited storage, but it was enough to understand whether it's suitable for my needs or not. And what I wanted to say, that I'd probably going to buy a membership, as it works pretty well and is really easy to use for any type of consumer.

Posted by:

11 Nov 2021

I have posted this info before, so I will be BRIEF.
Windows 10 (11?)HOME Will Encrypt Your Drive. While it is true that Bitlocker is NOT available in Win Home, drive encryption is turned on by default. Both My brother's new Dell and my wife\s sister's new non-Dell laptops were encrypted from the factory. Both had Win 10 Home. Likely. this will NOT cause a problem, but if it does, your are OUT of Luck. There is NO WAY to remove the encryption is the password cannot be found! One fellow lost THOUSANDS $$$$.

My advice is to decrypt your drive now, if you do not know the password. You can then encrypt it with a known password, if you wish. One source of this problem in the past was an automatic BIOS update, that destroyed the key stored in the TPM chip. My Dell treats BIOS updates like ANY plain-Jane Windows update, it just goes ahead and installs it, without asking!
Read the sorrows:
More here:

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Is it Time to Start Encrypting Your Files? (Posted: 19 Aug 2019)
Copyright © 2005 - Bob Rankin - All Rights Reserved