Is it Time to Start Encrypting Your Files?
Fear government snoops and hackers drives some people to encrypt their data. Others want to be sure that personal or confidential data can travel safely over the Internet. There are lots of tools you can use to encrypt data, and many of them are free (for personal use, at least). Here are some of the most popular encryption tools...
Free Encryption Tools
I've said for years that sending email is about as secure as sending a postcard through the mail. And now, with more mobile devices, software flaws, hackers, viruses and overzealous government agencies to deal with, it seems the files on your hard drive are about as secure as the books in a public library. The answer in both cases is encryption.
I recently published an article titled Should You Encrypt Your Email?, which covered tools you can use to scramble your email messages. Today, I'll introduce you to several free tools you can use to encrypt files, folders or entire hard drives.
Microsoft’s BitLocker is built into certain versions of Windows 7, 8, and 10. Specifically, it’s in the Ultimate and Enterprise versions of Windows 7 and the Pro or Enterprise versions of Windows 8 or 10. It uses strong AES encryption with either a 128 or 256 bit key (password) to provide formidable protection. (If you don't have a qualifying version of Windows, or you don't trust Microsoft, or you use Mac or Linux, skip down to "More Free Ecnryption Tools" below.)
BitLocker is a “full disk” encryption tool; it encrypts nearly an entire drive or volume bit by bit. (Some files essential to boot-up, such as the Master Boot Record, must be left unencrypted.) BitLocker has its own user authentication scheme apart from the Windows logon credentials; it uses either a “startup key” or a PIN. If the computer’s hardware includes a Trusted Platform Module (TPM), the startup key is stored there and authentication occurs automatically at boot-up. Older computers lacking a TPM require the user to store the startup key on a USB drive or create a PIN; one or the other will be required each time you boot the computer.
If the boot drive is encrypted, BitLocker can detect changes to the BIOS that indicate the drive has been moved (or possibly stolen) to a new machine and lock the drive until a BitLocker recovery password is entered. The recovery password is generated and displayed before the drive is encrypted; remember to write it down and store it safely, far away from the encrypted computer.
The advantage of full disk encryption is that it requires very little from the user; all you have to do is turn on BitLocker and specify which hard drive partition(s) you want encrypted. Once enabled, BitLocker keeps data secure without relying on notoriously unreliable users to do anything. But secure from who?
BitLocker and other full disk encryption tools are best at protecting data when a computer or its drive(s) are physically stolen, or when an unauthorized user tries to access an encrypted drive. One downside to full disk encryption is that anyone with administrator privileges can still access everything on an encrypted drive. Other ordinary users of the drive will be able to access programs that you specified should be available to “all users” when you installed them, and data files stored in folders accessible to “all users.” If a hacker steals a user’s or administrator’s login credentials, he would have the same privileges. If a malware program installs itself with administrator privileges, as some do, then BitLocker won’t stop it from stealing your sensitive data.
More Free Encryption Tools
An alternative to full disk encryption is “on the fly” file-level encryption or OTFE. This technique creates an encrypted “container” file on an unencrypted drive. The container file appears as a virtual drive letter to the user and is used just as if it was a real drive. Files saved to the container are encrypted automatically, and decrypted when they are accessed. A password is required to access an encrypted container.
This method enables the co-existence of encrypted and unencrypted data on the same drive, which may be useful to some users. It also protects one user’s encrypted data against all other users of the drive, even administrators; if you don’t have the container’s password, you can’t access the data no matter what your user privileges are.
VeraCrypt is a popular open-source, cross-platform OTFE encryption tool. Versions are available for Windows, Linux, and Mac OS X. (Until a few years ago, the gold standard for open-source encryption tools was TrueCrypt. However, this tool is no longer supported and should not be used.)
Encryption on Your Mac
Apple FileVault is another full disk encryption tool, designed for OS X Lion or later machines. It uses XTS-AES 128-bit encryption and requires installation of the OS X Recovery feature on the encrypted Mac. You will find FileVault in the Security & Privacy pane of System Preferences. Click the FileVault tab in the Security & Privacy pane to enable or disable FileVault.
When FileVault is enabled it asks you to specify which user accounts on the Mac are allowed to unlock the encrypted drive. Other users will not be able to log on to the machine without the aid of an authorized user. But once a drive is unlocked, it remains available to all users until the Mac is rebooted.
FileVault also generates a recovery key when it’s enabled; helpfully, it gives you the option to store a copy of the key with Apple in case you lose yours. Three user-created challenge questions are used to authenticate requests for recovery keys stored by Apple. (Hopefully, the Men in Dark Glasses have to answer those questions as well.)
Mobile and Cloud Encryption
BoxCryptor is an “on the fly” encryption utility for Windows that uses the AES-256 and RSA encryption algorithms to encrypt individual files and store them in a designated folder. That folder can be on your local hard drive or a virtual drive in the cloud; the list of supported cloud storage providers is rather lengthy. BoxCryptor apps are available for Windows, Mac, Linux, Android, and iOS. It’s free for personal use.
Cloud storage encryption is a relatively new category. Increasingly, sensitive data is being stored in cloud services such as Dropbox, Google Drive, etc. While the data centers of these services are much better protected than most home hard drives against malware, hackers, burglars, or disasters, they are quite vulnerable to government intrusion via search warrants and National Security Letters. If you store data in the cloud, you may want to encrypt it first on your local computer, before sending it off to cloud storage.
Encryption is catching on as a standard feature among hardware makers and service providers. The latest versions of iOS and Android encrypt all user data by default. Google is using the HTTPS protocol to encrypt all connections to its services, and “encourages” all Web sites to use HTTPS or see their search rankings and traffic drop. It might seem unnecessary to encrypt your own data, as the suppliers of tech increasingly do it for you.
That would be a mistake, I think. Law enforcement hates encryption, and its leaders are pushing hard for laws that force manufacturers and service providers to leave openings in their encryption schemes for government snoops – legitimate, lawful snoops, of course. But if a hole exists in a security scheme, you can bet that someone will find a way to use it unlawfully.
Laptop and removable drives are most vulnerable to theft, and therefore are prime candidates for encryption. USB thumb drives are particularly prone to loss, and can be encrypted just like any other drive. Desktops in homes are probably least in need of encryption protection. But of course, only you know what data is stored on your home computer and what might happen if it gets into the wrong hands.
What's your opinion of encryption? Are you using it? Thinking about it? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 19 Aug 2019
|For Fun: Buy Bob a Snickers.|
[SPEED TIP] Are Autoruns Slowing Down Your PC?
The Top Twenty
Try Adding THIS to Your Anti-Malware Arsenal
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Is it Time to Start Encrypting Your Files? (Posted: 19 Aug 2019)
Copyright © 2005 - Bob Rankin - All Rights Reserved