In this article, we’ll show you how to defend your data against prying eyes by employing some relatively simple features built for the Windows platform, as well as some more advanced measures to ensure next-level protection.
Back to basics: Difference between password protection and encryption
Password protection is a lot like locking something in a safe — for instance, a highly sensitive document. To access that document, you must know the correct combination.
Knowledge is literally the key. This is why password protection is sometimes more formally referred to as a form of knowledge-based authentication. You need to know the password to enter. If you required a physical token like, say, an actual key or a special USB drive to access our secret document, then this would be a form of possession-based authentication. If the token (or “key”) were a fingerprint or a face, you would be using inherence authentication, because the token is literally something that is inherent to you and you alone.
Encryption is sort of like taking our secret document and scrambling all the letters in that document so it is virtually unreadable by anyone not authorized to read it.
When a document is unencrypted, it’s stored in what we might call plain text. Anyone can read it. When it’s encrypted, it’s in cipher text. To see the document in its original form, the user must provide a key of sorts that unscrambled the message. In the case of file and folder encryption in Windows, the “key” is to be logged into the correct user account. Even on the same computer, the secret document may as well be gibberish to a different Windows user.
Password encryption is a third option that combines password protection and encryption. The primary benefit of using both is having two layers of security. Now our secret document is in a safe and it’s inscrutable.
If someone has the right password to unlock the file or folder, they still won’t be able to make sense of it if they’re not logged on as the authorized user.
Why password protect files?
If you share your computer with others, there is always a chance of human error — the accidental deletion of an important document, the mistaken modification of a critical file, the accidental sharing of a private folder, etc.
Sometimes you’re your own worst enemy. Sharing sensitive information over email with the wrong recipients is an unfortunate if not entirely too common source of data breaches. Last January, the Leicester City Council (in the U.K.) sent the wrong spreadsheet to some 27 companies. Sadly, that spreadsheet contains personal information belonging to a lot of people. If it can happen to them, it can happen to you.
One way to deal with these risks is to add a password to your most sensitive files, one-by-one. Sharing a computer becomes a worry-free situation after that, and sending email attachments will be less of a nail-biter, too. Yes, the requirement to enter a password every time you access that file may slow you down a bit, but the peace of mind is undoubtedly worth it. Just remember to always use strong passwords. In fact, click on over to the free Avast Random Password Generator whenever you need one, and instantly get a unique, near-uncrackable password you can use immediately.
Another way to deal with this is to use your Windows software to encrypt an entire folder. This is an easy process to implement and to use. There are also third-party tools you can use for full encryption. In this article, we’re going to lay all the tools in front of you to secure your system with the strongest defenses.
Built-in folder encryption
Let’s start with the most straightforward way to encrypt your folders (and all the files within them) — Windows folder encryption. To encrypt a file or folder in Windows 7, 8, or 10, follow these steps:
Navigate to the folder/file you want to encrypt.
Right click on the item. Click Properties, then click the Advanced button
Check Encrypt contents to secure data.
Click OK, then Apply.
Windows then asks whether you wish to encrypt the file only, or its parent folder and all the files within it as well. We recommend you opt for full folder encryption, just to be on the safe side.
Now, once you navigate to the encrypted folder, you will see a small yellow lock on the file icon. Also, when you add new content to that folder, it will automatically be encrypted too.
To be clear, Windows file encryption protects your files against anyone who gets their hands on your computer. The encryption is tied to your Windows account, so when you are logged in, the files decrypt on the fly by the operating system. However, if someone were to log in through another account, they would not be able to access files that were encrypted under your username.
Your files are accessible through your account, and if someone gets unauthorized access to your computer while it’s logged in, encryption is practically useless. This is why it is critical to create a strong login password in the first place.
Power users can also use this method by LaptopMag.com to password lock folders in Windows using a small piece of code.
Regular Windows encryption will only take you so far, however, as it’s fairly easy to circumvent. Someone need only log in with your account to access your content. Read on to find out how to keep your files safe should your account be hacked.
Simple password protection software
Unlike Windows’ own file encryption technology, third-party password protection bars access to content regardless of who is logged in. These tools offer more security than built-in Windows security features and are highly recommended for sensitive data.
Password protect folders in Windows 10
A content protection feature for Windows worth looking at is called Folder Lock. It’s fast, easy to use, and can password protect and encrypt files and folders at blazing speeds. The software uses Advanced Encryption Standard (AES) 256-bit keys to keep your data safe.By default, Folder Lock uses a master password to control locked content. However, you can also create a “Locker” — a secured folder on the drive to segregate content topic. Each Locker can be assigned its own password and you can limit the amount of disk space it can take up.
Folder Lock comes with a powerful file shredder and a cloud-based backup solution, too. You can try a demo for free. The full-version is $39.95.
Password protect folders in Windows 7 & 8
Another lightweight utility is LocK-A-FoLder. Unlike Folder Lock, LocK-A-FoLder only works for Windows XP, Vista, and 7. The interface is extremely simple to use. After installation, the tool will ask you to create a master password to manage all your locked content. All locked folders will no longer be visible on the drive until you unlock them. LocK-A-FoLder is free and is the least resource-hungry folder locker out there, making it an ideal solution for older computers.
Finally, passwords are almost always the weakest link in a security chain. A password strength checker can be of great use here. Online tools like The Password Meter and my1login are great tools to use here.
While strong password protection will be enough for most users, if you have sensitive data, then more advanced methods such as third-party encryption tools can be used to safeguard data.
Full encryption software to secure files and folders
Beyond regular password protection, you can also use disk-encryption software that offers more robust security measures. These tools can block even the most advanced cold-boot and brute-force attacks, which try to crack passwords and encryption keys using different combinations.
This free, open source software can be used on any computer, and virtually any Windows system. It is essentially a file archiver that uses high compression and strong AES-256 encryption. Your files are protected by being compressed and encrypted, so when you go to access them yourself, you simply need to decompress the file first. Yes, again it’s an extra step, but a tiny price to pay for high security. To secure your data with 7-Zip, follow these steps:
Download the latest version of 7-Zip. Run the installation program.
In your Windows directory, select 7-Zip File Manager.
From the 7-Zip control panel, select the file or folder you would like to protect, and click the Add button.
Choose your compression options (see image below). A - Type in the name you would like the encrypted file to be named. B - Under Encryption section, set a strong password to use for encrypting/unencrypting. C- We recommend setting your compression level to HIGH and your compression method to AES-256. D - Click OK.
Your file/folder is now compressed, encrypted, and protected. Decompressing that file/folder is just as simple:
From the 7-Zip control panel, select the file or folder you’d like to open.
Click the Extract button.
In the dialogue box, enter the password. Then click OK.
Your file/folder will decompress and open for you.
With support for AES, Serpent, and TwoFish keys, VeraCrypt is a free, cross-platform data security tool that can encrypt your files any way you require. VeraCrypt comes with full disk encryption but can encrypt at the volume level as well. Users can decide whether they want specific folders encrypted or entire systems. At first glance, VeraCrypt can seem intimidating, as the UI is not the most user-friendly, but it’s actually quite simple once you get the hang of it. The software works something like the Daemon tools that can create a virtual CD drive on your computer.
Download the setup file for Windows and install the software, then follow these instructions:
To start, you will need to create a volume — essentially an encrypted folder where your data will go. Click on Create Volume.
Select Create an encrypted file container and click Next.
VeraCrypt gives you the option to create a normal, visible container or an invisible one. For our example, we’re choosing Standard VeraCrypt volume, but feel free to select whichever one is best for you.
Click Select File and navigate to where you want to store your encrypted container. Click Save.
The next section essentially asks what encryption method you want to use. Again, we suggest AES-256, the strongest encryption used today. Then click Next.
Assign how much space you wish the encrypted folder to have.
Finally, enter the password you wish to use for your volume and click Next. Make sure it’s strong!
VeraCrypt is now ready to create your container. Remarkably, the tool can use random mouse movements to create your encryption key and to encrypt the folder. Feel free to move your mouse around a lot because that makes the encryption key stronger — do this until the bar at the bottom reaches the end. Then click Format.
Your first encrypted volume should now be sitting in its designated folder.
To add content to the container, follow these steps:
To mount your volume, choose a drive number from any one of the drives available on the VeraCrypt home screen.
Click on any one of the letters in your highlighted volume name, click Select File, and navigate to the folder where you saved your encrypted container.
Click Open to select the volume.
Next click Mount to mount the volume to the selected drive. Enter your password and click OK. Your container is ready.
Double-click on the mounted drive to open another window of the container. You should also see the container in This PC along with your other drives. Now, copy the content to your new encrypted “drive,” click dismount to close the folder, and encrypt it again.
Managing files and passwords
You now know what it takes to password protect and encrypt your files and folders in Windows. However, as we have established, it all boils down to keeping your passwords safe and having good security habits in place.
Backup, backup, backup
Consider what might happen if you lost your master password, or if your encryption software got corrupted, or if the files themselves got lost. Backing up your data regularly and using a password manager can help you ensure you are never caught unawares.
Some of the utilities mentioned above such as Folder Lock come with their own cloud-based data backup solutions. However, you can always use Microsoft’s OneDrive or the free Google Drive as well.
Create strong passwords
Of course the biggest problem with passwords is remembering them. But you’re setting yourself up for potential data theft if you create a password to use across all of your accounts. The common alternative — creating easy to remember, uninventive passwords — is just as bad.
Weak and common passwords are fairly easy to hack using programs that literally cycle through different key combinations at unfathomable speed. These brute force attacks, or dictionary attacks are highly advanced. In 2012, hackers created a computer cluster that guesses passwords at a rate 350 billion per second. They could crack any eight-word Windows password in less than six hours. Keep in mind that this was seven years ago. We can only assume password theft mechanisms have evolved since then. Password security best practices need to evolve, too.
So do yourself a favor, and read up on how to create strong passwords and protect your device(s) against hackers.
As for how to remember your passwords, do not create a password list in a document, even if you’ve encrypted that document.