If you're looking for a simple way to keep files and folders private on your Windows computer, you have several options right in front of you. Thanks to the Microsoft Office Suite, you can use a built-in encryption feature to password-protect Office files, such as Word documents or PowerPoint presentations.
Some Windows operating systems also come with Encrypting File System (EFS), which lets you encrypt any kind of file, as well as whole folders and subfolders. Note, however, that EFS is only available for Windows 10 Pro, Windows 7 Professional, Windows 7 Ultimate, Windows 7 Enterprise, Windows 8 Pro or Windows 8 Enterprise. Users with a Home edition of Windows will need to use either Office Suite encryption or a third-party solution, such as TrueCrypt, VeraCrypt or 7-Zip.
Illustration: Tom’s GuideTo set up your Windows encryption, you'll want to follow these step-by-step instructions.
MORE: Best Password Managers
Before You Start
Before you start altering your files, there are some tips you need to keep in mind.
- Anything can be decrypted if you're targeted by a savvy enough, or well-financed foe. You might want to find a paid solution if your files are truly valuable.
- Files encrypted using the below methods can still be deleted, so you might want to have a backup on a secondary location.
- If you lose your passwords, you've lost your files forever. So, again, keep an unencrypted backup on a physical drive somewhere safe where it won't be found.
How to Encrypt Files Using Microsoft Office
This process encrypts individual files compatible with Microsoft Office applications such as Word, PowerPoint or Excel. Once you encrypt a file this way, you'll need to reopen it in Microsoft Office; you won't be able to open it in Google Docs, Adobe Reader or LibreOffice. These steps work for all up-to-date versions of Office, across Windows 7 and Windows 10.
1. Open a Microsoft Office program and click Open Other Documents.
2. Click Browse.
3. Select a file you want to encrypt and click Open.
4. Click the File tab at the top of the page.
5. Click "Protect Document" on the left side.
3. Select Encrypt with Password from the pop-up menu.
4. Enter a password for the file. You'll be prompted to re-enter the same password, then click OK. After you exit this file, you'll have to enter the same password to reopen it. Be sure to store this password in a separate, safe place.
How to Delete Temporary Files
You're not quite done yet, though. One of the flaws with Microsoft Office's encryption is that unencrypted versions of recently opened files might still be stored in your computer's temporary memory. You'll want to go clear that out after you've encrypted a file.
1. Click the Start button.
2. Type "Disk Cleanup" into the text field and select Disk Cleanup.
3. Wait for the loading bar to complete, it's calculating how many files it will be able to delete.
4. After the window "Disk Cleanup for OS (C:) appears, check the box next to "Temporary files" (you may need to scroll down) and click OK.
5. A new pop-up window will appear asking you to confirm the deletion. Click Delete Files.
6. You’ll see a new pop-up window (pictured below) with a loading bar running as your files are deleted. Once it's finished, the window will disappear and the temporary files are gone.
How to Encrypt Files on Windows using Encrypting File System (EFS)
EFS works by letting you apply encryption to already-existing files or folders in your file system. You can still edit or modify these files or folders following the encryption process. With EFS you won't notice any change in the way you access your files; all you have to do is log in to your Windows account at startup and the files will be accessible. However, this means that you need to pick a strong, difficult-to-guess password for your Windows user account. Note: Step 7 is time-sensitive, so make sure to click the "Back up your file encryption key" prompt after confirming attribute changes in step 6. Missing that prompt means you'll need to start over again.
1. Right-click on the file or folder you wish to encrypt.
2. Click Properties selection at the bottom of the menu.
3. Click Advanced under the General tab. This will bring up a second pop-up window entitled Advanced Attributes.
4. Check "Encrypt contents to secure data."
5. Click OK.
6. Click Apply.
7. Choose how extensive you want the encryption to be, click OK. You can choose to encrypt just that folder, or to encrypt all of the folder's subfolders and files. We recommend the latter. Whichever you choose, click that option and then press OK.
8. Make sure to click the "Back up your file encryption key" pop-up message before it disappears. If you miss the pop-up message, you'll need to restart your machine and try again.
The computer creates an encryption key using an encryption certificate provided by Microsoft. Now your file or folder is encrypted, you won't need a password to access it other than the password you use to sign into your Windows profile when you turn the computer on.
How to Back Up Your Encryption Key
You should back up that encryption key to a separate device, because if that key is ever lost or damaged, you won't be able to access your encrypted files. The easiest method is with an external USB drive, so plug one into your PC before starting.
1. Click the option "Back up now (recommended)."
2. Click Next.
3. Click Next again.
4. Check the box next to Password, enter your password twice and click Next.
5. Click Browse.
6. Navigate to a directory, such as a USB drive, name your encryption key and click save.
7. Click Next.
8. Click Finish.
9. Click OK, now eject your USB drive (or wherever you stored the file) and keep it somewhere safe where you'll remember it.
How good are Windows' encryption services?
Windows' built-in encryption isn't a perfect solution. If you encrypt a single file, the computer stores an unencrypted version of that file in its temporary memory, so a savvy snoop can still access it.
It's fairly easy for an attacker to break Windows encryption using a brute-force attack, which is when an attacker uses a program that methodically guesses every possible combination of letters and numbers, starting with common passwords.
If you're very serious about security and privacy, you might not trust a Microsoft solution. The FBI and NSA can require U.S. companies to hand over data or encryption keys. For those reasons, we suggest using a free third-party service, such as TrueCrypt, its successor VeraCrypt or WinZip.