Why you shouldn’t use Windows’ built-in encryption tool

BON3KRUSH3R wants to password protect certain folders. Should he use the NTFS-based encryption that comes with Windows?

Windows 200, XP Office, Vista Office, and Vista Ultimate all come with the Encrypting File System (EFS), an integrated file and folder encryption system that integrates seamlessly into the operating system.

I don’t recommend it.

EFS makes sense in an office environment, where an IS department sets up and runs the computers, and the average user might not know an encrypted folder from an infected hangnail. Once set up, it’s completely transparent to the user, who doesn’t even have to know what files are encrypted. As long as they’re logged on with their name and password, they can access their encrypted files; otherwise, they can’t.

But the EFS route can give others access to your sensitive data. For instance, if you walk away from your PC for a moment, someone can sit down and grab something secret. And consider a really bad situation where someone can threaten you into booting up and logging on.

EFS’ easy and transparent design also complicates tasks like backing up your data securely, and recovering your files after reinstalling Windows.

That’s why I use and recommend TrueCrypt, a free, open-source program that allows you to create and use multiple encrypted volumes. Most of the time, a TrueCrypt volume looks like a file filled with unreadable gobbledygook. But when you open it in TrueCrypt and enter the password, it becomes a virtual drive on your PC containing files that were previously inaccessible.

TrueCrypt can do all sorts of tricks. It comes with various ways to hide your volumes so that no one knows they’re there. It can encrypt an entire hard drive or flash drive–even the system drive (although I haven’t actually tested that one). And it offers quite a selection of encryption algorithms.

With TrueCrypt and other, similar programs, your encrypted data remains encrypted and inaccessible until you need it.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now