If you’re looking for a simple way to keep files and folders private on your Windows computer, you have several options right in front of you.
Thanks to the Microsoft Office Suite, you can use a built-in encryption feature to password-protect Office files, such as Word documents or PowerPoint presentations.
Some Windows operating systems also come with Encrypting File System (EFS), which lets you encrypt any kind of file, as well as whole folders and subfolders.
Note, however, that EFS is only available for Windows 10 Pro, Windows 8 Pro or Windows 8 Enterprise. Users with a Home edition of Windows will need to use either Office Suite encryption or a third-party solution, such as VeraCrypt or 7-Zip.
Nor does either of these methods offer full-disk encryption, which encrypts your entire hard drive and its partitions. That can be done with Bitlocker, which again is only available to Pro and Enterprise accounts.
To set up your Windows file encryption, you’ll want to follow these step-by-step instructions.
Before you start
Before you start altering your files, there are some tips you need to keep in mind.
- Any file can be decrypted if you’re targeted by a savvy enough, or well-financed foe. You might want to find a paid solution if your files are truly valuable.
- Files encrypted using the below methods can still be deleted, so you might want to have a backup on a secondary location.
- If you lose your encryption passwords, you’ve lost your encrypted files forever. So, again, keep an unencrypted backup of the file on a physical drive somewhere safe where it won’t be found.
How to encrypt files using Microsoft Office
This process encrypts individual files compatible with Microsoft Office applications such as Word, PowerPoint or Excel. Once you encrypt a file this way, you’ll need to reopen it in Microsoft Office. You won’t be able to open it in Google Docs, Adobe Reader or LibreOffice.
These steps work for all up-to-date versions of Office, across Windows 8.1 and Windows 10.
1. Open a Microsoft Office program and click Open
2. Click Browse
3. Select a file you want to encrypt and click Open
4. Click the File tab at the top of the page, then scroll down and click ‘Info’
5. Click ‘Protect Document’ on the left side
7. Enter a password for the file
You’ll be prompted to re-enter the same password again, then click OK. After you exit this file, you’ll have to enter the same password to reopen it. Be sure to store this password in a separate, safe place.
How to delete temporary files
You’re not quite done yet, though. One of the flaws with Microsoft Office’s encryption is that unencrypted versions of recently opened files might still be stored in your computer’s temporary memory. You’ll want to go clear that out after you’ve encrypted a file.
1. Click the Start button
2. Type ‘Disk Cleanup’ into the text field and select Disk Cleanup and click OK
3. Wait for the loading bar to complete
It’s calculating how many files it will be able to delete.
5. A new pop-up window will appear asking you to confirm the deletion
Click Delete Files.
6. You’ll see a new pop-up window (pictured below) with a loading bar running as your files are deleted
Once it’s finished, the window will disappear and the temporary files are gone.
How to Encrypt Files on Windows using Encrypting File System (EFS)
EFS works by letting you apply encryption to already-existing files or folders in your file system. You can still edit or modify these files or folders following the encryption process.
Once again, this is available only to Enterprise and Pro versions of Windows 8.1 and Windows 10. Users of the Home versions of those platforms won’t be able to use EFS.
With EFS you won’t notice any change in the way you access your files; all you have to do is log in to your Windows account at startup and the files will be accessible.
However, this means that you need to pick a strong, difficult-to-guess password for your Windows user account.
Note: Step 8 is time-sensitive, so make sure to click the “Back up your file encryption key” prompt after confirming attribute changes in step 7. Missing that prompt means you’ll need to start over again.
1. Right-click on the file or folder you wish to encrypt
3. Click Advanced under the General tab
This will bring up a second pop-up window entitled Advanced Attributes.
4. Check ‘Encrypt contents to secure data’
If the line is grayed out, you may be using a Home version of Windows that doesn’t support EFS.
5. Click OK
6. Click Apply
7. Choose how extensive you want the encryption to be
You can choose to encrypt just that folder, or to encrypt all of the folder’s subfolders and files. We recommend the latter. Whichever you choose, click that option and then press OK.
8. Make sure to click the ‘Back up your file encryption key’ pop-up message before it disappears
If you miss the pop-up message, you’ll need to restart your machine and try again.
The computer creates an encryption key using an encryption certificate provided by Microsoft. Now that your file or folder is encrypted, you won’t need a password to access it other than the password you use to sign into your Windows profile when you turn the computer on.
How to back up your encryption key
You should back up that encryption key to a separate device, because if that key is ever lost or damaged, you won’t be able to access your encrypted files. The easiest method is with an external USB drive, so plug one into your PC before starting.
1. Click the option ‘Back up now (recommended)’
2. Click Next
3. Click Next again
4. Check the box next to Password, enter your password twice and click Next
5. Click Browse
6. Navigate to a directory, such as a USB drive, name your encryption key and click save
7. Click Next
8. Click Finish
9. Click OK
Now eject your USB drive (or wherever you stored the file) and keep it somewhere safe where you’ll remember it.
How good are Windows’ encryption services?
Windows’ built-in encryption isn’t a perfect solution. If you encrypt a single file, the computer stores an unencrypted version of that file in its temporary memory, so a savvy snoop can still access it.
It’s fairly easy for an attacker to break Windows encryption using a brute-force attack, which is when an attacker uses a program that methodically guesses every possible combination of letters and numbers, starting with common passwords.
If you’re very serious about security and privacy, you might not trust a Microsoft solution. The FBI and NSA can require U.S. companies to hand over data or encryption keys. For those reasons, we suggest using a free third-party service such as VeraCrypt or WinZip.