Keeping private things private
There are several approaches to keeping your private data private. Some good, some bad, and many in-between.
Let’s look at the list.
Become a Patron of Ask Leo! and go ad-free!
Password protecting documents
To secure a document created by a tool that includes encryption, such as Microsoft Word, use the built-in encryption, otherwise zip files with password protection are equally secure. For multiple files, VeraCrypt or Cryptomator vaults make sense. Of course strong passwords or pass phrases are essential, as are regular unencrypted backups.
But first, back up
Whatever you do, regularly backup your uncompressed document in a safe and secure place. Many of these techniques have no recovery option should you lose your password, or should the file become corrupted for some reason.
As with all things: backup early, backup often.
This is probably the most pragmatic solution for Word. With the document open, hit the File menu, Info item, click on Protect Document, and then Encrypt with Password.
Unlike early versions of Microsoft Office apps, the encryption used today is strong and secure.
If you’re using a different application, do two things:
- Check to see if that application has a password protection / encryption options.
- Do a little research to see if it’s any good. “<Application name> encryption crack” might be a good search to start with.
Many programs that create compressed archives also support password protection, the most ubiquitous being the “zip” file. While Windows itself seems to only be able to create unprotected zip files, tools like WinZip, 7-Zip, and others can.
Much like Microsoft Office, early versions of the zip format encryption was less than secure. Using a current zip utility to password protect a zip file will be appropriately secure.
The only “catch” is that while the data in a zip file will be encrypted, the filenames will still be visible. If that’s an issue, then encrypting the zip file a second time will hide that as well.
The good news is that decrypting zip files that have a password can be done natively in Windows without a third party tool.
More files, more power
In addition to zip files, another approach, particularly if you have multiple files to protect, is to use a VeraCrypt vault or Cryptomator.
In both cases the data is stored encrypted on disk, and is accessible only when the appropriate passphrase is provided. The files are made available in their unencrypted form by mounting a “virtual drive”. While your VeraCrypt vault might be “mysecretstuff.hc”, once mounted the unencrypted contents might appear as drive “E:”.
This is the technique I recommend for encrypting entire folders.
So far everything I’ve covered is password based, and therefore highly dependent on the password or pass phrase you choose. Choose a weak password and no technology can keep someone from guessing it.
Another approach is to use public key encryption. Using a utility such as GPG (Gnu Privacy Guard), you can create public and private keys, and encrypt your files with a public key such that they can only be decrypted by someone holding the matching private key. This is industrial strength encryption — it’s the basis of security on the internet — but might perhaps be overkill for common use. It’s one approach to encrypting email messages, for example, and I cover it in a little more detail in How do I send encrypted email?.
- If the application you’re using, like Word, supports strong encryption, that’s where I’d start if you have only a few documents.
- If you have more documents, or the application you’re using doesn’t have encryption, then zip files are my next recommendation.
- If you have lots of documents, or folders of documents then solutions such as VeraCrypt and BoxCryptor are perhaps most appropriate.
As you can see there are several approaches to choose from depending on your needs.
Something else to choose: Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.