Tech Oddity > Guides > Password Protecting Files


= Introduction =
There are various ways to password protect files and they all have different levels of security.
This article will explain some ways to password protect files and their advantages/disadvantages.
This article does not contain all the ways to password protect files, just some common ones I know of. I may update this article with more methods in the future.
Also this article written with Windows Vista in mind. Some of it applies to other Operating Systems and I may update this article to contain information on other Operating Systems in the future.

= Methods of Password Protection =

== User Account Password ==

You can set a password on your Windows user account.
No one sitting at your computer or accessing it though file sharing (controlled though Network and Sharing center in Control Panel) will be able to access the file without your password unless:
1. You are already logged in to your computer (Or in the file sharing case logged in to your account on another computer).
2. They have an account with Administrator access (administrators can read all users files).
3. You don’t have a BIOS password set (in which case someone can just use a boot disc on your computer to access the file, Note: This doesn’t apply to file sharing).
4. If while surfing the internet you get malware like a Trojan horse program then the person controlling that Trojan will have access to your user account and all your files. Firewall and Anti-Malware programs should protect against those.

To set a user account password see http://windowshelp.microsoft.com/Windows/en-us/help/5c07e067-286d-4b8d-b342-431306e696aa1033.mspx

== Encrypting File System (EFS) ==

EFS is available in Windows Vista Business, Ultimate and Enterprise.
With this you can set the file to be encrypted and anytime you access the file from your user account it will automatically be decrypted, then encrypted again when you close the file.
You will need a user account password and no one will be able to access the file unless:
1. You are already logged in to your computer (Or in the file sharing case logged in to your account on another computer).
2. If while surfing the internet you get malware like a Trojan horse program then the person controlling that Trojan will have access to your user account and all your files. Firewall and Anti-Malware programs should protect against those.
Though no other user account on the computer will be able to view the file nor can anyone with a boot disc access the file like can happen with just a password.
One important downside to note is there are some certificate files used with EFS and if you don’t back them up would mean in the event of a Windows crash that you would not be able to access the file again.
To set a user account password see http://windowshelp.microsoft.com/Windows/en-us/help/5c07e067-286d-4b8d-b342-431306e696aa1033.mspx
To set up EFS see http://windowshelp.microsoft.com/Windows/en-us/help/5a2b6b98-9833-4d73-967e-9293bd1a54e91033.mspx
For backing up the EFS certificate see http://windowshelp.microsoft.com/Windows/en-US/Help/4121b78c-9cb0-4715-93ec-80ba841670a31033.mspx

== TrueCrypt ==

[http://www.truecrypt.org/ TrueCrypt] is free software you can download.
With this you create an encrypted drive that is stored in a file on your hard drive.
The password is not tied to your user account like a password and EFS are.
You can login to your user account and until you mount the drive with TrueCrypt (which needs the password) no one can access the drive including other people and malware (Unless the malware has a keylogger that captured your password, see keylogger section at the end of this article).
You can also unmount the drive and it can’t be accessed it until you type your password and mount the drive again.
To set up TrueCrypt see http://www.truecrypt.org/docs/

== Microsoft Word 2007 ==
If you just want to protect Text/Word Processing documents then you can make a Word document and set up the encryption in Word.
Be sure to save to the Word 2007 (.docx) format. From what I’ve read the Word 97-2003 (.doc) format doesn’t have that good of encryption.
When you open the document, it asks for your password and decrypts the document.
When you close the document, it will encrypt the document.
While the document is closed and encrypted no one can access it, not even malware (Unless the malware has a keylogger that captured your password, see keylogger section at the end of this article).
To set this up in Word see http://office.microsoft.com/en-us/help/HA101483331033.aspx#1

= Method Recommendations =
I would recommend you use a Windows User Account Password if you just want to keep other people who sit at your computer from accessing the file (assuming they don’t know how to use boot discs and don’t have an administrator account on the computer) and use TrueCrypt/Word if you want to keep everyone from seeing the file.
I recommend against the use of EFS due to it’s ties to the User Account and the need to backup certificates.

= Method Notes =
== Strong Password ==

For all the methods you will want to pick a strong password. Like for example if your password was “dog” then someone could just run a dictionary attack on the password and find out what it was fairly quick.
For information on picking a strong password see http://windowshelp.microsoft.com/Windows/en-US/Help/37565844-50dc-47e7-9260-a5a0e903db571033.mspx

== Encryption Caviots ==
=== Forgotten Password ===
If you forgot a strong password, there is no way to ever read that file again.
It is for that reason (and that I don’t think anyone bad will access the files) that I don’t use encryption on my passwords file and financial data.

== Software Encryption Concerns ==
EFS, TrueCrypt and Word Encryption like all software Encryption systems have some important security concerns to be aware of.

=== Keylogger ===
If a keylogger is installed on your system and you are not aware of it then it could capture the password you used to encrypt the file without you knowing it.
Besides keyloggers you can get from bad web sites on the internet there are also ones that attach between the computer and the keyboard so someone could put that on your computer and you would never know unless you checked the keyboard connection.
For more see http://en.wikipedia.org/wiki/Black-bag_cryptanalysis

=== Cold Boot Attack ===
There are some cases like if the computer was not shutdown correctly that the encryption password could still be in the computer’s RAM so if you someone opened up the computer, took out the RAM, put it in their computer and used some analyzing software they could possibly get the password.
For more information see http://en.wikipedia.org/wiki/Cold_boot_attack

=== Program Temporary Data ===
There are that some programs store temporary data in unencrypted parts of the drive like Google Desktop Search (Things like Cached file copies) and Windows Explorer (Things like Thumbnails).
That means some of your data may end up unencrypted.