Helping people with computers... one answer at a time.

Keeping information private on your computer is harder than you might think. Some obvious solutions aren't as secure as we might like.

I keep a daily journal in Microsoft Works on Windows XP. Is there a way to put a password on it, or lock it up somehow, so only I have access to it?

There are several approaches to keeping your private data private. Some good, some bad, and many in-between.

Let's look at the list, from least to most secure.

I'll start by suggesting that whatever you do, you regularly backup your uncompressed document in a safe and secure place. Many of these techniques have no recovery option should you lose your password, or should the file become corrupted for some reason. As with all things: backup early, backup often.

Many applications allow you to password protect their native files. I'm not sure about Works, to be honest, but programs like Word, Excel and others allow you to specify a password on the document that you must specify in order to open it. In Word, for example, you can set a password on your document in the Tools menu, Options dialog, Security tab.

The problem with built-in password support, is that it's typically not that robust. Historically application-provided security has been relatively easy to crack. I view it as the classic case of "keeping honest people honest", but not really a serious deterrent to a motivated hacker.

Many programs that create compressed archives also support password protection. Check programs that create ZIP and other types of compressed files for options relating to passwords. The approach here is to compress your document into, say, a password protected ZIP file, and only uncompress it when you want to view or modify it. Recompress it when you're done, remembering to delete the uncompressed version.

Sadly, most password protection in these compression utilities is also on a par with that in the applications themselves. A dedicated hacker with enough time and resources can probably get through the protection eventually.

"Choose a weak password and no technology can keep someone from guessing it."

The reason that applications and utilities above have less than industrial strength protection is simply that password protection is just a feature added on to an application that really exists for another purpose.

The next level up, of course, are utilities that are intended specifically for security.

My favorite for exactly the scenario you describe is a Windows utility called TrueCrypt. TrueCrypt allows you to create a highly encrypted file that appears as a virtual disk drive on your system. You can copy any files on to that "drive" and they are automatically encrypted. The file containing the virtual drive can be copied to any machine, but you must specify the password in order to mount the drive and view its contents.

TrueCrypt is ideal if you travel and need to carry sensitive data with you. I cover it in a little more detail in the article How can I keep data on my laptop secure?.

So far everything I've covered is password based, and therefore highly dependant on the password you choose. Choose a weak password and no technology can keep someone from guessing it.

Another approach is to use public key encryption. Using a utility such as GPG (Gnu Privacy Guard), you can create public and private keys, and encrypt your files with a public key such that they can only be decrypted by someone holding the matching private key. This is industrial strength encryption, but might perhaps be overkill for common use. It's one approach to encrypting email messages, for example, and I cover it in a little more detail in How do I send encrypted email?.

As you can see there are several approaches. If this is just a lightweight situation it's possible that application password support may be enough. In general, though, my recommendation for both security and convenience, remains TrueCrypt.

Article C2614 - April 6, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Ivan Tadej
April 8, 2006 10:41 AM

Yeah, as Leo already said, there are several approaches and many different programs to use to keep a private data safe.


My favorite text-encrypter program is LockNote: http://locknote.steganos.com (SF-link: http://sourceforge.net/projects/locknote, download it here: http://www.steganos.com/LockNote.exe), which saves the encrypted text into an .exe file itself, and thus makes it "portable", which means that there is no need for this program to be residing on other computers, the user just needs a password to see the contents. while the other one is Ciphrtxt: http://www.roadkil.net/ciphrtxt.html program (download it here: http://www.roadkil.net/downloads/ciphrtxt.zip), a similar application that encrypts text of any size, however, this one doesn't store it in any dedicated file, but you just need to copy it into a Notepad for instance and save it. Next time, you just need to copy this text back to the Ciphrtxt's UI and decrypt it with a previously choosen password ...

Well, and there is yet another program similar to LockNote mentioned above; this one is called fSekrit[: http://www.donationcoder.com/Software/Other/fSekrit, also a portable/non-setup-required application which same as LockNote "generates" portable .exes that contain encrypted text, however, it is totally smaller in size (fSekrit's 39.0 KB compare to LockNote's 296 KB), and there are few other advantages too.


And finally, there is a free version of Cryptainer called Cryptainer LE: http://www.cypherix.com/cryptainerle/index.htm (I use the paid-for version Cryptainer PE); this one creates an encrypted container/vault which functions like any other drive (C: or D:) on your computer. You just need to drag and drop any file into the container (in Explorer or in Cryptainer's GUI), which is then automatically encrypted. Cryptainer files can only be viewed, accessed, browsed or modified by the user who has the key to open it. At other times it remains invisible.


P.S. There are also many others that I've tried so far (some that are able to "lock" files, or "hide" folders, others that encrypt single files etc.), but these ones mentioned above seem to be the best, at least for me personally.


best regards,
Ivan Tadej, Slovenia, Europe
http://users.volja.net/tayiper/

Thomas
April 12, 2006 7:01 PM

Leo missed pointing out one of the biggest gotcha's in the world of file encryption, and that is the built-in windows file encryption attribute. What looks like a great feature, and one that works great when employed by the unsuspecting newby, is in fact his/her worst nightmare just waiting to spoil the day. The encryption scheme is user based. Only the user who created the encrypted file can see it, and any one else not logged on as that user will not see the file (including the administrator.)

Problems start when the user forgets his login, or crashes his OS and has to reinstall. The user profile changes and the user will no longer have access to the file. There are preventive measures... profile backups, some backup programs copy the file in decrypted form, and probably other safeguards, but who needs hidden gotcha's like that.

All good points. You'll notice that Windows built-in file encryption was not one of my recommendations :-).
- Leo
12-Apr-2006
Trampus
July 31, 2007 12:43 PM

In response to Thomas post, is there anyway to open the encrypted file. I had to replace a motherboard and now cannot get teh OS to come up. I now have the harddrive hooked up to another computer.

EC
October 1, 2007 5:28 AM

I had password-protected "My Documents" all this while and recently my hard disk is corrupted. I'm trying to retrieve whatever i could by plugging in my hard disk into another working computer. However, i couldn't access my documents cos it's password protected. I have the password, but how do I access it?

You didn't say HOW you password protected it.

If you used Windows, you may not be able to access it. You *might* be able to using a Linux boot disk.

However if you encrypted it using Windows native encryption, you can only decrypt on the original system, and logged in as the original account that had encrypted it.
- Leo
01-Oct-2007

Michael Horowitz
April 7, 2009 11:06 AM

Minor point of clarification about TrueCrypt: It only offers protection when TrueCrypt is not running. That's because the password is only needed to first "mount" the encrypted file blob. While TrueCrypt is running and your sensitive files are visible as a drive letter, it offers no protection.

That's true for any technique one might use to encrypt data. In order to actually use the data, it must be decrypted. While decrypted it's .... well, decrypted.
- Leo
08-Apr-2009

Glenn P.
April 10, 2009 7:10 AM

One good way to "password protect" (i.e., encrypt) files is to use WinZip (available at http://www.winzip.com). Provided you're smart enough to enable it (and not use the stupid "legacy" encryption method!), it uses AES, the Advanced Encryption Standard, which was privately developed under the sponsorship of the U.S. government and is a genuine "military-strength" cipher.

WinZip is great for encryption because any encrypted file should really be compressed anyway, because this greatly enhances the encryption by helping to defeat cryptanalysis (compression disguises the original file's natural characteristics).

There are only two caveats I see with using WinZip and AES -- one practical, and one paranoiac. In order, they are:

1. DON'T, under any circumstances, forget your passphrase! There are no "backdoors" (at least, that we know of!) to WinZip, so if you lose your passphrase you have essentially lost your file!

2. Because AES was developed under government auspices, there are those who suspect that the government must therefore necessarily have the key to it. Whether this is true or untrue, it would seem merely prudent not to trust to it anything that you would wish to keep from law enforcement. For that purpose, I'd recommend something like Blowfish, which has been extensively peer reviewed and which has remained secure and uncracked to this day, and into the invention and developement of which the government never once shoved it all-snuffing nose.

kunal
July 30, 2011 7:24 AM

i created a folder named 'con' . now i wanna deletel it. how can i delete it ? i know these types of folders like con ,sys and etc. cant b created unless u know the trick . but we can only create it . how we delete is unknown 2 me .can anybody tell me ??

Rammstien
November 18, 2011 8:03 AM

Download RCrypto 2.0. Its an encryption software to keep your data secure. Its Free.
Visit:::
http://www.anantyarnd.in/home/windows-software

Prodyot
April 22, 2012 10:22 AM

Great Article.
Very thorough too.
But, I think the MS Word Password protected document can be easily hacked by saving the password protected document as RTF.
Thanks a ton for the valuable post

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.