Not only is this a “set it and forget it” solution you can enable once and forget about, it’s also more secure. If you want encryption, it’s best to go for full-disk encryption in the form of BitLocker. However, there’s not actually much reason to do so. You could encrypt your entire drive, and, even after doing so, Windows users will be able to activate the “Encrypt” attribute for files and folders. It’s actually possible to use both BitLocker and EFS at once, as they’re different layers of encryption. Why You Should Use BitLocker, and Not EFS Where BitLocker is essentially a Windows feature that can encrypt an entire drive, EFS takes advantage of features in the NTFS file system itself. For example, if a program creates a temporary cache file after opening an EFS-encrypted document with sensitive financial information, that cache file and its sensitive data will be stored unencrypted in a different folder. It’s also possible that the encrypted files could “leak” out into unencrypted areas. There’s no full-drive encryption protecting those particular system files unless you also enable BitLocker. The encryption key is stored in the operating system itself rather than using a computer’s TPM hardware, and it’s possible an attacker could extract it. If another user account is logged in, the files won’t be accessible. If the user account that encrypted the files is logged in, they’ll be able to access the files without any additional authentication. Encrypted files can only be accessed by the particular user account that encrypted them. Select a folder or individual files, open the Properties window, click the “Advanced” button under Attributes, and activate the “Encrypt contents to secure data” option. You do this from the File Explorer window.
Where BitLocker is a “set it and forget it” system, EFS requires you manually select the files you want to encrypt and change this setting. Rather than encrypting your entire drive, you use EFS to encrypt individual files and directories, one by one. RELATED: How to Encrypt Files and Folders in Windows 8.1 Pro Using EFSĮFS - the “encrypting file system” - works differently. It encrypts the entire drive rather than individual files on it. While “drive encryption” is more limited on Windows 10 and 8.1, it works similarly on PCs where it’s available. BitLocker uses the computer’s trusted platform module - or TPM - hardware. When an administrator enables BitLocker, every single user account on the PC will have its files encrypted.
0 kommentar(er)
