Some files need to be protected from prying eyes. Learn how per-file encryption allows us to add a password to sensitive files.
- [Instructor] While we usually think of files stored in our user account, on our desktop, or in the Documents folder as being safe from others, an administrator or a super-user on the same computer is still able to read our files. Because of that, sometimes it's a good idea to add security to sensitive files like financial records, medical records or anything else that might be more private than other information. Even if you're the only user of a computer, malicious software might be able to read and copy files you don't intend it to. In order to protect sensitive files, we can encrypt them, basically to scramble them up and only be able to put them back together again and read what they contain after providing a password or key.
That extra level of protection comes with a little bit of danger, though. If you forget the password used to encrypt a file, you won't be able to access it either. There are many tools to encrypt files out there and I want to show you one that works on Windows, Mac and a few other operating systems. VeraCrypt is based on a well-known privacy tool called TrueCrypt. It creates encrypted volumes inside which you can store files you want to keep private. You can download VeraCrypt by visiting veracrypt.fr and clicking on the Downloads button.
I'll download the Windows version here. There are two options offered. The first option needs to be installed, so you need to be an administrator on your computer to do that. The other option is a portable version, which runs without having to be installed, and that can be used if you don't have administrative rights on a computer you're using. I'll download the one that requires installation. And when that's done, I'll go through the installation process.
I'll open up the software and if I see it, I'll dismiss the prompt about the beginner's guide. If you're interested in exploring more about the security options this software offers, look through the User's Guide, which helps to explain a lot of the concepts that you'll see mentioned on various dialogs in a program. That's available up here in the Help menu item. When the software opens, we get a pretty technical-looking window. This software can do a lot of things and you can set some really specific options, but in this video, I want to just show you the basics of creating an encrypted container for files using a password to secure it.
We'll use this big part of the window up here in a moment, but first, I'll start down toward the bottom by clicking Create Volume. This will create a file that's a volume or a container or like a bucket to contain the files we want to protect. I'll step through the Creation Wizard here and for this basic setup, I'll use the options that are pre-selected. I mentioned earlier, there are a lot of other ways to configure your encryption and many of them are available here, but we'll skip them for now.
When I come to Volume Location, I'll choose Select File and then I'll choose a location to store my container. For now, I'll put mine on my desktop, and I'll call it My Secrets. Then I'll click Save. I'll continue to the encryption options and for now, I'll leave these as they are. Then I'll set a size for the volume. I'll make mine pretty small, maybe just 500 megabytes.
If you need to store more information, you can make yours larger. And now I'm prompted to enter a password to protect my volume. I'll type in a password that I'm certain I'll remember, and then I'll click Next. VeraCrypt is warning me that my password is shorter than it thinks it should be, and for this example, that's fine, but consider setting a longer password for your container.
In order to encrypt a volume, VeraCrypt needs some random data. I'll help it out here by moving the mouse around the screen. Once I've collected enough randomness, I can set the file system. I'll choose NTFS for this volume and then I'll click Format. This creates and formats my container. And then my volume has been successfully created.
I'll leave the Creation Wizard by clicking Exit. I should note at this point, if you need to protect certain kinds of sensitive information for your profession or for other groups of people, there may be particular guidelines and standards you need to follow, so be sure to check with someone who knows those parameters before you use an encryption for any information that might require it. This information could be customer information, proprietary information, medical data, information about vulnerable groups or information that has any kind of official security classification.
It's your responsibility to check the requirements you're expected to follow. Once we have a volume, we'll need to come back to this window to find the volume on the system. I'll choose Select File and I'll browse to the location where my volume is stored, in this case, the desktop and I'll choose My Secrets. Then I'll choose a drive letter. I'll use N and I'll press the Mount button.
I'll enter my password and click OK. This makes the encrypted volume act like another hard drive on the system, giving it a drive letter in Windows or mounting it as a volume on Mac. Once it's mounted, we can find it in the file browser. Here on Windows, I'll press Start + E to open Explorer. Under this PC, I can navigate to my local disk, N, that's my encrypted volume.
I can drag a file in here and that'll copy it from my system to the encrypted volume. The original file is still on my system, unencrypted, so to get read of that, we need to delete it and make sure to empty the trash securely to only leave the copy that will be encrypted. Emptying the trash on Windows and Mac doesn't really delete a file, or rather, it doesn't make the file disappear completely. It just marks that file as no longer available in the file browser and marks the space that the file took up as available to be used for new data.
Eventually, the space on the disk might be written over, making it harder to recover the file, but even after emptying the trash, the data is still actually there on the hard drive. Securely deleting a file on both platforms isn't very user-friendly, unfortunately. So to ensure we erase information securely, we need to use the Command Line tool. To keep things user-friendly here, I'll point you to where you can learn more about that. There's a great article on Tech Advisor, How to Securely Delete Files in Windows 10, to learn how to do that on Windows and the section about zeroing out empty space, in this Mac World article, covers a similar process on the Mac.
Again, depending on the level of security you need, you may need to do this to make sure the original file is securely deleted. For now though, I'll drag my file to the trash and empty my recycle bin. Once we're done using the encrypted volume, it needs to be unmounted so it can be secured. I'll close my Explorer window and here in VeraCrypt, I'll make sure my volume is selected and choose Dismount. When it's unmounted, nothing can read the contents of the volume until it's decrypted with a password or a key.
We can move this secure vault around, store it on a different disk or send it someone else we want to be able to open it up, if we share the password with them as well. I've mentioned keys a few times in this video and while I'm not going to get into using them here, they're good to know about. Keys that you publish or share are public key with people so they can encrypt files that only you can open using your private key and you can also get someone to public key and encrypt files that only they can open with their private key.
This is helpful in organizations, or anywhere else, where you shouldn't be sharing passwords with people. VeraCrypt isn't the only choice for encrypting information on your system. There are some others, including the new privacy card, but this require much more of a detailed setup, involving generating keys. If you're curious about it, be sure to check it out. Encrypting files with a password is fairly easy, especially if you're the only one using the encrypted file. There are other options as I mentioned, but I wanted to introduce you to a basic, password-oriented way of securing many files in this episode.
Keep an eye out for more videos about encryption.