You’ve heard that the best way to keep your files safe from theft or snooping is to encrypt them, but the process seems scary. Exchange public encryption keys? Choose an encryption algorithm? If you don’t have a techie inclination, it can be daunting. But not with the free EncryptionSafe. Just drop files in EncryptionSafe and they’re encrypted—it’s that simple. That said, AxCrypt Premium manages to be almost as simple while invisibly using public key cryptography for secure file sharing. And FolderLock offers myriad ways to encrypt and share your files. These two are our Editors’ Choice winners for encryption products, but they’re not free.
What Is Encryption?
In the Sherlock Holmes story The Adventure of the Dancing Men, Holmes and Watson encounter a series of curious drawings, rows upon rows of dancing stick figures in different poses. Holmes deduces that each pose represents a letter and cracks the code by matching the most common poses with the most common letters. Indeed, a simple substitution cipher like this almost always caves to the kind of frequency analysis Holmes used.
Had modern cryptographic algorithms been available to the crooks in this tale, Holmes would have been out of luck. Unless you have the password, there's no way to decrypt a modern encrypted document. No, you can't just try every possible decryption key. With current computers, you wouldn’t finish before the sun goes nova.
It's Surprisingly Easy to Be More Secure OnlineIn 2001, the US government settled on Advanced Encryption Standard (AES). as its official algorithm, replacing the less secure Data Encryption Standard (DES). With even more data bits in its main security key, Bruce Schneier's Blowfish algorithm should still be more secure. EncryptionSafe wisely relies on AES.
You're probably familiar with the idea of symmetric encryption, where the same password or key encrypts and decrypts a file. AES, Blowfish, and many other common algorithms are symmetric. With this kind of algorithm, you must keep the password a deep, dark secret, and only share it via secure channels. But there's another way. In a public key infrastructure (PKI) system, each user gets two keys, one public and one private. If I want to send you a file, I look up your public key and use it for encryption; you decrypt it with your private key. Public key cryptography is less common in small-scale encryption utilities like EncryptionSafe.
Getting Started With EncryptionSafe
The download is small, and the program installs quickly. At the end of the installation, the app requests permission to gather anonymized usage data to improve itself. You don’t have to agree to this provision; I didn’t.
Simple Tricks to Remember Insanely Secure PasswordsNext, you create a strong master password that will protect all your encrypted files. It should be something that you can remember easily, but that nobody else could guess. If you forget this password, you lose access to all your encrypted files. I’d suggest storing it in your password manager. If you aren't using one you should read Why You Need a Password Manager, and How to Choose the Right One.
That’s it for setup. From now on, all you need do is drop a file or folder on the EncryptionSafe window or click the big plus button and select a file or folder.
Note that EncryptionSafe won’t encrypt certain file types, specifically EXE, DLL, and COM files. My company contact explained that since the app deletes the originals as part of the encryption process, users can cause harm by encrypting such files. For safety, the app won’t touch those files.
Are Your Files Inside EncrpytionSafe?
EncryptionSafe’s main window lists your encrypted files and folders. You might think it’s an encrypted storage vault, like what’s created by CryptoExpert, Steganos Safe, or Cryptainer Personal. But in fact, the contents are not “in” the safe at all. Rather, it serves as an index, to let you find all the files you’ve encrypted.
(Credit: EncryptionSafe)Double-click a file from the list, and the app quickly decrypts it and opens the plaintext file. It also changes the file’s icon from a green locked padlock to a red open one, to show that it’s no longer encrypted. When you’ve saved any changes to the file, you click the red padlock icon to lock the file back up.
When you double-click a folder in the list, EncryptionSafe simply opens the folder in Windows Explorer. That’s because it does nothing to the folders themselves, only to the files they contain. Removing a folder from the list automatically decrypts those files.
Files processed by EncryptionSafe gain the file extension .encrypted, tacked on after the existing file extension. Launching such a file opens EncryptionSafe to decrypt it. If you’re not logged in, you’ll need to log in with the master password.
(Credit: EncryptionSafe)Protecting the Originals in EncrpytionSafe
When you encrypt a document, protecting the plaintext original is essential, and merely deleting it may not be enough protection. Even if you bypass the Recycle Bin, forensic software can recover deleted files. If your encrypted data is sufficiently sensitive, you need a tool to securely delete the original, thereby foiling recovery software.
(Credit: EncryptionSafe)AxCrypt, FolderLock, and Secure IT are among those apps that include a secure deletion shredder component for this purpose. Advanced Encryption Package kicks it up a notch, letting you choose from a confusing array of different deletion algorithms, some of them created or approved by various governments.
CryptoForge builds secure deletion into the encryption process, leaving you nothing to worry about. After encryption, it securely overwrites the plaintext original. EncryptionSafe will do the same after its next update, which should be in place by the end of August. Its simple overwrite technique might not stand up to hardware-based forensic recovery, but unless your documents involve world-shattering secrets, that shouldn’t be a worry.
Changing the Master Password in EncrpytionSafe
What if you accidentally expose your master password, or you discover that an account where you use the same password (don’t do that!) has been breached? EncryptionSafe can handle changing the password, but it’s a big deal.
(Credit: EncryptionSafe)When you invoke the option to change the master password, you get a big warning that the process may take a while, that it can’t be canceled, and that you must not shut down or restart the computer because you risk losing your data. As far as I can see, what happens is that EncryptionSafe goes through all your files, decrypting them with the old password and re-encrypting them with the new one. It handled the few dozen encrypted files on my test system in a flash.
What’s Not in EncrpytionSafe?
I mentioned earlier that if you forget your master password, you lose access to your files. Conversely, if some snoop or spy obtains that password (and access to your computer), they can see everything. Many security products let you further protect your account or data using what’s called multi-factor authentication (MFA). With this technology active, the password (something you know) isn’t enough. You need another authentication factor, typically a biometric factor (something you are) or an authentication app (something you have).
What Is Two-Factor Authentication?Steganos Safe and NordLocker offer MFA using Google Authenticator or a compatible authenticator app. CryptoExpert and Advanced Encryption Package can configure a USB key to act as a physical authenticator. NordLocker also supports authentication using any FIDO-compatible security key. As for EncryptionSafe, it doesn’t offer MFA. Encrypto also lacks MFA support, but that makes more sense, given its emphasis on sharing encrypted files.
AxCrypt and NordLocker make sharing encrypted files simple; AxCrypt uses PKI under the hood. The recipient must have a copy of the app running to read the file, but both AxCrypt and NordLocker make a free version available. Advanced Encryption Package also permits sharing using PKI but leaves the user to manage the sometimes-awkward key exchange. Folder Lock, Cryptainer Personal, and Secure IT are among the tools that can turn a file into a self-decrypting executable. You just need to share that executable with the recipient and send the password using a different channel.
The free Encrypto app is almost as simple as EncryptionSafe, but it’s much better suited to sharing files. With Encrypto, each encrypted file or folder has its own password and password hint. You just transmit the encrypted file to your recipient and send them the password by a different channel, perhaps a secure messaging utility.
With EncryptionSafe, you protect files on your computer, nowhere else. You can’t easily move encrypted files between PCs, and there’s no provision for sharing.
Free Encryption at Your Fingertips
Drop a file in EncryptionSafe, and it’s encrypted almost instantly. Drop a folder, and EncryptionSafe protects all the files within. Decrypting a file to edit it is as easy as double-clicking. This app makes local encryption of your sensitive files a snap. It doesn’t support multi-factor authentication, though, and it makes no provision for securely sharing encrypted files. But since it’s free, there’s no financial hardship in using a different app to share encrypted files.
AxCrypt Premium is an excellent choice for secure file sharing, and it uses PKI to manage said sharing. It also builds in a secure deletion file shredder. With Folder Lock, you can do just about anything in the encryption world, like turn a file into a self-decrypting program, create encrypted file storage containers, securely delete original files, and more. They aren't free, but these two products are our Editors’ Choice winners in the encryption realm.