Combinatin lock superimposed on a laptopI have been asked several times recently, in relation to IT support, whether it is possible to password-protect sensitive data in Windows. Considering how long Windows has been around, you would think that by now there would be a simple way of protecting a file or a folder so that the contents can be neither listed nor opened without a specific password.

There isn’t.

This is one of those omissions that truly astonish me. Another such omission is that there’s nothing in Windows to allow you to synchronise the contents of two folders with anything resembling sophistication or control. That’s another matter, though. Let’s stick with passwords, for today.

So what can you do if you’ve got some files that you want to access regularly but don’t want others to see?

  • You can add a password at the bios level so that Windows won’t even load up without the correct password. This prevents anyone from starting your machine but the hard drive could be removed and connected as an external drive to a different machine. The files could then be accessed just as if they’d been stored on a flash drive. Also, a bios password does not protect you at all if the machine is already switched on and you leave it unattended. I use a bios password on my netbook computer so if I leave it on the tube one day at least no-one can just switch it on and get at everything on it without any effort.
  • You can add a user account in Windows with its own password. This is ok as long as you keep all the data you want to keep private in your “Documents” folder. If you are in a semi-public place (eg an office) you may also wish to activate a screensaver so that the password is required before resuming activity.
  • There are ways in Windows to allow or deny access to files, but these can be subverted by someone logging on as an administrator and the files are still visible even if the contents are inaccessible.
  • You can store your sensitive files on a USB flash drive and not on your hard drive. The flash drive itself is, of course, vulnerable to loss, theft etc.


TrueCrypt logoIf you really want to go industrial-strength in hiding certain content, then I recommend a program called TrueCrypt. With this, you create a special, password-protected, file of a chosen size (it can be huge). You put anything you want to keep private in this special file. This is achieved by “mounting” the file so that Windows sees the file as a new hard drive of the size you specified when creating the file. You can then access this “virtual drive” – and the sensitive files on it – in the normal way. When you want to hide the contents you just “dismount” the virtual drive. Prying eyes can only see that there’s a (possibly huge) file present but they can’t access it without knowing that it has to be “mounted” with the TrueCrypt program and without knowing the password you allocated to it. If you are really, really, paranoid you can even create a Truecrypt file within another one.

There are several benefits to the TrueCrypt approach:

  • No-one knows what’s in the file. They don’t know how many files are hidden, of what type or size, or the names of the files, or anything.
  • A casual snooper would not even know that they have found a file with hidden contents. All they see is a filename and you could give the file a completely meaningless name – such as “system execution derivatives” (??)
  • Even if the file is suspected to hide private data the snooper would then need to know (a) that TrueCrypt is the program needed to access it and (b) the password to mount the file.
  • You only need to remember one password (to mount the TrueCrypt volume) and not separate passwords for each file in it.
  • It’s free (but users are invited to donate).

There are some minor downsides:

  • It takes a few minutes of concentration and application of grey matter to get your head around how TrueCrypt works. After that, though, everything’s easy.
  • You can not back up the individual files that are inside the TrueCrypt volume without making those backups vulnerable to snoopers. Therefore, you have to back up the entire TrueCrypt volume. That’s no problem in itself (it’s just an ordinary file in this respect) but it’s a BIG file. If you’ve allocated, say, 2gb, as a TrueCrypt file then it’s going to need the time and space to back up a 2gb file even if you’ve only put a single 1mb file inside it. You can create your own compromise, of course, by creating two or more smaller TrueCrypt files.

I’ve been using TrueCrypt for a year or two now and I don’t recall ever having a single problem with it.

TrueCrypt is available for Windows and for Macs.

Remote Support may be suitable for this topic