Thursday, August 28, 2014

Protect Account Credentials by Encrypting Windows Files for Free

Last week we discussed four things security conscious people avoid in an effort to protect their data, and especially, their account credentials.  One items discussed was to avoid writing down account credentials as this can put your information at greater risk.  Even if someone does not break into your office, your credentials could be picked up in the background by something as innocent as a picture taken and posted to social media.  

Unfortunately, everything tells us one of the best ways to protect our accounts is to use different credentials for each account we create.  There are times when you may have ten to fifty accounts at any one time.  The more accounts you have, the more difficult it is to remember each set of credentials when you need them.  If you cannot access your own accounts, you have defeated the purpose of protecting your data altogether.

To address this issue, there are two main ways you can protect your credentials and have access to them when you need them.  First, you can subscribe to software to keep track of your credentials and provide them to account prompts as needed.  There are many software options available and some will even negotiate passwords automatically so there is less likelihood of your credentials being hacked.  If you prefer not to pay for protecting your accounts, you can create a master list of your account credentials and encrypt the file on your computer for free.  This post covers the process for encrypting a file on a device running Windows 7 or Windows 8 Pro.  

Once the file has been created, right click on the file and select "Properties".  On the General tab, click the "Advanced" button under Attributes near the bottom.

Check the box next to "Encrypt contents to secure data" and click "OK".

Choose to accept the default of encrypting the file and its parent folder, or select the radio button to encrypt only the file you selected and click "OK".

If this is the first time you have encrypted a file on this device, you will be prompted to backup your encryption certificate.  If you do not click the icon in the taskbar prompting you to backup the encryption certificate, you can access the same information later by searching for "certmgr.msc".  NOTE:  If your computer crashes and you recover files from a backup, you must also have the encryption certificate to be able to open any encrypted files restored.  To prevent any issues, you should export the certificate and back this file up with your other files.

To backup the encryption certificate, open the certificates snap-in, expand the Personal folder on the left, then click the Certificates folder to show the contents on the right.

Select the certificate with "Encrypting File System" listed in the Intended Purposes column.  Click Actions in the menu bar, hover over "All tasks", then click on "Export...".

Once the Certificate Export Wizard appears, click "Next".

In the Export Private Key menu, choose whether or not to export the private key with the certificate, then click "Next".

In the Export File Format menu, make any necessary changes then click "Next".

If you selected to export the private key, you will be prompted to enter a password.  In the Password menu, type a password twice for the private key, then click "Next".

In the File to Export menu, type out a name for the exported file then click "Next".

In the wizard completion window, click "Finish" to create the exported file.  If you are unsure where the file will be created, scroll to the right in the completion window to list the file location.

Whichever way you choose to protect your account credentials, it is imperative not to write credentials down or to use the same credentials over and over with multiple accounts.  Using either of these practices puts your data at a much bigger risk than if you used a service to store and protect your credentials or simply encrypt any files with credential information.  Lastly, it is always important to backup your files, with an online backup service for instance, to protect your files and ensure you can recover if a disaster occurs.  If you encrypt files, be sure to backup your encryption certificate as well.

No comments:

Post a Comment