Is EFS on Windows useless?
After encrypting certain files on my system using EFS on Windows, I started questioning its effectiveness. While the encrypted files and folders are inaccessible to other users, I began to wonder what would happen if someone gained access to my account. Would they have access to these encrypted files and folders as well? How does EFS actually work?
Let’s first understand the purposes of EFS:
- It encrypts data at rest, making it impossible for an attacker to recover the encrypted data without the password.
- It secures files on a multi-user system, preventing other users from reading the files even if the access control lists (ACLs) permit it.
Even an Administrator cannot decrypt EFS-encrypted files unless they were granted access to the encrypted data specifically. Resetting a password also renders EFS-encrypted files permanently unrecoverable.
If you’re concerned about attackers with access to your account, there are alternative encryption mechanisms you can use:
- VeraCrypt: Allows you to create entire encrypted volumes that require a password for access.
- PGP (GPG): Enables file encryption using either a password or a public key.
- BitLocker: Built-in full-volume encryption feature in some Windows editions.
- 7-Zip: Compression and archive management tool that supports high-quality encryption.
While using MS Word for encryption is not recommended, modern versions have improved encryption. However, it is still advisable to use dedicated encryption tools for better security.