Home Computers How to Encrypt Files on Windows 10

How to Encrypt Files on Windows 10


If you encrypt files and also folders in Windows, your data will certainly come to be unreadable to unapproved parties. Only someone with the correct password, or decryption key, can make the data legible once again. This article will describe several methods Windows individuals can make use of to encrypt their devices and also the information stored on them.

To encrypt files and folders in Windows, you can use 2 main built-in encryption abilities. BitLocker is the recommended as well as most safe and secure technique, but it will not allow you conveniently to select and encrypt personal documents and folders (you can do this by producing an encrypted documents container utilizing VHD.) Encrypting File System (EFS) is the alternative, however is not advised for super-sensitive information. The 3rd alternative to encrypt documents and also folders in Windows is to make use of third-party software; for Microsoft OS editions like Windows 10 Home, it is the only option.

Before you start to encrypt files and folders in Windows

  • Encrypted files are not 100 percent secure. Hackers can, albeit with difficulty, bypass encryption. You’re at risk if you store cryptographic keys and passwords in an unencrypted file or if a hacker has planted a keylogger on your system. Keyloggers can be installed by malware on your computer. If you encrypt a single file with EFS, your computer will store an unencrypted version of that file in its temporary memory, so a hacker may still be able to access it. If your data is really valuable, consider a paid, expert, cloud encryption solution.
  • Always make unencrypted backups of your files in case you lose your passwords. Store them in a safe physical location, preferably offline.
  • Decide exactly what you want/need to encrypt. This will determine what encryption method you use. Read To encrypt or not to encrypt files and folders in Windows? below.
  • An EFS encrypted file loses its encryption if you move it to a Fat 32 or exFAT drive, or transmit it via a network or email. EFS also does not protect files from being deleted unless you have used Windows permissions to protect it. You cannot encrypt a compressed file or folder with EFS; you need to extract the contents first.


How does Windows encrypt files and folders?


BitLocker encrypts an entire volume on your hard drive (or a removable device), no matter who is logged in. To unlock a drive that is protected with BitLocker, anyone wanting access must enter a password or use a USB drive that unlocks the PC when it is inserted.

BitLocker uses trusted platform module (TPM) hardware. A TPM chip enables your device to support advanced security features. For instance, when encryption is only at the software level, access may be vulnerable to dictionary attacks. Because TPM is at the hardware level, it can protect against guessing or automated dictionary attacks. (You can use BitLocker without a TPM chip by using software-based encryption, but it requires some extra steps for additional authentication.)

To check if your device has a TPM chip:

  1. Press the Windows key + X on your keyboard and select Device Manager.
  2. Expand Security devices.
  3. If you have a TPM chip, one of the items should read Trusted Platform Module with the version number.

BitLocker is available on:

    • Windows Vista and Windows 7: Enterprise and Ultimate editions
    • Windows 8 and 8.1: Pro and Enterprise editions
    • Windows 10: Pro, Enterprise, and Education editions
    • Windows Server 2008 and later

Note: BitLocker is not available for Windows Home editions.


Encrypting File System (EFS)

EFS is the Windows built-in encryption tool used to encrypt files and folders on NTFS drives. Any individual or app that does not have the key cannot open encrypted files and folders.

Rather than encrypting your entire drive, EFS allows you manually to encrypt individual files and directories. It works by making encrypted files available only if the user who encrypted the files is logged in. Windows creates the encryption key, which is itself encrypted and saved locally. The encryption process is easy but not very secure (it is possible, although difficult, for an attacker to hack the key.) It is also advisable to use a strong login password that other users of your PC cannot guess.

  • Only available on Professional, Enterprise and Education editions of Windows

Some experts advise to just use BitLocker as it is more secure. However, it does depend on your personal circumstances. For home users, EFS may well be sufficient protection from nosy family members.

Let’s take a look at how to encrypt files and folders in Windows 10, 8, or 7 step-by-step. Windows Home editions do not ship with EFS or BitBlocker. You will have to upgrade or use a third-party app to encrypt your data. For other editors of Windows, the basic process is the same; it is just the look-and-feel of the interface that is a bit different.

Note: To encrypt your files and folders, you need to be comfortable navigating your OS, e.g. know how to access the Control Panel.


How to encrypt files and folders in Windows 10, 8, or 7


To encrypt a file or folder:

  1. In Windows Explorer, right-click on the file or folder you wish to encrypt.
  2. From the context-menu, select Properties.
  3. Click on the Advanced button at the bottom of the dialogue box. 
  4. In the Advanced Attributes dialogue box, under Compress or Encrypt Attributes, check Encrypt contents to secure data
  5. Click OK.
  6. Click Apply.
  7. If you selected a folder to encrypt, a Confirm Attribute Change dialogue box will be displayed asking if you want to encrypt everything in the folder. Select Apply change to this folder only or Apply changes to this folder, subfolders and files, and click OK
  8. Click on the Back up your file encryption key pop-up message. If the message disappears before you can click it, you can find it in the Notification Area for your OS.
  9. Ensure you have a USB flash drive plugged into your PC.
  10. Click Back up now (recommended). 
  11. Click Next to continue.
  12. Click Next to create your certificate.
  13. Accept the default file format to export and click Next
  14. Check the Password: box, enter your password twice, and click Next
  15. Navigate to your USB drive, type a name for the certificate and key you want to export, and click Save. The file will be saved with a .pfx extension.
  16. Click Next, Finish, and then OK.
  17. Eject your USB drive and put it somewhere safe.

To decrypt a file or folder:

  • Follow the first six steps above, but uncheck the Encrypt contents to secure data box in Step 4.


You can choose to unlock your drive during startup by inserting a USB flash drive or entering a password. The process to encrypt an entire hard drive is time-consuming. Depending on the amount of data you have stored, it can take a long time, so make sure your computer is connected to an uninterrupted power supply for the duration. You will need to reboot for changes to take effect but you can work while the drive is being encrypted.

To set up Bitlocker:

  1. Go to the Control Panel.
  2. Click System and Security.
  3. Click BitLocker Drive Encryption.
  4. Under BitLocker Drive Encryption, click Turn on BitLocker
  5. Select Enter a password or Insert a USB flash drive. If you have chosen to use a USB flash drive as a trigger to unlock your drive, you can choose to do this with a password or smart card. In this example, we will use a password.
  6. Enter a password and confirm it, and then click Next.
  7. Select how to save a recovery key to regain access to your drive in case you forget your password (e.g. on a USB flash drive or to your Microsoft account), and click Next.
  8. Select an encryption option: Encrypt used disk space only (faster) or Encrypt entire drive (slower), and click Next.
  9. Choose from two more encryption options: New encryption mode (best for fixed drives) or Compatible mode (best for removable devices), and click Next.
  10. Check Run BitLocker system check, which ensures that the recovery and encryption keys will work, and click Continue.
  11. Last, verify that BitLocker is turned on. To do this, go to My PC in Windows Explorer and check for a Lock icon displayed next to the drive.

To disable or suspend BitLocker:

  1. Press the Windows key + E to open Windows Explorer.
  2. Click This PC.
  3. Right-click the encrypted drive and select Manage BitLocker.
  4. For each drive or partition encrypted, you can select to suspend BitLocker or completely disable it. Select the option you want and follow the wizard.


5 Free Encryption apps for Windows you can use with Home editions


Changes the file extension to a .AXX suffix, and the file can only be opened with AxCrypt if you provide the password used to encrypt it. The software is very intuitive to use and is invoked from its own sub-menu in Windows Explorer.

Main features:

  • Double-click to edit/view with any application
  • Automatic re-encryption after modification
  • Absolutely no user configuration necessary (or possible) before use
  • Open source under GNU General Public License
  • Extensive command-line interface for scripting and programming


Free file archiver with a high compression ratio and strong AES-256 encryption in 7z and ZIP formats.

Note: In Windows 7 and Windows Vista you must run 7-Zip File Manager in administrator mode. To do this, right-click the 7-Zip File Manager icon and then click Run as administrator.

Main features:

  • Self-extracting capability for 7z format
  • Integration with Windows Shell
  • Powerful File Manager
  • Powerful command line version


Cannot encrypt single files but it can protect partitions or entire drives. Veracrypt is a fork of its popular predecessor, TrueCrypt which is no longer maintained but still widely used.

Main features:

  • Encrypts an entire partition or storage device such as a USB flash drive or hard drive
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication)
  • Encryption is automatic, real-time(on-the-fly) and transparent
  • Provides plausible deniability in case an attacker forces you to reveal the password: Hidden volume (steganography) and hidden operating system

GNU Privacy Guard

GnuPG is a complete and free implementation of the OpenPGP standard that allows you to encrypt and sign your data.

Main features:

  • A versatile key management system
  • Access modules for all kinds of public key directories
  • Command line tool includes features for easy integration with other applications
  • A wealth of frontend applications and libraries
  • Provides support for S/MIME and Secure Shell (ssh)


If you do not want to use third-party software, an interesting alternative from Laptop Mag is to create a FolderLocker to password-protect Windows 10 folders. It is rather a drawn-out process initially but once you have set up a FolderLocker, you can easily drag and drop files into it. The writer warns, “…yes, the FolderLocker file can be reverse engineered by someone who understands the process, but this isn’t meant to keep tech-savvy folks out, just nosy family members who you don’t trust.”



Please enter your comment!
Please enter your name here

Exit mobile version