Best Free Encryption Utility for Personal Use at Work

In a Hurry?
  Go straight to the Quick Selection Guide

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Programs reviewed in this category are for use in keeping personal information private in situations where you can't install or get access to encryption services. Essentially, you need a program that can be run in portable mode (not installed).

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.


Update 1: TrueCrypt is a seasoned product. It fully met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated. On the other hand, TrueCrypt recently passed a preliminary independent audit, but the dereliction of TrueCrypt changes everything. [a trustworthy opinion] [another synopsis]

Update 2: Fred Langa recently reported* that VeraCrypt, TrueCrypt, and similar products interfere with File History, Custom Recovery Image creation and UEFI Secure Boot in Windows 8, and 10 as well. The portable configuration is no better.

Now I know why File History quit working in my Windows 8.1 PC last March. Restoring to an earlier restore point did not repair it either. I solved the problem by upgrading to Windows 10 Technical Preview. ;)

UEFI is a complex system that is easily disrupted. Elements of those encryption products were developed long before Microsoft introduced UEFI. It's not surprising that the low level drivers that these encryption programs rely on aren't compatible with UEFI.

* "Why VeraCrypt won’t work with Windows 8" by Fred Langa (behind a pay-wall). Scroll way down the page to that header.

Attach files to an entry.The portable version of KeePass Password Safe is nominally a password encryption program, but you can also attach files to entries, even dummy entries and they'll be encrypted too. Since it runs without administrator privileges it's a good way to protect your files as well as your passwords. I learned about this feature at Lifehacker. I don't know what the limit one file size or total database size, but it's a good way to keep sensitive data private. The procedure to attach a file is not obvious at first (see the "Advanced" tab on the entry window), but it's very easy to do once you locate it.

7-Zip Portable is a powerful file compression utility that provides 256-bit AES encryption for *.7z and *.zip formats. It's very easy to use, but has a short, steep learning ramp. Be aware that if you add an unencrypted to a encrypted 7-Zip archive, the unencrypted file must be shredded, not just deleted. Otherwise it will be available to anyone who has access to your computer. Do not edit and save files directly in the archive either as they will not be encrypted.

Related Products and Links

Encryption is Not Enough offers further cautions on encryption, and on what you need to do beyond encryption to be sure your private data is not lost or exposed.

Related products:

Rohos Mini Drive creates a hidden, encrypted partition on USB flash drives. It enables you to work with the files on the hidden partition by using the "portable" program -- which does not require administrative permission -- that it also installs on the USB drive. The learning curve could be daunting for some users.

SafeHouse Explorer is a very simple, free program that PC Dynamics released in 2009. It can be used as a portable program, and is small enough to use on a USB flash memory drive. SafeHouse Explorer does not require administrative privileges. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.Showing the
            SAFEHOUSE drive in Windows Explorer.

SafeHouse Explorer is easy to use, but it has a flaw that could leave your data exposed. The SafeHouse Explore interface is a pseudo Windows Explorer window, with a few encryption functions included.

The problem is, you cannot create files directly in the interface. That forces you to create unencrypted files outside the volume, and then copy them to the volume. Of course those unencrypted files still reside on your hard drive. There is a "Secure Delete" function to securely delete external files, but you need to remember to always do that.

Fortunately, there's a way around that security hole. If you open a real Windows Explorer window after opening a volume in SafeHouse Explore, you'll find a SAFEHOUSE drive listed there. You can work within that encrypted window -- create files, delete files, edit files, etc. -- just like you would in any other drive. There will be only one copy of your files, and they will never be stored in unencrypted form. If you're careful how you use SafeHouse Explorer, it's a safe, simple program.

A portable version of KeePass is available, and you can store files under the "Advanced" tab of any entry. Your files will be encrypted in the KeePass database, but .NET must be installed on the computer you're going to use the portable version on.

Related articles:

Quick Selection Guide

KeePass Password Safe

Runs as a stand-alone program on a user's computer
Simple, stand-alone program. Unzip the contents of the zip file and run KeyPass.exe. Use to encrypt files as well passwords.
A bit convoluted to use at first, but it's just a matter of learning how to attach a file (see the "Advanced" tab) to an entry.
1.7 MB
32 bit but 64 bit compatible
Open source freeware
A portable version of this product is available from the developer.
Windows XP/Vista/7

7-Zip Portable

Runs as a stand-alone program on a user's computer
Very simple to use (but see Con's). Compresses as well as encrypts. Integrates with the suite (for USB drives). Work directly from Windows Explorer or the user interface.
7-Zip's user interface is simple, but a bit mysterious until you catch on to how to use it. Also, you need to use a workaround if you want to create new files directly in the encrypted archive to avoid leaving an unencrypted file or file remnant behind.
1.4 MB
Unrestricted freeware
This product is portable.
Windows 95/98/Me/2000/XP/Vista/7, WINE on Linux/UNIX


Runs as a stand-alone program on a user's computer
Use this seasoned, widely-used encyption program when you want an encrypted container that mounts as a virtual drive. TrueCrypt's open source status allows the all-important peer review of the source code required for a trustworthy encryption program. "Traveler mode" offers portable encryption.
TrueCrypt is long-in-the tooth and there are significant (unrepairable) problems with Windows 8 (and 10). TrueCrypt is possibly still secure, but its status is no longer clean. See the comments in the discussion above.
3.0 MB
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Use in "traveler mode" to secure your data on USB devices or smart cards.
Windows 2000/2003/XP/Vista/7 Runs on Windows 8, but damages the system; Mac OS X; Linux

This software category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

Please rate this article: 

Your rating: None
Average: 3.7 (30 votes)