Best Free Encryption Utility for Personal Use at Work

In a Hurry?
  Go straight to the Quick Selection Guide

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Programs reviewed in this category are for use in keeping personal information private in situations where you can't install or get access to encryption services. Essentially, you need a program that can be run in portable mode (not installed).

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.

TrueCrypt is the seasoned but abandonded predecessor to VeraCrypt. It once fully met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. (It's complicated...) TrueCrypt did pass a preliminary independent audit in 2015, but the dereliction of TrueCrypt now changes everything. For example, recent (September, 2015) vulnerabilities (which will never be patched) have been discovered in TrueCrypt.

Attach files to an entry.The portable version of KeePass Password Safe is nominally a password encryption program, but you can also attach files to entries, even dummy entries and they'll be encrypted too. Since it runs without administrator privileges it's a good way to protect your files as well as your passwords. I learned about this feature at Lifehacker. I don't know what the limit one file size or total database size, but it's a good way to keep sensitive data private. The procedure to attach a file is not obvious at first (see the "Advanced" tab on the entry window), but it's very easy to do once you locate it.

7-Zip Portable is a powerful file compression utility that provides 256-bit AES encryption for *.7z and *.zip formats. It's very easy to use, but has a short, steep learning ramp. Be aware that if you add an unencrypted to a encrypted 7-Zip archive, the unencrypted file must be shredded, not just deleted. Otherwise it will be available to anyone who has access to your computer. Do not edit and save files directly in the archive either as they will not be encrypted.

Related Products and Links

Encryption is Not Enough offers further cautions on encryption, and on what you need to do beyond encryption to be sure your private data is not lost or exposed.

Related products:

Rohos Mini Drive creates a hidden, encrypted partition on USB flash drives. It enables you to work with the files on the hidden partition by using the "portable" program -- which does not require administrative permission -- that it also installs on the USB drive. The learning curve could be daunting for some users.

SafeHouse Explorer is a very simple, free program that PC Dynamics released in 2009. It can be used as a portable program, and is small enough to use on a USB flash memory drive. SafeHouse Explorer does not require administrative privileges. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.

Update: SafeHouse Explorer has not been updated since 2009, and it appears there has been no activity on the website related to encryption since 2012, so I do not recommend that you use for any critical applications.Showing the
            SAFEHOUSE drive in Windows Explorer.

SafeHouse Explorer is easy to use, but it has a flaw that could leave your data exposed. The SafeHouse Explore interface is a pseudo Windows Explorer window, with a few encryption functions included.

The problem is, you cannot create files directly in the interface. That forces you to create unencrypted files outside the volume, and then copy them to the volume. Of course those unencrypted files still reside on your hard drive. There is a "Secure Delete" function to securely delete external files, but you need to remember to always do that.

Fortunately, there's a way around that security hole. If you open a real Windows Explorer window after opening a volume in SafeHouse Explore, you'll find a SAFEHOUSE drive listed there. You can work within that encrypted window -- create files, delete files, edit files, etc. -- just like you would in any other drive. There will be only one copy of your files, and they will never be stored in unencrypted form. If you're careful how you use SafeHouse Explorer, it's a safe, simple program.

A portable version of KeePass is available, and you can store files under the "Advanced" tab of any entry. Your files will be encrypted in the KeePass database, but .NET must be installed on the computer you're going to use the portable version on.

Related articles:

Quick Selection Guide

KeePass Password Safe

Runs as a stand-alone program on a user's computer
Simple, stand-alone program. Unzip the contents of the zip file and run KeyPass.exe. Use to encrypt files as well passwords.
A bit convoluted to use at first, but it's just a matter of learning how to attach a file (see the "Advanced" tab) to an entry.
1.7 MB
32 bit but 64 bit compatible
Open source freeware
A portable version of this product is available from the developer.
Windows XP/Vista/7

7-Zip Portable

Runs as a stand-alone program on a user's computer
Very simple to use (but see Con's). Compresses as well as encrypts. Integrates with the suite (for USB drives). Work directly from Windows Explorer or the user interface.
7-Zip's user interface is simple, but a bit mysterious until you catch on to how to use it. Also, you need to use a workaround if you want to create new files directly in the encrypted archive to avoid leaving an unencrypted file or file remnant behind.
1.4 MB
Unrestricted freeware
This product is portable.
Windows 95/98/Me/2000/XP/Vista/7, WINE on Linux/UNIX

This software category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

Please rate this article: 

Your rating: None
Average: 3.7 (30 votes)


Hi philip,

I've seen you recommend SafeHouse Explorer in multiple article. I tried it, and it works great on a flash drive with its complete portability.
HOWEVER, I noticed that the timestamp on its executable is in 2009! So is the signature. I'm now concerned with its lack of update / development. Should I?

Yes FH, it appears to be abandonded as far as development and related activity on the website goes. If any vulnerabilities have been discovered since 2009 they have not been fixed. Probably it's OK to use for non-critical purposes, but I wouldn't use it for files that will be uploaded to the internet. I'll note your finding in the description.

Thanks for the info.