What are the differences between BitLocker and EFS encryption in Windows

In Microsoft operating systems, encryption functions are generally only available for professional versions, in this case we refer to versions such as Pro and Enterprise. Thus, in the case of having a Home version, although we will not be able to encrypt the units, we will be able to decrypt them and access the data that have been previously encrypted.

The latest Microsoft operating systems such as Windows 7, 8.1, 10 and 11 and Windows Server 2008 onwards have two different types of encryption. One is EFS, an encryption system that can encrypt both individual files and folders within the hard drive. The other is BitLocker, and it is software capable of encrypting an entire drive to prevent unauthorized users from accessing the data it contains. Now we are going to get to know these two forms of encryption in Windows that we have available.

The EFS encryption system in Windows

SAI comes from the acronym in English Encrypting File System which translated means file encryption system. This feature was introduced from NTFS version 3.0 and we saw it for the first time in Windows 2000. What it does is allow files to be encrypted on NTFS partitions to protect confidential data and it should also be noted that EFS is incompatible with compression of folders. In short, EFS is a fast way to encrypt files and folders. It should also be noted that we must be very careful when encrypting those files and folders because only those that we select manually at that time will be encrypted. If we add one later it will not be encrypted.

An important point is that the EFS encryption is going to be tied to a user account. This means that the encrypted data will only be accessible to that user and will be blocked for the rest. It should also be noted that encryption is transparentThis means that if an unauthorized user accesses that account that we have used to encrypt that data, it will be fully available to him, without even needing a password.

Another thing to keep in mind is that the EFS encryption key in Windows is stored in the operating system itself instead of using the hardware’s TPM (Trusted Platform Module). This can allow a cybercriminal with the necessary knowledge to extract this key to access those encrypted files. On the other hand, if that file at a certain moment were in a temporary cache, in another part of the disk or another unit it could also fall into the hands of the attacker.

How to encrypt files with EFS in Windows

Encryption in Windows with EFS is very simple since you do not need to install anything or configure anything to use it. Let’s say we want to encrypt our REDESZONE folder. Then we will click on it from the file explorer and with the right button we will go to Properties (edit). Then in the tab general we’ll go to Advanced Options.

Here what we have to do is enable the box Encrypt content to protect data and then click on Accept.

Then click on Apply and it will ask us if we want to encrypt that folder or the folder, subfolders and all the files. For greater security we will configure this way and click on Accept.

BitLocker on a Microsoft operating system

The encryption program in Windows BitLocker it is going to provide us with disk encryption for full volumes. In summary, its main characteristic is that with this software the full drive encryption. To do this encryption job, BitLocker will use a standard AES encryption algorithm in CBC mode with a 128-bit key. However, you can also configure a 256-bit key length and configure it with the more secure XTS mode.

Thanks to this encryption in Windows we will be able to protect a complete unit, a hard disk or a removable storage medium and prevent unauthorized users from accessing both the data that we already had on the unit when we encrypted and the data that we copy to her later. One of the advantages that BitLocker gives us is that we do not have to be aware of manually enabling encryption in the new files that we are copying to the unit. In addition, this tool completely encrypts the entire unit and no user will be able to access it without the corresponding unlock password.

How to enable BitLocker in Windows

If we want to activate BitLocker encryption in Windows 10, we will follow these steps:

  1. Let’s go to Start Menu Windows.
  2. Control Panel.
  3. We click on Security system, and then in BitLocker Drive Encryption, Choose Manage BitLocker.

Then we will see a screen like this and the units that we can encrypt with BitLocker:

Here you can see all the partitions that we have available and that could be encrypted with BitLocker. In addition, as can also be seen below, if we insert a removable drive such as a USB memory, we can also encrypt it. It is a good option if one day you lose a removable storage medium with confidential data.

In this case, what you have to do is choose one of the partitions by clicking on Enable BitLocker and follow the instructions.

BitLocker or EFS, which one should I use?

Without a doubt the better encryption in Windows that we can use is BitLocker. Thanks to it, it will be in charge of encrypting the entire hard drive, so by activating it we can forget about everything else. From that moment on, all our data, both old and new, will be automatically encrypted. In this aspect, it offers us the advantage that we will not have to be pending to check if a file has been encrypted or not. In addition, BitLocker is more recommended because it uses more secure algorithms.

In contrast, EFS specializes in encrypting the specific data we select. The advantages it gives us is that it is faster and consumes fewer resources than the previous one. However, the algorithms are not as safe as those of BitLocker and we have to be very careful that we have selected the files correctly.

So we wonder why BitLocker, which is superior, does not remain the only encryption method. The answer would be that EFS still exists for compatibility and because it consumes fewer resources. However, with relatively recent computers the difference is negligible and only affects older computers. Finally, the encryption in Windows that we should use is BitLocker and if we do not have a version of a professional Microsoft operating system then we can resort to VeraCrypt.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *