We increasingly store our lives online: Pictures, documents, media, even tax returns. But some files are more sensitive than others. Are you taking the proper precautions to protect your most important files?
This guide will teach you how to encrypt and secure your files stored in the cloud (for FREE).
Best of all, these techniques and tools work for any provider, including:
- Google Drive
- Amazon Drive
- Microsoft OneDrive…
Introduction to File Encryption
Professionals working in the IT/Finance fields have been encrypting their files for years, but the average person hasn’t really bothered to learn how to use this powerful security tool. Recent high-profile hacks have shown just how important it is to take security into your own hands, instead of trusting companies with your data.
Here’s a quick FAQ introduction to encrypting your data…
- Protect your data from hackers: Passwords get lost or stolen. If someone learns your gmail password, they can easily access your google Drive files as well (or any cloud account linked to that email address). If you encrypt your files inside google drive, they still won’t be able to access them without the encryption password.
- Protect your privacy from ‘Big Brother’: Big data is big business, and it’s common knowledge that Google, Microsoft, and DropBox scan the files you upload to the cloud. It’s not a big leap to assume your government agencies have access too. Just because you have nothing to hide doesn’t mean you shouldn’t protect your privacy. Encryption is a right. Use it!
How secure is the encryption?
Very. The tools in this guide use the same encryption techniques and algorithms that protect the worlds financial data and top-secret government and military communications around the world. For all intents and purposes, the encryption is uncrackable (as long as you use a strong password).
What if I forget the password?
You’re out of luck (so have a backup). This is the double-edged sword of encryption. The whole point is that you can’t access the file without a password, so some sort of backdoor to recover the password would defeat the purpose. There are two easy solutions though:
- Keep an unencrypted copy at home, only encrypt the version in the cloud (for access from other devices)
- Write down your password (on paper, don’t store it in the cloud, obviously).
This guide features the following encryption tools:
All of these tools are widely used (and considered safe). They’re also free, or have a free version that does everything we need. Each is slightly different and has unique advantages, so many people (like myself) use more than one, depending on the circumstance.
Ready to encrypt? Let’s do this!
7-zip (Most Popular)
7-zip is an incredibly popular archive software (think .zip files). Many people don’t realize that 7zip also includes the ability to encrypt your archives, using incredibly strong 256-bit AES encryption.
An ‘Archive’ isn’t usually a single file, it’s more like a folder (or many folders) combined and compressed. It’s useful for encryption multiple files at once. You get the option to ‘Encrypt file names’ so you can’t see what files are in the encrypted archive without entering the password.
7zip is built for Windows machines, but there are 3rd-party ports for Mac, Linux, Android, and iOS.
- Open source
- Easy to use (just select files and right-click > 7zip > add to archive…)
- Optional portable version runs right from USB or Cloud Storage (no install required)
- Can create ‘Self-Extracting’ archives (unpack/decrypt on any computer)
How to use:
1. Install 7-zip
2. Select a group of files you want to encrypt, or add them all to a folder
3. Right-click the files/folder and choose 7zip > add to archive… for the context menu
4. Choose an archive type (.zip or .7z recommended). You can also check the box ‘Create SFX Archive’ to make it a self-extracting .EXE file.
5. Enter your password (twice) and make sure the encryption method is 256-bit AES
6. Click ‘OK’ and your files will be added to the archive, ready for the cloud.
AxCrypt (best for individual files)
Axcrypt encrypts each file individually. This is different than 7zip, which stores multiple files in 1 encrypted container/archive. With Axcrypt, you can bulk-encrypt multiple files at once (all using the same password) but then move and store them individually if you want.
And there’s no need to decrypt all the files just to access 1.
Even cooler, Axcrypt allows you to use a ‘Keyfile’ instead of a password (or combined with a password) to make your file impossible to decrypt by brute force attacks. You can use any file on your computer as the key that will encrypt/unlock the axcrypt file. Just don’t forget which file it is (or lost it) because you can’t access your encrypted file without the key.
Using Axcrypt is very similar to 7zip, but without the ‘zipping’ options:
1. Select file(s) to be encrypted
2. ‘Right-Click’ and choose: Axcrypt > Encrypt (or Encrypt a Copy)
3. Choose passphrase/key file
Cryptomator (encrypt your entire cloud drive)
Cryptomator is a beautiful piece of technology. Instead of encrypting files one by one or packing them into an archive, Cryptomator is like an encryption container for your entire cloud storage. It’s a layer that sits between your files and the cloud.
Cryptomator calls this a ‘Vault’ and any file you sync to the vault will be encrypted. But these files are encrypted 1-by-1, so if you only edit 1 file, you don’t have to sync the whole vault back to the cloud.
And best of all, using their desktop or mobile app, you can access the files just as it was your normal cloud folder or a USB drive. The encryption process is totally transparent and all you see is the regular files.
If you want to encrypt alot of files at once, or you access your encrypted files frequently, then Cryptomator is the perfect solution. It’s open-source, so you don’t have to worry about secret ‘backdoors’ being built in, or other NSA shenanigans.
There are several other similar apps on the market, the most popular being Boxcryptor. But Cryptomator gets our vote, because it’s Free (boxcryptor has ‘freemium pricing’). Also, Boxcryptor is closed-source, so you can’t be sure whether there are hidden decryption backdoors built in.
Consider your cloud provider when choosing encryption
Dropbox, Google Drive, and Amazon cloud are 3 of the most popular FREE cloud storage providers in the world. While their features are pretty similar, the way the handle incremental file changes and security varies a bit.
Because of this, some encryption tools but be a better choice for one provider over the other. For example, Dropbox syncs can detect changes to a file and only sync the data that has changed, whereas google drive must sync the entire file again.
For this reason, large encrypted volumes containing many files (such as Veracrypt/Truecrypt or 7zip) might be a great option for Dropbox, but not Drive. On google Drive, you’ll find Axcrypt/Cryptomator will be much more efficient.
Google Drive does encrypt data at rest, and while it’s being transferred to their servers (using HTTPs) but the encryption keys are stored on their servers. This means anyone who steals/guesses your password can see all your files unencrypted. It also means google (or government agencies) can scan your file contents as well (unless you encrypt them yourself of course). Learn how to choose strong passwords.
Incremental Sync? No. Google drive must re-sync the entire file/archive each time you edit it. This is bad for large files (depending on your internet speed).
Best Encryption Tools for Google Drive: Axcrypt, Cryptomator/Boxcryptor. Small Verarypt or 7zip volumes work fine as well, especially if they contain files you don’t edit frequently.
Like Drive, Dropbox does encrypt files at rest (but they retain the keys). Files in-transit are secured with 128-bit HTTPS which is generally secure but has had some known vulnerabilities in the past (like the Heartbleed bug).
Incremental Sync: Yes! Dropbox can detect changes to your files. If you have an 1GB encrypted volume and only change 1 small file inside the volume, Dropbox can sync only the data that has changed (fast).
Best encryption tools for Dropbox: All the tools mentioned in this guide work with Dropbox.
Other Cloud Encryption Guides
Here are some how-to guides to help you stay encrypted:
3 thoughts on “How to encrypt & secure your cloud storage”
I am glad to see that you had good things to say about Cryptomator; I’ve been using it for quite awhile and I like it a lot. I wrote out a more specific guide on how to use Cryptomator and published it here on my web page. Feel free to include the link if you find it of value. https://www.alaskacomputerguy.com/category/howto/how-to-encrypt-dropbox-folder
I was just looking for this info for a while. After 6 hours of continuous Googleing, finally I got it in your web site. I wonder what’s the lack of Google strategy that do not rank this type of informative websites in top of the list. Generally the top web sites are full of garbage.
Thanks, I’m glad it was helpful. The truth is, a bunch of companies/websites have learned how to game the ranking system and they’re dominating the search results with low-quality regurgitated content.