What do you need to know about encryption on your Windows 10 PC? We have you more than covered.

In order to add a layer of protection to the sensitive data on your PC, you might want to encrypt it. Encryption essentially means that you're turning data into something unreadable without proper authentication.

Encrypting a drive or a folder or a file generally means you have a single password that must be used in order to decrypt and access. Not only does this stop outside parties from hacking their way into your files, it also protects in the event that you forget your PC somewhere or, worst case, it's stolen.

There are two encryption methods built into Pro, Enterprise, and Education versions of Windows 10. For everyone else, there's a third way to encrypt your data. Let's take a look at how all three work to help you choose which encryption method is best for you.

Encrypting File System (EFS) is a file encryption service in Windows 10 Pro, Enterprise, and Education editions. It's very easy to use, often requiring just a couple of clicks to encrypt a file or folder. When the user who encrypted the files is logged in, the files are accessible. If another user is logged in, the files are inaccessible. For that reason, you want to choose a strong password for the account on your PC.

Compared to BitLocker whole-drive encryption, EFS isn't quite as secure. Windows itself creates the encryption key, and it is saved locally. The key is also protected with encryption, but it's not the same level of security you'd find with a Trusted Module Platform (TPM) chip.

Despite the steps taken to protect EFS keys, someone with the time and means could eventually decipher the key. A user might also forget to manually encrypt a sensitive file, further leaving it open to snooping. Finally, since the entire drive is not encrypted, there's a chance of data leaking into temporary files where it could potentially be accessed.

EFS is best viewed as a quick way to protect files and folders on a PC with multiple users. Not even administrators have access to the encrypted files, and, if your password was changed without your knowledge, your encrypted files would remain encrypted.

BitLocker is another drive encryption feature special to Windows Pro, Enterprise, and Education. While it's generally recommended that the PC has a Trusted Platform Module (TPM) chip, there is a way you can turn on BitLocker without.

A TPM chip is a special bit of hardware added to your motherboard that is used to hold bits of encryption keys. TPM chips are designed to sniff out unauthorized or tampering users quickly, in which case the chip will not give up the part of the decryption key it's holding.

Rather than choosing single files and folders for encryption, BitLocker encrypts your entire drive. No matter the user logged in, the drive remains encrypted. Any new files you create will fall under the same layer of protection, so there's no chance you'll forget to encrypt a sensitive file. To unlock a drive that's protected with BitLocker, you can either enter a password or you can set up a USB drive that, when inserted, unlocks the PC.

How to use BitLocker Drive Encryption on Windows 10

Until EFS and BitLocker become available in Windows 10 Home (any time now, Microsoft), there are numerous third-party encryption programs that can fill the void.

These programs differ in what they can protect. Some will encrypt whole drives, just like BitLocker, while others will encrypt files and folders, just like EFS. The best encryption software also usually comes with a bunch of extra features, like file shredders, cloud storage, and password managers.

The best encryption software also lets you set a master password that is only saved where you choose. That means that you can write it down, save it to a USB drive, or keep it in your head. Without the password, your files will remain encrypted forever. Software-based encryption is open to certain attacks, but in most cases, encryption is still better than no encryption.

See the best third-party encryption software

See the article here:
Beginner's guide to Windows 10 encryption - Windows Central

A new survey of information security professionals carried out at last month's Black Hat conference suggests that the majority think encryption backdoors are ineffective and potentially dangerous.

The study carried out by machine identity protection company Venafi finds that 72 percent of respondents don't believe encryption backdoors would make their nations safer from terrorists.

This follows an earlier study from Venafi into consumer attitudes to encryption and government powers which showed that people have mixed feelings about the effect it would have on them personally.

This new study shows thatonly 19 percent of professionals believe the technology industry is doing enough to protect the public from the dangers of encryption backdoors. 81 percent feel governments should not be able to force technology companies to give them access to encrypted user data, and 86 percent believe consumers don't understand issues around encryption backdoors.

"Giving the government backdoors to encryption destroys our security and makes communications more vulnerable," says Kevin Bocek, chief security strategist for Venafi. "It's not surprising that so many security professionals are concerned about backdoors; the tech industry has been fighting against them ever since global governments first called for unrestricted access. We need to spend more time protecting and supporting the security of our machines, not creating purposeful holes that are lucrative to cybercriminals."

You can read more about the findings on the Venafi blog.

Photo credit: Spectral-Design / Shutterstock

Read the original here:
72 percent of security pros say encryption backdoors won't stop terrorism - BetaNews

The majority of IT security professionals believe encryption backdoors are ineffective and potentially dangerous, with 91 percent saying cybercriminals could take advantage of government-mandated encryption backdoors.

72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists, according to a Venafi survey of 296 IT security pros, conducted at Black Hat USA 2017.

Giving the government backdoors to encryption destroys our security and makes communications more vulnerable, said Kevin Bocek, chief security strategist for Venafi. Its not surprising that so many security professionals are concerned about backdoors; the tech industry has been fighting against them ever since global governments first called for unrestricted access. We need to spend more time protecting and supporting the security of our machines, not creating purposeful holes that are lucrative to cybercriminals.

Encryption backdoors create vulnerabilities that can be exploited by a wide range of malicious actors, including hostile or abusive government agencies. Billions of people worldwide rely on encryption to protect critical infrastructure including global financial systems, electrical grids and transportation systems from cybercriminals who steal data for financial gain or espionage.

Link:
How security pros look at encryption backdoors - Help Net Security

Do you know that despite the end-to-end encryption provided by popular messaging platforms like Facebook Messenger, WhatsApp, and Viber, your sensitive information is vulnerable to hacking?

A research report has highlighted the importance of what is called an 'authentication ceremony' to help mitigate the risk.

Researchers from Brigham Young University (BYU) at Utah in the US found that most users of popular messaging apps like Facebook Messenger, WhatsApp, and Viber are leaving themselves exposed to fraud or hacking because they are unaware of important security options like an 'authentication ceremony'.

The 'authentication ceremony' is a security practice to ensure the members involved in a communication are authentic. It is done by identifying the message recipient before sending out any sensitive or confidential information.

But because most users are unaware of the 'ceremony' and its importance, "it is possible that a malicious third party or man-in-the-middle attacker can eavesdrop on their conversations", said Elham Vaziripour, Computer Science student at BYU who led the study.

The researchers conducted a two-phase experiment in which they prompted participants to share a credit card number with another participant. Participants were warned about potential threats and encouraged to make sure their messages were confidential.

Only 14 percent of users in the first phase managed to successfully authenticate their recipient. Others opted for ad-hoc security measures like asking their partners for details about a shared experience.

In the second phase, after researchers emphasised the importance of 'authentication ceremonies', 79 percent of users were able to successfully authenticate the other party.However, the participants averaged 11 minutes to authenticate their partners.

"Once we told people about the authentication ceremonies, most people could do it. But it was not simple, people were frustrated and it took them too long," noted Daniel Zappala, Professor, Computer Science, BYU.

Most people don't invest the time and effort to understand and use these security measures because they don't experience significant security problems. But there's always a risk in online communications.

The researchers are now working to develop a mechanism that makes the 'authentication ceremony' quick and automatic.

"If we can perform the authentication ceremony behind the scenes for users automatically or effortlessly, we can address these problems without necessitating user education," said Vaziripour.

Go here to read the rest:
Despite end to end encryption, apps like WhatsApp, Messenger are still vulnerable to hacking: Study - Firstpost

A former head of MI5 has spoken out against curtailing use of encryption in messaging apps despite warning that Islamist terrorism will remain a threat for up to another 30 years.

Jonathan Evans said the terrorist threat to Britain was a generational problem, and suggested the Westminster Bridge attack in March may have had an energising effect on extremists.

Without encryption, everything sent over the internet from credit card details to raunchy sexts is readable by anyone who sits between you and the information's recipient. That includes your internet service provider, and all the other technical organisations between the two devices, but it also includes anyone else who has managed to insert themselves into the chain, from another person on the same insecure wireless network to a state surveillance agency in any country the data flows through.

With encryption, that data is scrambled in such a way that it can only be read by someone with the right key. While some older and clumsier methods of encryption have been broken, modern standards are generally considered unbreakable even by an attacker possessing a vast amount of computer power.

But while encryption can protect data that it is vital to keep secret (which is why the same technology that keeps the internet encrypted is used by militaries worldwide), it also frustrates efforts by law enforcement to eavesdrop on terrorists, criminals and spies.

That's particularly true for end-to-end encryption, where the two devices communicating are not a user and a company (who may be compelled to turn over the information once it has been decrypted), but two individual users.

But Lord Evans, who retired from the security service in 2013, told BBC Radio 4s Today programme that he would not support a clampdown on use of encryption.

His comments came after Amber Rudd, the home secretary, argued that internet companies were not doing enough to tackle extremism online. She has previously singled out the use of encryption as a problem.

Acknowledging that use of encryption had hampered security agencies efforts to access the content of communications between extremists, Evans added: Im not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly.

While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face. The way in which cyberspace is being used by criminals and by governments is a potential threat to the UKs interests more widely.

Its very important that we should be seen and be a country in which people can operate securely thats important for our commercial interests as well as our security interests, so encryption in that context is very positive.

After the home secretarys intervention at the Global Internet Forum to Counter Terrorism in California this month, the companies taking part said they were cooperating to substantially disrupt terrorists ability to use the internet in furthering their causes, while also respecting human rights.

Looking ahead, Evans warned of the threat of a cyber-attack against the internet of things the networking of physical devices, ranging from cars to lightbulbs to TVs as a major issue.

As our vehicles, air transport, our critical infrastructure is resting critically on the internet, we need to be really confident that we have secured that because our economic and daily lives are going to be dependent on the security we can put in to protect us from cyber-attack, he said.

But the threat of Islamist terrorism was likely to remain at the fore for 20-30 years, he warned.

Were at least 20 years into this. My guess is that we will still be dealing with the long tail in another 20 years time I think this is genuinely a generational problem, Evans said.

I think that we are going to be facing 20 or 30 years of terrorist threats and therefore we need absolutely critically to persevere.

He said the London bombings in July 2005 triggered an energising effect on the extremist networks in the UK, and thought there would be a similar feeling after the Westminster Bridge attack.

We did see a huge upsurge in threat intelligence after 7 July and I suspect that theres the same sort of feeling in the period after the Westminster Bridge attack that a lot of people who thought Id like to do this suddenly decided Yep, if they can do it, then I can do it.

Since the atrocity in March, there have been attacks in Manchester, London Bridge and Finsbury Park.

Evans, now an independent crossbencher in the House of Lords, also told the programme he would be surprised if Russia had not attempted to interfere with British democracy, after repeated allegations of Kremlin interference in foreign elections.

He said: It would be extremely surprising if the Russians were interested in interfering in America and in France and in various other European countries but were not interested in interfering with the UK, because traditionally I think we have been seen as quite hawkish and therefore I would be surprised if there had not been attempts to interfere with the election.

Read this article:
Ex-MI5 chief warns against crackdown on encrypted messaging ... - The Guardian