Encryption: What it is and how it works for you

Encryption refers to any process that's used to make sensitive data more secure and less likely to be intercepted by those unauthorized to view it.

There are several modern types of encryption used to protect sensitive electronic data, such as email messages, files, folders and entire drives. 

Both Android and iOS smartphones now encrypt their stored data by default if the user creates a screen-lock passcode (sometimes to the chagrin of law enforcement), and Windows and macOS offer optional full-disk encryption. Many brands of the best antivirus software can encrypt individuals files and folders.

Still, it's very important to understand what kinds of encryption are most important for a particular need, and to not be lulled into a false sense of security by fancy-sounding names.

Many encryption programs provide excellent security for very little money — sometimes even for free.

For example, consider the folder-encryption options available to users of the Microsoft Windows operating system. Microsoft's own encryption software is generally strong, meaning that most users won't have to seek out additional methods of protecting their sensitive financial data, medical records and other sensitive files.

MORE: 15 best mobile security and privacy apps

Or, if you're worried about Microsoft's alleged relationship with the U.S. National Security Agency, try VeraCrypt, an open-source, free-to-use software solution. (VeraCrypt is a fork of TrueCrypt, which is no longer developed.)

The most dangerous pitfall of folder encryption is that there may be temporary versions of the sensitive files that are not encrypted.

Consider this: Most computer users regularly save their work to avoid catastrophic data loss due to a power outage, electrical storm or other unexpected event. Each time the user saves a file in progress, a temporary version of that file is created and stored in the aptly named "temp" folder, where it remains unencrypted.

Simply deleting temp files isn't enough protection, either. Someone who wants to access your data badly enough will likely be able to access those files using free or cheap data-recovery software.

Weaknesses in encryption

All encryption techniques have weak spots. As these weaknesses are revealed and exploited, new methods of encrypting data are developed to provide additional layers of security for users.

One of the most common and bothersome weaknesses occurs when an encryption method, also called a cipher or an algorithm, that's supposed to generate seemingly random strings of gibberish instead produces outputs that have a discernible pattern. If the pattern gets noticed by interlopers, it may help them crack the encrypted data.

A similar issue involves encryption algorithms that generate predictable patterns of characters in response to repetitious, predictable input.

MORE: Email encryption: Worth the trouble?

If this problem is extensive enough, it can help digital intruders decipher at least part of the encrypted data, which may include financial information, government documents or other sensitive information. In many cases, even a partial data breach can be devastating.

Defenses against hackers and file corruption

Individuals and organizations that want to add protection to their encryption algorithms often insert extra lines of code to alter the outputs -- a practice known as "salting."

For example, one of the most common passwords used is simply "password." Malicious hackers know what "password" and other common passwords look like after they're run though common encryption algorithms.

But if an organization adds extra characters to each password during the encryption process, such as "password" plus "safe," the output will be something malicious hackers won't recognize — as long as the extra characters are kept secret.

Encryption can also be used to verify the integrity of a file or piece of software. The raw binary data of a file or application is run through a special encryption algorithm to produce a "hash," a long number unique to that file.

Any alteration to the file, such as by a hacker inserting malicious code or by random data corruption, will produce a different hash. Computers and mobile devices compare a new piece of software's stated hash to its actual one before installing the software.

A similar process involves running a piece of software through a simple algorithm that produces a single short number, a "checksum." Altering the software in any way will likely produce a different checksum.

To guard against random, accidental corruption, many pieces of software include protection in the form of self-diagnostic checksum matches that the software performs each time it's launched.

Everyone's concern

Data encryption is important for everyone, not just big corporations and government officials. The topic can be intimidating for those without extensive computer experience, but thankfully, for most users, keeping sensitive data safe is a relatively straightforward process.

The key is to start early and regularly verify the effectiveness of the chosen security measures.

TOPICS
Tom's Guide Staff

Tom's Guide upgrades your life by helping you decide what products to buy, finding the best deals and showing you how to get the most out of them and solving problems as they arise. Tom's Guide is here to help you accomplish your goals, find great products without the hassle, get the best deals, discover things others don’t want you to know and save time when problems arise. Visit the About Tom's Guide page for more information and to find out how we test products.