The Pro and Enterprise editions of Windows 10 and below include BitLocker drive encryption built into the operating system. However, you must have also heard of Encrypting File System (EFS), which is another encryption method offered in Windows. Let us take a deeper look into how the two encrypting methods are different so that you can choose accordingly.
What File System Supports The Use Of EFS?
Before using EFS, you may be wondering which file system should you use if you want to use EFS? EFS is supported on any drive formatted using the NTFS file system, which the current standard in Microsoft Windows. Thus, any home computer running Windows 10 should support EFS, unless the drive is formatted to the even newer ReFS file system.
What Should You Use: BitLocker Vs EFS?
Let us now compare what is the difference between the two encryption standards, and which one will be more beneficial to you given your situation.
BitLocker
BitLocker has been available for quite a long time now. the primary difference between BitLocker and EFS is the fact that BitLocker is a partition level encryption system. when you set up BitLocker, you will be encrypting an entire volume of our computer. An entire partition will be encrypted, like the system partition (C:\), a different partition on your internal storage device, or a flash drive or external media.
BitLocker is useful if you want to protect sensitive data on your computer, as the entire hard drive can be encrypted. this restricts access only to the administrator, and all the files on the partition or drive will be encrypted barring none.
When an administrator sets up BitLocker, the entire drive is locked for all the users. This is made possible due to the fact that BitLocker uses the computer’s TPM (trusted platform module) hardware as an encryption key, which makes it secure in case your device is stolen or lost.
EFS (Encrypting File System)
Unlike BitLocker, EFS is a folder-level encryption system. Instead of encrypting the entire drive and its contents, you can encrypt individual files and folders. Unlike BitLocker, you will require setting up encryption for each file and folder. Whereas in BitLocker once you encrypt a drive, you do not have to select the encryption status for the files within the drive.
To encrypt files via EFS, you will have to move the files on an NTFS formatted volume. You will need to encrypt files from the Properties window in File Explorer. Click on the Advanced button under the Attributes section, and check the box next to the following option:
Encrypt contents to secure data
Also, unlike BitLocker, the TPM hardware is not used to store the encryption key, which is stored locally. Thus, it is not possible to encrypt an entire drive unless you enable BitLocker as well. EFS simply takes advantage of the NTFS file system itself, providing almost no additional features.
BitLocker Versus EFS; What You Should Use?
This boils down to what you are looking for in an encryption standard. before using EFS, you should bear this in mind that it is much less secure than BitLocker. this is due to the fact that the encryption key stored locally on the operating system. Also, the temporary files and the cache data generated are not encrypted, so the sensitive data may be left unsecured on the drive.
Note: You will lose the EFS encryption on a file or folder if you attempt to move it from and NTFS formatted volume to a FAT or FAT32 formatted volume because these do not support encryption.
However, since both BitLocker and EFS are different standards of encryption, you can use both of these features for maximum security. there’s hardly any reason to do so, as BitLocker drive encryption will be enough to encrypt and protect your entire drive, including the temp and cache files.
Why we think EFS still exists, is the fact that BitLocker may slow down some storage devices. it is also an older feature compared to BitLocker, which was launched along with Windows Vista.
Wrapping Up
BitLocker vs EFS is a question that bugs many users who are new to file encryption. by all means, BitLocker is the superior encryption standard, and Microsoft seems to develop it better and better with each iteration of Windows 10. you also do not need to set it up for the individual files and folders, making it more secure in handling sensitive data on your computer. did you find this information useful? comment below if you did and to discuss further the same.