Onedrive Personal Vault: How to use it to stash ultra-sensitive files
Skittish about storing sensitive documents on your PC? Microsoft’s built-in Onedrive security feature might help.
In recent weeks, I’ve amassed a substantial number of sensitive digital documents for entirely mundane reasons. Between preparing for tax season and home refinancing, I’m sitting on a pile of PDFS, all full of detailed personal information. This created a small dilemma: I didn’t want to delete the files or leave them out in the open on my hard drive, but I wasn’t keen on printing them out on reams of paper either. That’s when I remembered Personal Vault ( fave.co/3t1ot72), a feature of Microsoft’s Onedrive cloud storage service that adds an extra layer of protection for important documents.
Viewing or modifying files in the Onedrive Personal Vault requires an additional code—sent via email or text
message by default—and on Windows 10 or higher, Microsoft stores those files in a Bitlocker-encrypted portion of your hard drive. (Onedrive also encrypts all files stored online, whether they’re in the Vault or not.) In theory, that means someone who breaches your Onedrive account or accesses your computer without permission would have a tougher time getting to those important documents. Still, the level of protection that Personal Vault provides in practice depends largely on how you set it up.
LAYERS OF PROTECTION
Before we go further, keep in mind that you get 15GB of Onedrive storage for free ( fave. co/3jsny46) with a Microsoft account. While the free version of Onedrive only lets you store three documents in the Personal
Vault, you can easily circumvent that restriction ( fave.co/3ikumqp) by adding your documents to a ZIP or other archive file first.
After installing Onedrive, right-click the icon in your taskbar or menu bar, then select Unlock Personal Vault to begin the setup process. On the mobile and web version of Onedrive, you can just tap on the Personal Vault icon in your file list.
To unlock the vault, you need a code that Microsoft sends to the email or phone number associated with your account, but those defaults aren’t necessarily the most secure options. Your email, for instance, is likely open to anyone who has access to your computer, in which case entering the code would be trivial, and using text messages for authentication has its own issues ( fave. co/3bmrb44).
As always, you should consider using an authentication app to receive codes in the most secure way possible—for instance, Google Authenticator ( fave.co/3bqv343), Microsoft Authenticator ( fave.co/34yccu4), or Authy ( fave.co/36ezkhx). In my case, I’m using Authy, and its desktop app is locked behind an extra PIN. After setting that up, I removed email as a sign-in option through Microsoft’s website ( fave.co/3m8lxvg).
That means no one can access the vault without physical access to my devices along
with Authy’s PIN, which in turn provides the sign-in code that Microsoft requires.
Microsoft automatically locks the vault after 20 minutes of inactivity on desktops and 3 minutes on mobile apps, at which point it asks for a new code.
OTHER OPTIONS
While Personal Vault was the best option for me as an existing Onedrive user, it’s not the only way to add extra protection to your documents. Here are a few other options you can consider:
• Dropbox offers its own Vault feature ( fave.co/3jsaswo), which locks files behind an additional PIN, but you need a paid Dropbox storage plan to use it.
• Certain password managers, such as 1Password ( fave.co/3hbjd67) and Bitwarden ( fave.co/358t8vl), offer encrypted file storage, though these tend to require paid subscriptions as well. If you’ve set up these tools to require a PIN or password for access, they’ll provide an extra level of protection for anyone with access to your computer.
• Compression tools such as 7Zip for Windows ( fave. co/3pgddqt) and
Keka for Mac ( fave.co/3ltkokn) allow you to password-protect files in 7Z or ZIP archives. This won’t prevent someone from deleting the files, but it would stop someone from extracting and viewing them. (You could also combine this method with Personal Vault for yet another layer of protection.)
• You can set a password for individual Word documents under File > Info > Protect, and password-protect PDF files using Adobe’s online tool ( fave.co/3hb9nfp).
If we’re being honest, the likelihood of someone breaking into your computer and making off with your tax returns and other important documents is probably slim. Still, adding some extra protection for those documents can make you feel better about keeping them on a computer in the first place. It certainly beats filling up a filing cabinet with more paper.