In recent weeks, I’ve amassed a substantial number of sensitive digital documents for entirely mundane reasons. Between preparing for tax season and home refinancing, I’m sitting on a pile of PDFs, all full of detailed personal information. This created a small dilemma: I didn’t want to delete the files or leave them out in the open on my hard drive, but I wasn’t keen on printing them out on reams of paper either. That’s when I remembered Personal Vault, a feature of Microsoft’s OneDrive cloud storage service that adds an extra layer of protection for important documents.
Viewing or modifying files in the OneDrive Personal Vault requires an additional code—sent via email or text message by default—and on Windows 10 or higher, Microsoft stores those files in a BitLocker-encrypted portion of your hard drive. (OneDrive also encrypts all files stored online, whether they’re in the Vault or not.) In theory, that means someone who breaches your OneDrive account or accesses your computer without permission would have a tougher time getting to those important documents. Still, the level of protection that Personal Vault provides in practice depends largely on how you set it up.
Layers of protection
Before we go further, keep in mind that you get 15GB of OneDrive storage for free with a Microsoft account. While the free version of OneDrive only lets you store three documents in the Personal Vault, you can easily circumvent that restriction by adding your documents to a ZIP or other archive file first.
After installing OneDrive, right-click the icon in your taskbar or menu bar, then select Unlock Personal Vault to begin the setup process. On the mobile and web version of OneDrive, you can just tap on the Personal Vault icon in your file list.
Jared Newman / IDG
To unlock the vault, you need a code that Microsoft sends to the email or phone number associated with your account, but those defaults aren’t necessarily the most secure options. Your email, for instance, is likely open to anyone who has access to your computer, in which case entering the code would be trivial, and using text messages for authentication has its own issues.
That means no one can access the vault without physical access to my devices along with Authy’s PIN, which in turn provides the sign-in code that Microsoft requires. Microsoft automatically locks the vault after 20 minutes of inactivity on desktops and 3 minutes on mobile apps, at which point it asks for a new code.
While the Personal Vault was the best option for me as an existing OneDrive user, it’s not the only way to add extra protection to your documents. A few other options to consider:
Dropbox offers its own Vault feature that locks files behind an additional PIN, but you need a paid Dropbox storage plan to use it.
Certain password managers, such as 1Password and Bitwarden, offer encrypted file storage, through these tend to require paid subscriptions as well. If you’ve set up these tools to require a PIN or password for access, they’ll provide an extra level of protection for anyone with access to your computer.
Compression tools such as 7Zip for Windows and Keka for Mac allow you to password-protect files in 7Z or ZIP archives. This won’t prevent someone from deleting the files, but it would stop someone from extracting and viewing them. (You could also combine this method with the Personal Vault for yet another layer of protection.)
You can set a password for individual Word documents under File > Info > Protect, and can password-protect PDF files using Adobe’s online tool.
If we’re being honest, the likelihood of someone breaking into your computer and making off with your tax returns and other important documents is probably slim. Still, adding some extra protection for those documents can make you feel better about keeping them on a computer in the first place. It certainly beats filling up a filing cabinet with more paper.
Sign up for Jared’s Advisorator newsletter to get more tech tips like this every week.
Jared Newman has been helping folks make sense of technology for over a decade, writing for PCWorld, TechHive, and elsewhere. He also publishes two newsletters, Advisorator for straightforward tech advice and Cord Cutter Weekly for saving money on TV service.