Over the past few weeks, I have amassed a significant number of sensitive digital documents for completely mundane reasons. Between preparing for tax season and refinancing the house, I’m sitting on a stack of PDF files, all filled with detailed personal information. This created a bit of a dilemma: I didn’t want to delete the files or leave them out in the open on my hard drive, but I also didn’t want to print them on reams of paper. That’s when I remembered Personal safea feature of Microsoft’s OneDrive cloud storage service that adds an extra layer of protection for important documents.
Viewing or editing files in the OneDrive personal vault requires an additional code, sent by email or text message by default, and on Windows 10 or later, Microsoft stores these files in a BitLocker-encrypted portion of your drive hard. (OneDrive also encrypts all files stored online, whether they’re in the vault or not.) In theory, this means that someone who breaches your OneDrive account or accesses your computer without permission would have a harder time access these important documents. However, the level of protection provided by Personal Vault in practice largely depends on how you configure it.
Layers of protection
Before going any further, keep in mind that you get 15 GB of OneDrive storage for free with a Microsoft account. Although the free version of OneDrive only allows you to store three documents in the Personal Vault, you can easily circumvent this restriction by first adding your documents to a ZIP file or other archive file.
After installing OneDrive, right-click the icon in your taskbar or menu bar, then select Unlock Personal Vault to begin the setup process. On the mobile and web version of OneDrive, you can simply tap the Personal safe icon in your file list.
To unlock the vault, you need a code that Microsoft sends to the email or phone number associated with your account, but those defaults aren’t necessarily the most secure options. Your email, for example, is likely open to anyone with access to your computer, in which case entering the code would be trivial, and using SMS for authentication has its own issues.
As always, you should consider using an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy to receive codes as securely as possible. In my case, I’m using Authy to receive codes, and Authy’s desktop app is locked behind an additional PIN. After setting this up, I removed email as a sign-in option through Microsoft’s website.
This means that no one can access the vault without physical access to my devices with Authy’s PIN, which in turn provides the login code required by Microsoft. Microsoft automatically locks the vault after 20 minutes of inactivity on desktops and 3 minutes on mobile apps, in which case it prompts for a new passcode.
While Personal Vault was the best option for me as an existing OneDrive user, it’s not the only way to add extra protection to your documents. Some other options to consider:
Dropbox offers its own Vault feature that locks files behind an additional PIN, but you need a paid Dropbox storage plan to use it.
Some password managers, such as 1Password and Bitwarden, offer encrypted file storage, though these tend to require paid subscriptions as well. If you have configured these tools to require a PIN or password for access, they will provide an additional level of protection to anyone with access to your computer.
Compression tools such as 7Zip for Windows and Keka for Mac allow you to password protect files in 7Z or ZIP archives. It won’t prevent someone from deleting the files, but it will prevent someone from extracting and viewing them. (You can also combine this method with Personal Vault for yet another layer of protection.)
You can set a password for individual Word documents under File > Info > Protect and Password Protect PDFs using Adobe’s online tool.
If we’re being honest, the likelihood of someone breaking into your computer and grabbing your tax returns and other important documents is probably slim. Still, adding extra protection to these documents can help you keep them on a computer in the first place. Surely that’s better than filling a binder with more paper.
Sign up for Jared’s Advisorator newsletter to get more tech tips like this every week.