Just read an article recently about the Windows Encrypted File System (EFS). I admit that I'm a little hesitant about this feature of Windows ever since I heard of it. Reason is quite simple. What happens if I forget my password?
That aside, it seems that there is another point that I should worry about regarding EFS. This I think would apply more in the corporate environment than in the normal home environment. Ever got forced to change your password due to password expiry and ended up asking IT helpdesk to reset your password because of short-term memory?
Well, if you are using EFS, then you better forget about that administrator reset password feature. It seems like the key created by EFS to encrypt your files uses your password to generate the key. If your password is forced reset by the administrator, your encrypted files will be off limits to everyone as the encryption key does not match.
The only way for you to safely change your password (while maintaining access to your encrypted files) is to either change your password in your own user account, or change it through the Windows password reset feature. I have written a tip some time back on creating a password reset disk for WinXP here if interested. These 2 ways of changing the password will maintain your EFS key such that you can still open your encrypted files with it.
Bottom line... Beware of using EFS.
No comments:
Post a Comment