In recent weeks, I’ve amassed a substantial number of sensitive digital documents for entirely mundane reasons. Between preparing for tax season and home refinancing, I’m sitting on a pile of PDFs, all full of detailed personal information. This created a small dilemma: I didn’t want to delete the files or leave them out in the open on my hard drive, but I wasn’t keen on printing them out on reams of paper either. That’s when I remembered Personal Vault, a feature of Microsoft’s OneDrive cloud storage service that adds an extra layer of protection for important documents.
Viewing or modifying files in the OneDrive Personal Vault requires an additional code—sent via email or text message by default—and on Windows 10 or higher, Microsoft stores those files in a BitLocker-encrypted portion of your hard drive. (OneDrive also encrypts all files stored online, whether they’re in the Vault or not.) In theory, that means someone who breaches your OneDrive account or accesses your computer without permission would have a tougher time getting to those important documents. Still, the level of protection that Personal Vault provides in practice depends largely on how you set it up.
Layers of protection
Before we go further, keep in mind that you get 15GB of OneDrive storage for free with a Microsoft account. While the free version of OneDrive only lets you store three documents in the Personal Vault, you can easily circumvent that restriction by adding your documents to a ZIP or other archive file first.
After installing OneDrive, right-click the icon in your taskbar or menu bar, then select Unlock Personal Vault to begin the setup process. On the mobile and web version of OneDrive, you can just tap on the Personal Vault icon in your file list.
To unlock the vault, you need a code that Microsoft sends to the email or phone number associated with your account, but those defaults aren’t necessarily the most secure options. Your email, for instance, is likely open to anyone who has access to your computer, in which case entering the code would be trivial, and using text messages for authentication has its own issues.
As always, you should consider using an authentication app such as Google Authenticator, Microsoft Authenticator, or Authy to receive codes in the most secure way possible. In my case, I’m using Authy to receive codes, and Authy’s desktop app is locked behind an extra PIN. After setting that up, I removed email as a sign-in option through Microsoft’s website.
That means no one can access the vault without physical access to my devices along with Authy’s PIN, which in turn provides the sign-in code that Microsoft requires. Microsoft automatically locks the vault after 20 minutes of inactivity on desktops and 3 minutes on mobile apps, at which point it asks for a new code.
Other options
While the Personal Vault was the best option for me as an existing OneDrive user, it’s not the only way to add extra protection to your documents. A few other options to consider:
Dropbox offers its own Vault feature that locks files behind an additional PIN, but you need a paid Dropbox storage plan to use it.
Certain password managers, such as 1Password and Bitwarden, offer encrypted file storage, through these tend to require paid subscriptions as well. If you’ve set up these tools to require a PIN or password for access, they’ll provide an extra level of protection for anyone with access to your computer.
Compression tools such as 7Zip for Windows and Keka for Mac allow you to password-protect files in 7Z or ZIP archives. This won’t prevent someone from deleting the files, but it would stop someone from extracting and viewing them. (You could also combine this method with the Personal Vault for yet another layer of protection.)
You can set a password for individual Word documents under File > Info > Protect, and can password-protect PDF files using Adobe’s online tool.
If we’re being honest, the likelihood of someone breaking into your computer and making off with your tax returns and other important documents is probably slim. Still, adding some extra protection for those documents can make you feel better about keeping them on a computer in the first place. It certainly beats filling up a filing cabinet with more paper.
Sign up for Jared’s Advisorator newsletter to get more tech tips like this every week.
As a cloud storage service, OneDrive has many other security features. Those include: Virus scanning on download for known threats - The Windows Defender anti-malware engine scans documents at download time for content matching an AV signature (updated hourly).
As a cloud storage service, OneDrive has many other security features. Those include: Virus scanning on download for known threats - The Windows Defender anti-malware engine scans documents at download time for content matching an AV signature (updated hourly).
Personal Vault in OneDrive is protected by identity verification, so you can store your most sensitive files in the cloud without losing the convenience of anywhere access.
Encryption: OneDrive uses 256-bit AES encryption to protect your data in transit and at rest. This is a robust encryption method that is widely used to secure data. Two-Factor Authentication: Two-factor authentication is fully supported by OneDrive, adding an extra layer of security to your account.
Your best bet with storing important documents is a safe deposit box. Most banks or credit unions offer safe deposit boxes. Some banks will offer a discount if you're a current customer as well.
Personal Vault is a protected area in OneDrive that you can only access with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code from the Microsoft Authenticator app, or a code sent to you via email or SMS.
OneDrive is HIPAA compliant and can be used to store, sync, and share files containing Protected Health Information provided organizations subscribe to a Microsoft 365 or Office 365 plan that supports HIPAA compliance and the file storage system is configured to comply with the Security Rule's safeguards.
Personal Vault is a protected folder within OneDrive that can only be accessed with a second step of identity verification. It gives you an added layer of protection for your most important files and photos like your passport, driver's license, or insurance information, so you can access them from virtually anywhere.
The additional features of Personal Vault make it one of the most secure storage platforms out there. These features include: File encryption: From uploading to the cloud to safe storage once it's uploaded, your files are encrypted as they're moving to your account and when they're downloaded again.
3. Cybersecurity threats. Malware and viruses: Like many cloud services, OneDrive is vulnerable to malware and viruses, which can lead to data loss or theft.
OneDrive is HIPAA compliant and can be used to store, sync, and share files containing Protected Health Information provided organizations subscribe to a Microsoft 365 or Office 365 plan that supports HIPAA compliance and the file storage system is configured to comply with the Security Rule's safeguards.
The OneDrive library provided for you is typically protected from public viewing by default. Only you can access personal documents and media files that you store in it unless you explicitly share a folder of documents or a single document with other people in your organization for reviewing or co-editing.
Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint Online, OneDrive, and Microsoft Teams. This protection is included with all subscriptions that include SharePoint Online, OneDrive, and Microsoft Teams.
Is OneDrive Safe for Confidential Documents? If you wonder, “Is OneDrive safe to use?” the answer is yes. This cloud storage platform is safe for storing confidential documents if you secure your account with two-factor authentication and avoid moving these files into folders with shared access.
Introduction: My name is Kareem Mueller DO, I am a vivacious, super, thoughtful, excited, handsome, beautiful, combative person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.