Password protecting files and folders involve encryption. Encryption involves taking the raw data and scrambling it until it is unrecognizable. In order to unscramble the encrypted data, you need a key (a.k.a. password). There are 2 major factors which determine the strength of encryption; they are the quality of the password and what bit encryption was used. A strong password includes:
The password should be at least 8 characters, preferably >20 characters.
The password should use both upper and lower case letters.
The password should contain numbers, preferably without repetition (e.g. password1111) or sequential (e.g. password12345).
The password should contain special characters (e.g. @#%$..).
Never use complete words (e.g. password).
Never include personal information, such as your birth date or last name.
Now, there is no guarantee that your password won’t be cracked but, if you follow the guidelines mentioned above, it will be painfully hard for anyone to do so.
Moving on to what bit encryption was used. It is hard for me to explain. Let me illustrate it. Say you have 2 quarters (coins). If you flip one quarter it can land either head or tail. Now, let’s say you flip 2 quarters, how many unique combinations can you get. Well, you could get (head, head), (head, tail) or (tail, tail) - (tail, head) does not count because it is identical to (head, tail). Now, flip those 2 quarters again and guess the outcome. Whatever you choose, there is a 33% chance you are right (i.e 1 out of 3). Now, imagine, instead of 2 quarters, you use 100 or 1,000. How many unique combinations can you get? There is a whole lot more. With more unique combinations, it is harder to guess the outcome. The same is true for what bit encryption was used. As the number increases, it becomes harder and harder to guess. Most of the programs that I will be discussing provide either 128-bit encryption or 256-bit encryption. As a frame of reference, most online secure websites use 128-bit encryption.
TrueCrypt is a free open source application hosted on SourceForge.net. TrueCrypt offers several types and level of encryption, including 265-bit encryption. TrueCrypt can encrypt a partition of a hard drive or even an entire jump drive (e.g. flash drive or thumb drive). In TrueCrypt, you create a virtual drive and save your files in to it. To access the virtual drive, you have to mount it - much like mounting a .iso image file on to a virtual drive. I use Truecrypt myself. Personally, I found the controls hard to use. However, Lifehacker.com has a great TrueCrypt tutorial.
AxCrypt is another free open source application hosted on SourceForge.net. AxCrypt offers 128-bit encryption. AxCrypt works differently than TrueCrypt. AxCrypt adds an option to the right click contextual menu. You can encrypt a file by simply right clicking its icon and select AxCrypt. AxCrypt creates an encrypted version of the file. You can choose to keep or not keep the unencrypted version. AxCrypt is fairly easy to use. However, if you run in to any problems, Jameser’s website has an excellent tutorial.
Cryptainer LE is a free encryption application from Cypherix, a security software maker. Cryptainer offers 128-bit encryption. Unfortunately, the free version only allows you to encrypt up to 25 MB. To encrypt more, you have to switch to the paid version. It works very much like TrueCrypt. You create a virtual drive which you have to mount in order to access it. I don’t know of any tutorials for Cryptainer but Cypherix’s website has a good FAQ section.
There are 2 other encryption applications which are worth mentioning. EncryptOnClick is a free program from software maker 2BrightSparks. EncryptOnClick offers 256-bit encryption. It can encrypt both files and folders. EncryptOnClick works very much like AxCrypt. As its name implies, right click on any file or folder and select EncryptOnClick on the contextual menu. The other application is Windows Privacy Folder (WPF). WPF was created by Microsoft but Microsoft does not support it. Microsoft released WPF only to have to withdraw it within the same week (link). WPF requires WGA validation.