Do you use Outlook with PST files, and have you bothered to set a password to your PST files to protect your data? As of today you might as well just remove that password.

Today the official PST specification was released as a PDF document, and it’s now up to anyone to easily create applications that bypass the PST password security and retrieve all the PST contents. From the official specification:

“PST files support a password-protect feature that requires an end user to enter a pre-defined password before the PST can be opened. In practice, the PST password is just implemented at the UI level, meaning that the password is only required to gain access of the PST through the UI. The password itself is not used to secure the PST data in any way.”
From the Official Outlook PST Specification

But, you might say, wasn’t there an option to encrypt the PST contents? Yes there is, but it doesn’t really secure the data in any way.

“This protocol uses two keyless cipher algorithms to encode the data blocks in the PST. These algorithms only provide data obfuscation and can be conveniently decoded once the exact encoding algorithm is understood. Moreover, only end-user data blocks are encoded in the PST. All the other infrastructure information, including the header, allocation metadata pages and BTree pages are stored without obfuscation. In summary, the strength of the encoded PST data blocks provides no additional security beyond data obfuscation.”
From the Official Outlook PST Specification

In other words – don’t even bother setting a password or trying to encrypt to your PST files from within Outlook anymore now when the official specification is out in the public. If you want to keep your files safe use EncFS, SATA password or a Whole Disk Encryption solution such as PGP or TrueCrypt. The PST files are now open for everyone to browse, regardless of the security settings you might have chosen.