How to Encrypt an External Hard Drive or USB

Updated: 23 March 2021
Updated: 23 March 2021

Fact-checked by

In this guide you will learn about:

  • What encryption is and how it works
  • How encryption will protect data on your external storage devices
  • How to encrypt data on an external hard drive
  • How to encrypt an external hard drive or USB on Windows
  • How to encrypt an external hard drive or USB on macOS
  • How to encrypt an external hard drive or USB on Linux
  • Advantages and disadvantages of encrypting your external drives

External hard drives, flash drives (USB), and memory cards, all these devices make data backup and sharing super easy. Nowadays, they are becoming more valuable as modern schooling, work, and life is overflowing with data.

Thanks to their high capacity, small size, and portability, they are great options for transferring or viewing data from one PC to another. However, what will happen if you lose or misplace any of these devices?

In many cases, it will result in a data breach. These kinds of data breaches can be avoided if you encrypt your external hard disks or USB drives. When encrypted, it’s very difficult for hackers to access the data these devices contain if they get stolen or misplaced.

In this guide I will show you how to encrypt an external hard drive or USB flash drive.

How to Encrypt an External Hard Drive or USB

How does Encrypting an External Hard Drive or USB Work

Encrypting an external hard drive means making it secure by encrypting the data stored on it using sophisticated mathematical functions. This can be done by using software or some other ways.

After disk encryption, the data on the external hard drive cannot be accessed by anyone who doesn’t own the relevant key or password.

It provides a layer of security to your external hard drive against hackers and other online threats. The basic purpose of encrypting external hard drives is to protect its data from unauthorized persons.

AES or Advanced Encryption Standard

The Advanced Encryption Standard (AES) is one of the widely used global standards for encryption. It was established by the United States National Institute of Standards and Technology (NIST) in 2001.

The objective of AES is to provide a specification for electronic data encryption. It is a symmetric block cipher, which means that the same key is used for disk encryption and decryption.

Why should you encrypt your external hard drive or USB?

While external hard drives and USB sticks are extremely useful when transferring or viewing data from one machine to another, there’s a possibility of losing them.

If they are not encrypted, in such situations, there is a high risk of exposing your sensitive information to unauthorized people. Therefore, you should encrypt them, especially when they contain sensitive or personally identifiable information.

On the other hand, there are some data protection regulations like the GDPR or HIPAA which are mandatory to follow if you are a business or a company user. According to them, you will have to pay costly fines if your data is not encrypted.

Even if you are not constrained by these regulations, it is still vital to encrypt your external storage devices in order to prevent data breaches that could cause severe damage to your company.

In this article, you will learn how to encrypt your hard drive/ USB using various methods.

Ways to Encrypt Your External Hard Drive or USB

In this segment I’ll show you step-by-step how to encrypt your external drive.

Most modern operating systems such as Windows, macOS, and Linux come with built-in tools for encrypting your external hard drives or USB peripherals. For instance, you can use BitLocker for Windows, FileVault for Mac, and LUKS (Linux Unified Key Setup-on-disk-format) for Linux to encrypt your USB drives.

Encrypting External Hard drive in Windows

Go through the following steps to encrypt an external hard drive in Windows using BitLocker.

Step 1: Open the Windows Explorer and right-click on your external hard drive. Then click Format.

Excrypt External Hard Drive

Step 2: The above step will completely erase all the data on your external drive. If it is acceptable for you, click OK.

Encrypt External Hard Drive

Step 3: The following window will popup. Make sure that the selected drop-down option under File System is NTFS, and then click Start.

Encrypt External Hard Drive

Step 4: Once the drive has been formatted successfully, the following message will popup. Click the “OK” to continue with the next steps.

Encrypt External Drive Step 4

Step 5: Open the Windows Explorer again and right-click your external hard drive. Then select “Turn on BitLocker” from the list of options.

Encrypt External Hard Drive Step 5

Step 6: Tick the “Use a password to unlock the drive” option in the window that appears and also enter a strong and memorable password there as required. Then click “Next.”

Encrypt External Hard Drive Step 6

Step 7: Click “Save to a file” on the next window and choose the location to save the recovery key. This recovery key will be useful to gain access to the drive in case you forget your password.

Encrypt External Hard Drive Step 7

Step 8: Read through the text in the below window. Then select the preferred disk encryption option and click Next.

Encrypt External Hard Drive Step 8

Step 9: Click on “Start encrypting.”

Encrypt External Hard Drive Step 9

Step 10: Finally, you will have to wait until the encryption is completed, and then click “Close.”

Encrypt External Hard Drive Step 10

Encrypting External Hard Drive in macOS

Following are the steps to encrypt an external hard drive on MacOS using FileVault.

Step 1: First, Open the finder and get the Disk Utility by typing “Disk Utility” there and pressing enter. Then the Disk Utility application will start as shown below.

Encrypt External Drive Mac Step 1

Step 2: Select your external drive in the Disk Utility and then click “Erase.”

Encrypt External Drive Mac Step 2

Step 3: Click the Format drop-down and select Mac OS Extended (Journaled, Encrypted) or APFS (Encrypted) from the list of available formats.

Encrypt External Drive Mac Step 3

Then:

Encrypt External Drive Mac Step 3.1

Step 4: Enter a strong and memorable passphrase and the passphrase hint as required, then click “Choose” and after that, click “Erase”.

Encrypt External Drive Mac Step 4

Step 5: Now, the drive should be formatted for FileVault as required.

Encrypt External Drive Mac Step 5

Step 6: Now comes the step of encrypting the drive for FileVault. You will be able to notice an icon on your desktop which looks similar to the below images.

Mac Time Machine

Step 7: Right-click on the icon of the external drive you need to encrypt and then click on the option called Encrypt “Time Machine” as shown below.

Encrypt External Drive Mac Step 7

Step 8: Enter a strong and memorable password and also enter the password hint as required. After that, click Encrypt Disk.

Encrypt External Drive Mac Step 8

Step 9: Finally, the drive will proceed through the encryption process. Select and check the drive in the Disk Utility to make sure it’s successfully encrypted.

Encrypt External Drive Mac Step 9

Encrypting External Hard Drive in Linux

There are many ways to perform encryption in Linux. Below are the steps to encrypt your external hard drive in Linux with a Raspberry Pi.

Step 1: Connect your hard drive to the system and run the following command.

sudo fdisk -l

Step 2: Use the command below to shred the hard drive if it is a traditional spindle drive and there is data, to begin with.

sudo shred -v -n 1 /dev/sda

Step 3: Run the following command to wipe out existing partitions and begin with a new, single primary partition.

sudo fdisk /dev/sda

Step 4: You’ll be asked several questions within the fdisk tool. Provide answers to them appropriately, and you will automatically exit the fdisk tool. Now run the following command.

sudo mkfs.ext4 /dev/sda1

Step 5: Make a note of your UUID, as it will be needed for mounting the encrypted drive later. You can use blkid to find it, as shown below.

sudo blkid

Step 6: If you haven’t installed the crypto tool yet, run modprobe at the end to load the required modules without a restart.

sudo apt-get install cryptsetup
sudo modprobe dm-crypt sha256 aes

Step 7: Now, set up your encrypted drive. You will have to enter a passphrase for that. Note it down somewhere secure as you will need it later to gain access to your encrypted data or configure your encrypted hard drive.

sudo cryptsetup –verify-passphrase luksFormat /dev/sda1 -c aes -s 256 -h sha256
sudo cryptsetup luksOpen /dev/sda1 YourPreferredName

The above code will create a mapper that recognizes your encrypted volume, and in this instance, it is named “YourPreferredName”.

Hard Drive Encryption with Third-Party Hard Drive & Disk Encryption Software

Another way you can use to encrypt your hard drive is by using third-party encryption software or encryption tool. Below are some of the most popular third-party encryption software which can be used for hard drive encryption.

VeraCrypt

VeraCrypt is a free and open-source encryption software that can be used on Windows, Mac OS X, and Linux. It provides enterprise-grade security to all your important data. VeraCrypt is a very popular program that often gains the highest ratings from users.

AES Crypt

AES Crypt is a convenient encryption program with both free and paid versions. It comes with a password manager plus collaboration feature, which enables sharing encrypted data with others. AES Crypt is available for Windows, MacOS, and Linux, while there are third-party versions for Android and iOS.

AxCrypt

AxCrypt is a very powerful and reliable encryption software which is specially designed for individuals and small business teams. With AxCrypt, files can be protected with either 128-bit or 256-bit AES encryption. It comes with all the tools that you need to secure files inside external hard drives.

DiskCryptor

DiskCryptor

Diskcryptor is one of the best open-source data encryption solutions for Microsoft Windows. It enables encryption of entire hard drives or individual partitions. DiskCryptor supports a wide range of encryption schemes, Windows operating systems, and file systems. An impressive feature of DiskCryptor is that it allows you to pause encryption and resume it later or even on a different computer.

TrueCrypt

TrueCrypt

TrueCrypt is a powerful encryption software which offers support for hidden volumes, on-the-fly encryption, keyfiles, and keyboard shortcuts. It can be used on entire disks as well as system partitions with an OS installed.

Moreover, TrueCrypt can be used to create a single file that works as a drive, concluded with its own encrypted folders and files. TrueCrypt supports Windows 10, 8, 7, Vista, XP and Linux, and macOS.

Hard drives with hardware-based encryption

These types of devices normally use a mix of software and hardware based encryption which sometimes requires setting a password on a physical keypad to secure your data. But, they also depend on proprietary code, which makes it really difficult to verify their security claims.

It is impossible to ensure if the hard drives with hardware-based encryption have backdoors or not, and this is common for any hardware. Therefore it is vital to purchase hard drives from only trusted vendors or brands.

USB Encryption with Operating Systems

Here you will learn how to encrypt your USB flash drive.

Encrypting USB drives in Windows

Follow the below steps to encrypt a USB flash drive in Windows OS using BitLocker.

Step 1: Connect your USB drive to your Windows PC and open file explorer. Right-click on your USB Drive there and click “Turn on BitLocker.”

BitLocker
Step 2: Here, you will be prompted to select the way you like to unlock the drive. Tick on “Use a Password to Unlock This Drive” there, as shown below.

BitLocker

Step 3: Enter and confirm your password in the provided spaces of the above window to unlock the drive (You may be able to change this password later, by providing the original password).

Step 4: When asked, “How Do You Want to Store Your Recovery Key,” Select “Save the Recovery Key to a File” option. Save this recovery file in a secure location only you have access to (This file will not contain your password and can be used in case you forget your password).

Step 5: Make the selection for either encrypting the whole drive or encrypting only the used space.

Step 6: Finally, Windows will successfully encrypt your USB flash drive. This process will take only a few minutes, and a message will appear once the encryption is completed.

Encrypting USB drives in macOS

As you may already know, macOS has some built-in tools for USB encryption integrated into its software. They allow you to encrypt or decrypt USB Flash drives and other storage devices on the fly. Below are a few simple steps on how to use them.

This process uses XTS-AES encryption, which is the same type of encryption used by the MacOS FileVault 2 system. It’s important to remember that using Finder to encrypt a USB Drive will limit its usage to macOS.

You won’t be able to access the drive on a machine with a different OS like Windows or Linux.

Step 1: Plug your Flash Drive into your MAC PC and open Finder. Then, right-click on the USB Drive in the left sidebar and click on “Encrypt +Name of the USB drive” as shown below.

Encrypt USB Drive on macOS

Step 2: Now, Finder will prompt you to enter a password and a password hint. This password will be used to access the USB drive later, so don’t lose it. Having all the necessary fields filled in, click on “Encrypt Disk.”

Encrypt USB on macOS

Step 3: Finally, the Finder will encrypt your Flash drive. This process may take a while, depending on the amount of data stored in it.

Encrypting USB drives in Linux

Following are the steps to encrypt your USB drive using LUKS in Linux.

Step 1: See the available filesystems using the below command.

df -hl

Step 2: Connect your USB Drive to the PC.

Step 3: Identify the newly connected device using the following command.

df -hl # in my case it was /dev/sdb1

Step 4: Unmount the USB drive with the below command.

umount /dev/sdb1

Step 4: Unmount the USB drive with the below command.

umount /dev/sdb1

Step 5: Wipe the filesystem from the USB drive.

sudo wipefs -a /dev/sdb1

Step 6: Create a LUKS partition as below.

sudo cryptsetup luksFormat /dev/sdb1

WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:

Step 7: Open the encrypted drive with the below commands.

sudo cryptsetup luksOpen /dev/sdb1 reddrive
Enter passphrase for /dev/sdb1:

ls -l /dev/mapper/reddrive
lrwxrwxrwx 1 root root 7 Jul 26 13:32 /dev/mapper/reddrive -> ../dm-0

Step 8: Create a filesystem as shown below. Here, “EXT4” is the filesystem, and you can create any other file system you need.

sudo mkfs.ext4 /dev/mapper/reddrive -L reddrive

Step 9: Using the encrypted USB

Below is the code for mounting and unmounting your encrypted USB Drive in Linux CLI.

sudo mount /dev/mapper/reddrive /mnt/red
su -c “echo hello > /mnt/red/hello.txt”
Password:
ls -l /mnt/red
total 20
-rw-rw-r–. 1 root root 6 Jul 17 10:26 hello.txt
drwx——. 2 root root 16384 Jul 17 10:21 lost+found

sudo umount /mnt/red
sudo cryptsetup luksClose reddrive

If you use the GUI to access the encrypted USB, a screen like this would appear.

Encrypt USB on Linux

Simply enter your password there, then save your data in the USB and eject it safely.

What are the Advantages of Encrypting External Hard Drives?

Below are some of the advantages you can gain through encrypting your external hard drive.

Improved data security

An absolute data encryption solution allows business owners to carry on their work with peace of mind as their data is secure and protected in all states.

Using the right encryption method will ensure that your data is almost inaccessible to hackers or unauthorized people. Even if hackers created brute-force software to crack the encryption, it wouldn’t be much easy with a powerful encryption solution.

Ability to maintain data integrity

Despite their size, most of the companies worry if their data will sustain integrity if they are encrypted. Encryption protects your data from modifications and thereby helps to maintain the integrity and privacy of them. It prevents hackers from modifying data who try to commit data frauds through altering data.

Alignment with data compliance rules

Compliance is an important aspect to consider when dealing with data, as many companies are bound with legal, insurance, and industry constraints on how data can be transferred and controlled.

Encryption provides an excellent opportunity for businesses to transfer and store data while adhering to compliance rules that currently take place in their organizations, such as HIPAA, PCI/DSS, FIPS, and FISMA.

Ability to transfer data securely

Mostly, the data becomes unsafe when they are being transferred from one place to another. Even though SSL/TSL is the industry standard for transferring data, it can have some drawbacks in terms of data security.

A good data encryption solution will ensure the safety of data at rest as well as in the state of being transferred.

What are the Disadvantages of Encrypting External Hard Drives?

While encrypting hard drives offers you many advantages, it also has some downsides. Some drawbacks of encrypting external hard drives are as follows:

Need for Cooperation

Using external hard drives shared between multiple people has a risk for data loss or theft. In this case, since many people know the password, they may share it with others who are not authorized to access the drive. Therefore, if you are sharing encrypted drives, you must cooperate with those who have access to the drive, or else your data will no longer be safe.

Forgetting Passwords

To encrypt your external hard drive, you need to add a password to it. This password will be required whenever you want to access or decrypt the drive. Some people use complicated passwords to strengthen security and make it difficult for others to guess. However, sometimes they forget these passwords and become unable to access the drive anymore.

Conclusion

FAQ

Does a whole disk encryption slow down your PC or Mac?

Full disk encryption should have near negligible performance costs. Most modern computers and OS offer full encryption with nearly no impact on performance.

How can you password protect a single folder in your external hard disk without installing any software?

Generally, you can’t. You need to have software installed on the computer you’re busing the external hard disk with. BitLocker or FileVault can encrypt separate folders.

How do you lock an external hard disk with a password without BitLocker or any other software?

You can encrypt a hard drive after formatting it, natively in your OS. In macOS you can use Disk Utility to wipe the external hard drive and then format it with encryption.

How long does it take to encrypt a hard drive?

This depends on the system you’re using, the storage capacity of the hard drive and whether it’s a HDD or SSD. Generally, this process should take from a few minutes to maximum a couple of hours on mos systems.

External hard drives and USB drives play a significant role when it comes to storing and retrieving data. They come with increased capacity with decreased size and price and now even offer some advanced solutions to protect your data.

Encryption is the key to securing the data on your external hard drives/USBs. By referring to the encryption methods explained in this article, you can select an encryption option that suits your needs and prevent hackers or whoever finds your portable drive from accessing the information easily.

Written by: Shanika W.

Connect with the author:

Shanika Wickramasinghe is a software engineer by profession. She works for WSO2, one of the leading open-source software companies in the world. One of the biggest projects she has worked on is building the WSO2 identity server which has helped her gain insight on security issues. She is keen to share her knowledge and considers writing as the best medium to do so. Cybersecurity is one of her favorite topics to write about.

Being a graduate in Information Technology, she has gained expertise in Cybersecurity, Python, and Web Development. She is passionate about everything she does, but apart from her busy schedule she always finds time to travel and enjoy nature.

Leave a Reply

Your email address will not be published. Required fields are marked *