Your phone and computer are secured with a PIN, password or biometric authentication, but what about your external storage devices? These things can also get into the hands of unauthorized persons. There are some ways to protect such an external drive with a password.
External hard drives and USB sticks are particularly useful because of their portability. You can easily take large files with you, without having to carry around a laptop. Of course, to keep security in mind, you can purchase hardware-encrypted storage devices with fingerprint readers. These drives provide a secure form of password-free biometric encryption that is easy to use and also easy to set up. But being that is expensive. We look at locking software that won’t cost you a cent. To be clear, we’re not talking about tools that selectively encrypt one or more folders. In this article we explain how to protect the entire data carrier with a password. This prevents you from accidentally storing data outside those few secure folders on a hectic day, making it openly available to anyone who gets their hands on the drive.
Enable BitLocker
BitLocker is the easiest Windows solution because then you don’t have to use any third-party software. Unfortunately, there is a ‘but’ to this, because this tool is only available in Windows 10 Pro, Enterprise and Education. So anyone who works with Windows 10 Home should use another solution, for example VeraCrypt – also discussed in this article.
If you are using a version other than Home, open Windows Explorer and right-click on the external drive or USB stick and choose Enable BitLocker. A message appears stating that BitLocker is being initialized. Wait a while for that to finish and make sure you don’t unmount the drive during BitLocker encryption.
password
Then put a check next to the text Using a password to unlock the drive. Enter a strong password and repeat. Then select Next one to go on. The password must meet a number of criteria, otherwise you will receive an error message. It must contain at least eight characters, at least one uppercase letter and one lowercase letter, and contain at least one symbol, number, or space.
recovery key
Windows automatically creates a recovery key on if you have forgotten the password. You can capture that recovery key in three ways: you can save it to your Microsoft account, in a text file somewhere on your hard drive, or print it. Choose one of the three ways and click Next one. After you receive the message that the recovery key has been saved or printed, continue.
Start encryption
BitLocker asks which part of the external data carrier should be secured. When it comes to a new disk or USB stick, you only need to encrypt the part of the drive that you are currently using. BitLocker will encrypt all new data automatically when you write it to this drive. This is the fastest method. A few seconds to minutes depending on the amount of data on the drive.
If you enable BitLocker on a drive that is already in use, you can encrypt the entire drive so that all data is protected. This also applies to data that you have deleted from this drive, but that has not yet been overwritten. This method is slower and can even take hours to complete.
When you have made your choice, click on the button Start encryption.
Advanced Boot Options
Do not remove the drive as this will interrupt the encryption and could damage the drive. You can pause the encryption process for a while, but the files are not fully protected until you see the message that the encryption is complete.
Later, when you remove the drive or USB stick and plug it back into the computer, a BitLocker pop-up window will appear asking for the password. In the pop-up window, you will also see two other options: entering the recovery key and having the drive unlocked automatically on the PC. Use the first option if you’ve forgotten your password, enter the 48-character recovery key to regain access to your drive. By checking the second option you ensure that the current PC always recognizes and unlocks the drive automatically.
MacOS via Disk Utility
You don’t need external software for the Mac either to secure access to an external hard drive. You must set the security before you place the data on the storage medium. Open the Disk Utility tool that’s on every Mac. In the left column, select the disk or USB stick you want to protect and then use the button Erase. You will format this drive and you can immediately rename the drive. In the same window you also need to select a Structure and a Layout. Bee Layout go for GUID partition layout. Once you’ve done that, you can join Structure the option Mac OS Extended (Journaled) select. The system will ask for a password that you must confirm and for which you must also provide a prompt as a reminder. When you’ve done all that, click the button Erase. MacOS will now format and encrypt the data carrier. This takes time, so be patient. When the encryption is complete, you will have to enter the password every time you connect the data carrier to a PC.
Create volume
In addition to the proprietary programs from Windows and Apple, there is the third-party program VeraCrypt. This free encryption software works smoothly on Windows, macOS and Linux. If you don’t have BitLocker because your system runs on Windows Home, this is a great alternative.
After installation, start the program and connect the external drive to your computer. In the menu Institutions can you join the program Language on Dutch to make. When you run the program, a window will appear with some drive letters and some buttons. You will need this later to mount the encrypted volume. Ignore that list for now and click the button Create volume. You will then enter the wizard that will help you create a volume. The first option, Create an encrypted file container, creates a virtual encrypted portion on the disk, the rest of the disk can contain unencrypted data. We just want the entire disk to be encrypted, so we choose the second option: Encrypt a non-system partition/disk.
Select device
In the next screen of the wizard you will be given the choice between a Default VeraCrypt Volume or a Hidden VeraCrypt Volume. You really only use the second option if something has to remain top secret; the program will then create a second encrypted volume within the first encrypted volume. In most cases this will not be necessary. So don’t make it too complex and select Default VeraCrypt Volume and click again Next one. After that you have to select the external data carrier with the button Select device. In the next window you can select a particular partition or the entire disk. If there is only one partition on the disk, you may receive an error message when you tell the entire disk to be encrypted. You solve that by selecting that one partition. You will then return to the previous screen where the path to partition has been entered correctly. Continue so that you are in the screen Create volume mode comes. The first option causes VeraCrypt to delete all data stored on the hard drive before encrypting the drive. The second option means that VeraCrypt encrypts the data on the disk without deleting anything. The first option is much faster, so choose Create and format encrypted volume.
move move
In the screen Encryption Options you have to choose the encryption algorithm and the hash algorithm. If you have no idea what this means, feel free to leave it at the default values ​​and click Next one. Then there is another screen to double check the size of the volume. After that, it’s finally time to enter the password for the drive. VeraCrypt clearly states what the password should consist of. And finally, it’s the turn of formatting the drive. Here you have to move the mouse pointer arbitrarily within the window for a while. You create entropy through unpredictable movements. That is a random number generator in the software that generates random numbers based on your moves. A green progress bar indicates when the algorithm is ready. Wait for the encryption process to finish, then click Format.
To link
Once the drive is encrypted, you can only access the content by using the VeraCrypt software first. The program must therefore be on every PC with which you want to be able to save something on the disk. It is important to note that you can no longer access this volume using the original drive letter. If the volume before encryption had the letter D, you will receive a message after encryption that that drive is unreadable. To make the encrypted volume available, you need to mount the drive with the PC via VeraCrypt.
Open VeraCrypt and select another drive letter from the list, for example H. Then click the button Auto pairing. After entering the volume password, click your OK. The link takes a while and VeraCrypt even warns you not to think that the application has crashed. Finally, you will see that the volume is mounted to the selected drive letter. You can then open the volume from VeraCrypt by double-clicking it. Or you can find the protected drive with the drive letter H in Windows Explorer.
