Encrypt your USB drive

Encryption is the best way to ensure attackers can’t read your files. It scrambles your files into random-looking gibberish and you need a secret key to access them. Even if someone gains access to your physical USB drive, they’ll need your password (or key file) to actually see what you have on the drive.

The two encryption tools we recommend for USB flash drive encryption are BitLocker (Windows) and FileVault (Macs).

BitLocker (Windows 10 Pro)

BitLocker is an encryption feature built into computers running Windows 10 Pro (unavailable for Windows Home). However, you can unlock encrypted removable drives on any version of Windows 7 through 10. BitLocker is not available in Windows XP or Vista, but you can use the BitLocker To Go Reader to view content on BitLocker-protected removable drives from a computer running Windows XP and Vista.

Encrypting a USB Drive with BitLocker

To enable BitLocker encryption on a USB flash drive:

  1. Insert the USB flash drive into the computer.
  2. Locate the flash drive on your computer's start menu. Right-click on the USB flash drive.
  3. Click on Turn on BitLocker.

 

BitLocker will then start initializing the drive. This may take a few moments.

  1. On the Choose how you want to unlock this drive window, check the box next to Use a password to unlock the drive.
  2. Enter a password of your choosing next to the Enter your password box and Reenter your password box. This prompts the user of the USB flash drive for a password to unlock the drive. Passwords allow a drive to be unlocked in any location. The password should contain a mixture of letters, numbers, and special symbols.
  3. Click the Next button.
  1. On the How do you want to back up your recovery key? window, select Save to a file link.  
  1. In the Save BitLocker recovery key as dialog box, choose a location such as your Google Drive folder.
  2. Click Save button.

You can also print the recovery key if you desire. With this recovery key file you can regain access to your encrypted USB flash drive in the event you forget your password.

  1. On the Choose how much of your drive to encrypt window, you can choose your desired option.
  2. Click on the Next button.
  1. On the Choose which encryption mode to use window, you can choose your desired option.
  2. Click on the Next button.
  1. On the Are you ready to encrypt this drive? window, click the Start encrypting button. Do not remove the USB flash drive until the encryption process is complete. How long the encryption takes depends on the size of the drive. USB drive encryption take approximately 6 to 10 minutes per gigabyte to complete.

The encryption process performs the following:

- Adds an autorun.inf file, the BitLocker To Go reader, and a ReadMe.txt file to the USB flash drive.

- Creates a virtual volume with the full contents for the drive in the remaining drive space.

- Encrypts the virtual volume with Advanced Encryption Standard (AES) 128-bit.

  1. Once the encryption process completes you will be notified by a window. Click the Close button.
Use your encrypted USB flash drive

When you insert the encrypted drive into a USB port on a computer running Windows 7 and above a dialog box will display. When you are prompted:

  1. Enter the password you created.

FileVault (Macs)

To enable FileVault encryption on a USB flash drive, please see Apple's encrypt and protect a storage device with a password in Disk Utility on Mac.