Encrypting USB Flash Drives

If you use USB flash memory drives, also known as thumb drives or jump drives, you can encrypt them to make sure no one else can access your data if they get a hold of your drive. This is a system function in macOS Sierra that can be accessed in the context menu for that drive. Since these drives are easy to lose, it can be a good idea to encrypt them as standard practice.

Video Transcript
A lot of us like to use these little USB thumb drives to store files outside of your Mac. They're useful when you want to get some files off of your Mac, to archive things, to transfer things between Macs, to bring things with you when you travel. The problem is they're easy to loose. If you loose them somebody else can pick them up and access all the data on your drive. So you want to make sure you don't store anything sensitive on there. But even if you don't you still don't want somebody going through whatever you've got on there. However there is a way to encrypt these very easily in Mac OS Sierra.

Now I'm going to plug this in and it should appear in the Finder in the left sidebar. There it is. I can select it and I can see I've got an example file in there. Now it's completely unencrypted. Anybody whose taking this in any other Mac is going to be able to see this file. All the files there and read it. But you can encrypt it pretty easily.

The trick is to Control click on the icon there on the left sidebar and an option is called Encrypt MyDrive. Now if you see this drive on the desktop you can Control click there as well. Or if you were to go to the computer level and I can see there's MyDrive and I can Control click there and I can also see Encrypt. You won't find it though anywhere here in the Menu bar. So if you select it and look for Encrypt in the Menu bar you won't find it. So Control clicking and bringing up the Context menu is critical for this.

Then you select Encrypt Drive. You come up with a password and you verify it. Now it's very important that you remember this password because this is not a locked door kind of situation where this is locking the door and you need the password to get through. This is actually taking all the data on the drive, encrypting it using this key. So in other words the data is no longer readable unless you have this key to actually decrypt the entire drive.

So you want to include a password hint if you can. Something that, of course, won't give it away to just anybody but will help you remember what it is. Then you also want to add this to your Password Manager if you use something like OnePassword or LastPass. Or write it down somewhere because if you forget this password you will never be able to get the data off this drive. There's no way to break the encryption short of doing some real high level stuff. So for most people it's impossible. So you want to make sure you remember the password so you just type whatever in here, my hint, that will help you. Then you hit Encrypt Disk.

The speed upon which it encrypts the disk depends upon how much data you've got on it. So if you have a whole bunch of stuff on it, it's going to take a while. But in this case it should be fairly quick because it's just that little text file.

So when the process is done you actually would see the drive disappear and reappear again and you can select it. You can see the stuff in it right there. If I Control click on it and I get Info I can see in here that it is encrypted if you look under Format, Mac OS Extended Journal Encrypted.

Now let's Eject it. When I insert it again I will have to enter in the password. So I've got it out and now I'm going to attach it. It's going to come up and ask for the password. Now I can, at this point, say Remember the Password in My KeyChain. So in this Mac I will never have to remember that password again. This works fine because the idea is if you loose it somebody is not also going to have your Mac to enter it in. You can also enter the Show Hint to see the hint there. Hit Unlock and it will unlock the drive.

Then from that point on you can use as normal. So it's only this one time that you have to enter it in every time you add the drive to your machine. So now it appears in my left sidebar. I can click on it and access my files.

It's important to realize that I can change this file, add new files, delete files, and use the drive as normal. Anything I add to the drive now will be encrypted in the process of just simply adding it to the drive. I don't have to do anything special. Now I can use this drive as normal but the only person that can get to the contents of the drive is me.

Comments: 15 Responses to “Encrypting USB Flash Drives”

    Mr. Luigi
    7/31/17 @ 3:05 pm

    Hi Gary, Could I use this same procedure to encrypt my “always connected” backup harddrives? I ask because I’ve always worried that if someone broke into my house and took my very portable backup harddrives, they would have access to all the content on my computers. Love your site. Proud Partreon supporter.

    7/31/17 @ 4:04 pm

    Luigi: Yes, but you should use the Time Machine built-in encryption option. Same result, I believe, but done properly. See https://support.apple.com/kb/PH25539

    7/31/17 @ 9:28 pm

    Thanks! I’m always learning new things from you. I use encrypted DMG files to store sensitive information on my MacBook Pro. They are then encrypted wherever I put them, on a backup drive, on a flash drive, or on another family computer. But perhaps encrypting the flash drive is more secure?

    7/31/17 @ 10:00 pm

    Dot: I don’t see how they are more or less secure — both are encrypted data. Doing the whole drive makes it easy to add/remove/modify the files since you don’t have to open and close the DMG. But DMGs are useful to encrypt data on a larger drive that is unencrypted.

    8/1/17 @ 9:12 am

    Once a drive is encrypted and in use, can you change the encryption password? can you unencrypted the drive and then encrypt it again later with a different password? if you do lose the password (accepting that files are unrecoverable) can you reformat the drive (not having the encryption password) so that you can use it again as a blank drive?

    8/1/17 @ 9:30 am

    Ann: Yes. You can unencrypted the drive the same way, and then encrypt it again with a different key/password. You can of course erase the drive without the password and use it as a blank drive. I encourage you to play around with this — try it all with a drive and see how it works.

    8/3/17 @ 11:18 am

    Gary, big fan, love your stuff. I have to move USB drives between Windows and Mac. What happens when I take the Mac encrypted drive to Windows? Can you make a video showing the best way to format USB drives for use on both platforms? Thanks!

    8/3/17 @ 11:23 am

    Tom: You can’t do it. Windows can’t read Mac-formatted drives, let alone Mac-formatted drives that are encrypted. To format for both platforms, just use ExFAT or FAT in Disk Utility. But it wouldn’t be encrypted. A better solution in 2017 is to simply use a cross-platform cloud service like DropBox.

    Patti Rogers
    8/15/17 @ 6:24 pm

    When I just tried to follow the instructions…I got a pop up saying A GUID Partition Table (GPT) partitioning scheme is required.
    Not sure how to proceed. I’m using Sierra 10.12.6 on my MacBook Pro which is 5 years old. Any suggestions. Thanks for what you do.

    8/15/17 @ 6:29 pm

    Patti: Sounds like the drive is not formatted with Macintosh Extended and GUID. You can reformat (erase) the drive with this using Disk Utility.

    Patti Rogers
    8/15/17 @ 6:57 pm

    Thanks Gary…will do it.

    9/23/17 @ 10:23 am

    In Sierra, when encrypting a USB flash drive, we are not given the choice of 128-bit or 256-bit encryption as we are when creating a new encrypted blank image using Disk Utility. Do you know which level of encryption is being used? Thanks.

    9/23/17 @ 10:24 am

    Barry: My guess would be 256. But if it is important to you, then why not use Disk Utility and be sure?

    9/23/17 @ 12:43 pm

    Gary – Even when using Disk Utility to encrypt a USB flash drive, we are not given the choice – it’s similar to right-clicking on the flash drive and choosing Encrypt. Only when creating a new encrypted blank image in Disk Utility is the choice given. Apple is making the choice for us when it comes to flash drives, but not telling us what that choice is.

    9/23/17 @ 5:46 pm

    Barry: Looks like with High Sierra things are in flux. I don’t even see this option at the moment.

Comments Closed.