Encryption can help protect the sensitive data on an external drive should it fall into the wrong hands through loss or theft, but there are other reasons for encryption, too. For instance, non-encrypted flash drives can leave you vulnerable to malware and other device security threats.
But what does it really mean to encrypt your data and how does it work? Encryption means only those with an encryption key file or password will be able to access the data on an encrypted flash drive.
So even if your flash drive falls into the wrong hands, those unintended third parties won’t be able to access or understand the information the drive is holding and therefore would be unable to use it for nefarious purposes.
Encryption, Flash Drives, And Filesystems
An important factor in the encryption process for your flash drive is your filesystem. Your filesystem organizes your drive by dictating how and how much data is stored, and what type of data can be attached to files.
Apple supports three file systems: Apple File System (APFS), Hierarchical File System (HFS) Plus, and extended File Allocation Table (exFAT). Windows also supports exFAT, along with NT File System (NTFS) and File Allocation Table (FAT32).
Different filesystem types will impact your encryption options in different ways. Here are the differences.
Apple File System (APFS)
The APFS is the default used in the newer Mac operating system, also known as macOS 10.13 High Sierra — and is optimized for flash drives.
Hierarchical File System (HFS) Plus
The HFS+ filesystem, also known as Mac OS Extended, is used by Apple to encrypt removable media on older versions of macOS.
NT File System (NTFS)
NTFS is the most modern file system that Windows uses by default for its system drive and non-removable drives. NTFS is the ideal filesystem for internal drives.
File Allocation Table (FAT32)
FAT32 is older and less efficient than NTFS. However, it is more compatible with other operating systems and can be used to support an external drive — if exFAT isn’t supported on your device and you don’t have files larger than 4 GB.
ExFAT is the modern replacement for FAT32 and is a great cross-platform option, supported by more devices and operating systems in its compatibility with both Windows and macOS. This file system is optimal for flash drives in its lightweight design like FAT32, but without that filesystem’s limitations or the extra features of NTFS. Similar to NTFS, exFAT gives you more storage than FAT32’s 4GB limit.
Encrypting a flash drive on a Mac computer
Encrypting your flash drive is different on a Mac because Apple uses the APFS or HFS+ filesystems to encrypt removable media, so you’ll need to format your drive accordingly. Here’s how.
Step 1: Erase drive (but consider consulting an expert first)
To format your external flash drive with the HFS+ filesystem, for example, start by opening the disk utility app. Then select your USB drive and choose Erase. Keep in mind that you could erase any data that’s already on the external or flash drive. You may want to consult a professional for advice.
Step 2: Format filesystem
After choosing the MacOS extended format and erasing the drive, format it with the HFS+ filesystem.
Step 3: Encrypt drive
To encrypt your drive, right-click your USB drive in your Finder and select Encrypt.
Step 4: Set password
Enter a strong password to keep others from gaining access.
Encrypting a flash drive on a Windows computer
Windows uses built-in encryption software known as BitLocker drive encryption, which is built into Windows Vista, including Pro, Ultimate, Enterprise, and Windows 10. While Bitlocker can encrypt your operating system drive and fixed data drives on your computer, Bitlocker to Go can encrypt your external USB flash drive and external hard drives. Windows also gives you a choice between three filesystems, as mentioned above.
Step 1: Choose filesystem
To start, choose which filesystem you want to use — NFTS, exFAT or FAT32 — by right-clicking your drive and choosing Format.
Step 2: Encrypt drive
To encrypt your flash or external drive, select the drive in your file explorer, hit your Manage tab, Select BitLocker, and turn BitLocker on.
Step 3: Set password
You’ll then choose how you want to unlock the drive — with a smart card, password, or both. If you choose to set a password, create a strong password and enter it twice.
Step 4: Save recovery key
You’ll then need to choose how you want to save your recovery key, in case you forget your password.
Encryption software options
Some flash drives offer built-in encryption, so you won’t have to use encryption software or a third-party app. If your drive doesn’t already provide encryption, you’ll need to decide which software is right for you.
Your decision will depend on factors that include your operating system, ease of use, level of encryption, safety features, speed, file size, and cost. Below is a listing of several encryption tools you may want to consider for your removable media.
Gilisoft USB encryption*
Gilisoft USB encryption software uses the AES-256 encryption algorithm, and runs automatically once your USB is detected. Other than choosing the size of your encrypted partition, everything else is automated. In various online reviews, possible drawbacks have includeed the cost, which runs about $50, and your computer — the app only works with a Windows platform.
The USB Safeguard encryption software also uses AES-256 encryption for files, folders and drives. The highlights of USB Safeguard are just what its name implies: its safety features. The app lets you create virtual containers to keep your data safe, and also automatically locks when unplugged or when a user is inactive for a certain time. The potential drawbacks noted in online reviews? USB Safeguard only supports Windows and encryption of files up to 2GB. After that, it’s around $23 per license.
Kruptos 2 Go-USB Vault*
While there are several encryption software options for Windows, there aren’t as many for macOS. Kruptos 2 uses the stronger AES-256 encryption and notes that it can be used across platforms for Windows, macOS, and Android. While the process for encryption is relatively easy and the cost is around $24.95, the drawbacks are that you can’t encrypt an entire partition or system drive like you can with others, and the encryption process is reported to be slower than free tools like VeraCrypt.
How to encrypt a flash drive for free
There are several free options for encrypting the data on your flash drive through third-party tools. The differences in their efficacy seem to hinge on differences in their platforms, functions, and algorithms.
VeraCrypt is another free third-party data encryption tools. It’s based on earlier software known as TrueCrypt and can function cross-platform. This encryption software can be used with Windows, OS X, and Linus. The product is able to hide encrypted volumes within other volumes through AES, TwoFish, and Serpent encryption.
AxCrypt software requires an annual fee for Mac and mobile applications, but it’s a free, open source encryption tool for Windows. This software allows you to encrypt either a file or an entire folder. AxCrypt can use timed encryption, letting you schedule the encryption and decryption of specific files or folders for a certain amount of time according to your needs and uses.
One difference? AxCrypt can’t create encrypted volumes the way VeraCrypt can. Also, the free version supports the AES-128 algorithm, which isn’t as strong as AES-256 encryption.
This tool is another free, open source program that supports drive and volume encryption for Windows. DiskCryptor supports complex system configurations and lets you choose between the algorithms AES-256, Serpent, and Twofish.
GNU Privacy Guard*
This open source encryption software supports several types of encryption and can be used with Windows, OS X, and Linus. This tool is useful in its ability to encrypt individual files, disk images, volumes, external drives, and connected media.
7-Zip is free file archive software for Windows, OS X and Linus. This encryption tool supports 256-bit AES encryption. It’s easy-to-use in its ability to use an encryption key to encrypt multiple files with one click.