Encrypt external hard drive: why should I do this?
In today’s world, it is practically impossible to say you cannot get hacked without doing something to prevent getting hacked. No one goes around fire expecting not to sweat. One of the reasons why we own portable external hard drives is to back up our data. Unfortunately, backing up your data on external portable drives further increases the risk of losing important data.
This is why it’s very important to buy an external HDD or SSD that supports hard drive encryption. This ensures that your data is safe and secure. However, depending on the type of encryption used, your data might still be at risk.
A typical example is found in this report shared by TheRegister, which implied that some Western Digital (WD) portable hard drives were vulnerable to hacks and could be compromised. I would like to point out that WD has fixed some of the security flaws that led to the breach of data in those drive models.
Encrypting external hard drives is easy. We’ll find out how to do that in a bit, but first, let’s see the types of encryption and encryption levels.
Hard drive encryption levels
Encrypting a storage drive, be it internal or external, is referred to as disk encryption. This can be either full disk encryption (FDE) or whole disk encryption (WDE). Both signify the same thing; everything on the drive gets encrypted. On some drives, the Transparent Encryption technology is used.
Transparent encryption, otherwise called real-time encryption or on-the-fly encryption, allows data to be automatically encrypted when it is being copied into a drive.
To provide further levels of security for your files, you can also use the file system – level encryption feature. This provides an additional sub level of encryption for your files and folders. If the hacker passes the first level of encryption by a stroke of luck, he may not pass the second level.
The key length of the encryption key also makes it harder for hackers to crack. The most commonly used is the AES encryption which has 128-bit AES, 192-bit AES, and 256-bit AES key lengths.
Away from that, let’s find out how we can encrypt external hard drive.
Using BitLocker On Windows PC
If you are using a Windows computer that is not running on some Home and Starter versions, you will most likely have the BitLocker software preinstalled on the computer.
BitLocker is the built in file encryption software that comes preinstalled with selected versions of Windows operating systems. If you’re not sure of what you are doing, you need to seek guidance. Don’t hesitate to read more materials about drive encryption on Google.
Encrypt external hard drive using BitLocker:
1. Connect your external portable hard drive to your computer which should be already up and running.
2. On the Desktop, press the Windows + E button to open the My Computer (This PC) window. You can click on the Computer icon on your desktop to open the “This PC” window.
3. Under the Devices and Drives section, find the external drive you’ve connected to the computer which you want to encrypt. Right click on it, then click the “Turn on BitLocker” option.
4. Wait for a few seconds for the “BitLocker Drive Encryption” dialogue box to appear. Enter your desired password in the password fields. The passwords should contain numbers, spaces, symbols as well as Upper and lowercase letters.
5. Make sure you check the box “Use a password to unlock the drive“. Leave the other “Use my smart card to unlock the drive” option unchecked. Then, click “Next”
6. Another screen will appear prompting you to select a storage location for your recovery key. You are to choose from the three available options.
- a. Save to your Microsoft Account
- b. Save to a file
- c. Print the recovery key
Save the key to any of the locations. It is important you save this recovery key. If for any reason, you forget your password, you can fall back on this recovery key to unlock your drive.
7. The “Choose how much of your drive to encrypt” dialogue box will appear. You can either choose to encrypt the entire drive or a part of it.
8. Click the “Next” button, then click the “Start Encrypting” button that will appear on the next window to start encrypting the drive. The larger the size of the drive, the longer it will take to encrypt it fully.
[wpsm_box type=”info” float=”none” text_align=”left”]
It is important to note that once you have encrypted your drive using BitLocker on a particular computer, you cannot use that drive on another computer. To access its contents, you must connect it to the computer where it was encrypted and you must provide the correct password to unlock it.
[/wpsm_box]
This is a great disadvantage of using BitLocker to encrypt your files, especially on a desktop computer.
Using VeraCrypt
VeraCrypt is a free open source software you can use to encrypt your external hard drives. It’s fully compatible with Mac and Windows computers. The VeraCrypt software can encrypt an entire drive or create a vault on your drive that only you can have access to with your password.
VeraCrypt offers two volume types for encryption; the Standard VeraCrypt Volume, and the Hidden VeraCrypt volume. The standard option keeps the data visible but you’ll need the password to access the data. On the other hand, the hidden option hides the data and even if you give someone the password, if you don’t show them where the data is hidden, the password will be useless.
[wpsm_box type=”info” float=”none” text_align=”left”]
One amazing feature the VeraCrypt software offers is the ability to install the VeraCrypt software on the drive you are encrypting.
[/wpsm_box]
This makes it easier for you to use the encrypted drive on another computer without having to install VeraCrypt on it. VeraCrypt, however, requires that you must have administrator privileges on the computer you are connecting the encrypted drive to.
Encrypt external hard drive using VeraCrypt:
1. Download and install the VeraCrypt software to your computer. For this tutorial, we’ll be using the Windows Computer. If you want to run VeraCrypt without installing it on that computer, simply select the “Extract” option instead of “Install”.
2. Launch the VeraCrypt software. A dialogue box will open. Click the “Create Volume” button to launch the “VeraCrypt Volume Creation Wizard” dialogue box. At this point, you can choose to either encrypt the entire drive or encrypt part of it. For the purpose of this tutorial, we’ll be encrypting an entire drive.
To encrypt the entire drive, check the “Encrypt a non-system partition/drive”, then Click “Next”.
3. On the next screen, you’ll be prompted to choose the volume type. Select “Standard VeraCrypt Volume”, then click “Next”.
4. Select the letter of the drive on the Volume Location dialogue box. For instance, (E:)
5. The Volume Creation Mode dialogue box will appear with two options:
- Create encrypted volume and format it – This option will format the drive you want to encrypt before encrypting it. Choose this option if you don’t have important data on the drive.
- Encrypt partition in place – This option will encrypt the drive and the files in it.
For this tutorial, we will select the “Create encrypted volume and format it option”. Click “Next”.
6. An Encryption Options dialogue box will appear prompting you to choose the encryption you want. Leave the AES and SHA-512 options if you are not sure of what to choose. Then, click “Next”.
7. The Volume Size dialogue box will appear prompting you to confirm that the size of the volume shown is correct.
8. After confirming the volume size, you will be prompted to enter and reenter the password for your encrypted drive. Click “Next”.
9. On the Volume format screen, you’ll be prompted to move your mouse in a random manner for about a minute or more. This will help VeraCrypt draw from a Random Pool of characters which are essential to its effectively encrypting your drive. You are expected to move your mouse until “Randomness Collected From Mouse Movements” bar reaches the right end of the dialogue box.
10. Click the “Format” button to begin the process of formatting and encrypting your drive.
That’s all for encrypting your external drive using VeraCrypt
Using a Mac
If you own a Mac and want to backup up your external drive, this tutorial is for you. It’s a relatively simple process. Depending on the size of the data stored on the external drive, the process might be a little bit slow.
1. Connect the drive you wish to encrypt to your Mac.
2. Find the drive icon on your desktop and right click it. Next, select “Encrypt”.
In some cases, you might not find the drive icon on your desktop. Simply navigate to “Finder” > then select “Preferences” > Click “General” tab > Select the show disks option > Choose the disk you want to encrypt. > Select the “Encrypt” option.
3. You’ll be prompted to choose a password. Make sure you write the password down somewhere only you can find it. You will also be asked to choose a password hint.
4. When you are done, click the “Encrypt Disk” option to start the process.
Hard drive encryption: conclusion
The time it takes to encrypt the drive is dependent on the size of data on that external drive. I’m sure you’ve learned how to encrypt external hard drive. Now, it’s your turn!
Here you can find which portable drives has built-in encryption feature: Best portable hard drive
If you prefer thunderbolt drives, than check this article: Best Thunderbolt External Hard Drive
Let someone else learn how to encrypt their drives by sharing this piece…
This article is wrong. You can use BitLocker to encrypt any external drive compatible with Windows and open that on another windows machine that has BitLocker. I have many drives I connect to various windows machines that are encrypted with BitLocker. There is a setting it now asks you about near the end of the dialogue that makes clear to check the box if you want the drive to be accessible on other windows computers. But it works great.