![]() When it comes to encryption, the software largely uses the AES encryption algorithm alongside a few cascaded algorithms, such as AES-Twofish, AES-Twofish-Serpent, and more.īelow are the steps on how to encrypt your USB drive using VeraCrypt: It is essentially a fork of TrueCrypt, which was another encryption software that ceased development in 2014. Veracrypt is a freeware drive encryption utility available for all major platforms, including Windows. However, the one we will use in this guide is VeraCrypt. In this regard, there are various options out there that promise to provide strong, on-the-fly encryption (OTFE). If you are running Windows 10 Home on your PC, you have to resort to using third-party disk encrypting utilities to encrypt your USB drive. Encrypting a USB Drive on Windows 10 Using VeraCrypt Once the drive is encrypted, remove it from your computer. So sit back and wait for the process to complete. ![]() Finally, tap on Start encrypting to initiate the encryption process on your drive.ĭepending on how much data you have on your drive and the encryption mode you chose, the encryption process can take time accordingly.If you plan on using the drive on older versions of Windows, choose the Compatible mode. Select an encryption mode between New encryption mode and Compatible mode.Choose how much of your drive you want to encrypt: you can opt to encrypt only the used disk space or encrypt the entire drive.On the next screen, select an option for how you want to save the recovery key from Save to your Microsoft account, Save to a file, or Print the recovery key.Tick the checkbox for Use a password to unlock the drive and create an encryption password.Click Turn on BitLocker next to the selected drive.On the BitLocker Drive Encryption window, select your removable drive under Removable data drives -BitLocker To Go.In the Control Panel, click System and Security and select BitLocker Drive Encryption. ![]() Click Start and search for the Control Panel.Connect the USB drive you want to encrypt.It uses the AES encryption algorithm with configurable key lengths of 128 or 256 bits to protect your data.īitLocker To Go is a version of BitLocker drive encryption for removable storage devices that you can use to encrypt USB flash drives, SD cards, and external drives (HDD and SSD) formatted in NTFS, FAT16, FAT32, or exFAT file systems.įollow the steps below to encrypt your USB drive with BitLocker To Go: Encrypting a USB Drive on Windows 10 Using BitLocker To GoīitLocker is Microsoft’s disk encryption utility that comes built-in on different Windows versions, including Windows 10. However, if your device is on Windows 10 Home, you can use a third-party disk encryption utility. If the user prefers to create the bootabe USB key directly and store it instead of the backuping the ISO file, then the user is taking a big risk since a USB key can be overwritten.If you are running Windows 10 Pro, Enterprise, or Education, you can use BitLocker To Go - Microsoft’s native disk encryption utility - to encrypt your flash drive. So, to clarify more: if you have no CD/DVD drive, you can skip the rescue disk check but you have to securely backup the ISO file so that you can create a bootable USB key from it in the future. Thus, I say that relying only on the USB key as the only rescue medium is a big risk for the user. Since a USB key can't be configured to be readonly, there is always a risk that the riscue disk data burned into it get corrupted. If the user relies only on a created USB key then he can find him self in big trouble if the USB key gets overwritten for any reason. The user should backup the ISO file of the rescue disk in a secure way so that he can creates the bootable USB key at any moment. There are many free tools on the internet that can create a bootable USB key from an ISO file (for example [UNetbootin)()). The user can always burn the ISO to a USB key and boot on the USB if he needs to recover. I'll add in the future an option in the GUI that will be equivalent to the /noisocheck switch. So, for the machines with no CD/DVD drive, the rescue disk check can be turned off manually to be able to encrypt the system but it is the user responsibility to ensure that this ISO can be used in the future. It is the responsibility of the user to ensure that the ISO file of the rescue disk is correctly burned or backup-ed. VeraCrypt doesn't implement any burning functionality and it only calls Windows built-in ISO burner. You can always skip the check of the rescue disk being burned by running "VeraCrypt Format.exe" with the option /noisocheck or /n from an elevated command prompt (see ).Ĭoncerning your request, the issue with USB drives is that we can't configure them to be read-only and as such they can be corrupted or overwritten, which is dangerous for a medium that is supposed to provide rescue functionality in the future.
0 Comments
Leave a Reply. |