How to Encrypt a USB Flash Drive in macOS Mojave

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,625
10,917



In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we're going to show you how to encrypt a USB flash drive (or "thumb drive"), which is useful if you're traveling light and want to take sensitive data with you for use on another Mac.

Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to prevent access to data on a Mac's startup disk without a password. Note that the following method is only compatible with Macs - you won't be able to access data on the encrypted drive using a Windows machine.

If this is a requirement, you'll need to use a third-party encryption solution like VeraCrypt. With that in mind, here's how to securely encrypt your USB flash drive.


Attach the USB flash drive to your Mac and locate its disk icon on your desktop, in a Finder window, or in the Finder sidebar, then right-click (or Ctrl-click) it and select Encrypt "[USB stick name]"... from the contextual menu.

(Note that if you don't see the Encrypt option in the dropdown menu, your USB flash drive hasn't been formatted with a GUID partition map. To resolve this, you'll need to erase and encrypt the USB drive in Disk Utility - before that though, copy any data on the drive to another location for temporary safekeeping.)


When you select Encrypt, Finder will prompt you to create a password, which you'll need to enter the next time you attach the USB flash drive to a Mac. (Don't forget this, otherwise you'll lose access to any data stored on the USB drive!) Once you've chosen a password, verify it, add a meaningful hint if desired, and click Encrypt Disk.

The encryption process depends on how much data you have on the USB flash drive, but you'll know it's completed when its disk icon disappears and re-mounts. You'll now be able to access the contents of the USB flash drive as usual, but if you physically detach it and re-attach it to your Mac you'll be prompted to enter the password.


Note that the prompt includes an option for macOS to remember this password in my keychain. Check the box, and whenever you attach the USB stick to your Mac again you won't be prompted to enter the password and you'll have automatic access to it, just like any other drive.


If you ever want to decrypt the USB flash drive in future, right-click (or Ctrl-click) its disk icon, select Decrypt "[USB stick name]" from the contextual menu, and enter the password to turn off encryption protection.

How to Encrypt a USB Flash Drive in Disk Utility
Before proceeding, make sure you've copied any data on the USB flash drive to a safe location, like your Mac's internal disk.
  1. Launch Disk Utility, located on your Mac in Applications/Utilities.

    In the Disk Utility toolbar, click the View button and select Show All Devices if it isn't already ticked.

    Select your USB flash drive in the sidebar by clicking its top-level device name (i.e. not the volume name that's listed beneath it).

    Click the Erase button in the toolbar.
  2. Give the USB flash drive a name.
    Next, click the Scheme dropdown menu and select GUID Partition Map. (It's important to do this first before the next step, otherwise you won't see the encryption option in the Format dropdown.)

    Now click the Format dropdown menu and select Mac OS Extended (Journaled, Encrypted).

    Click Erase.

    Enter your new password, enter it once more to verify, include a password hint if desired, then click Choose.

    Click Erase once again, and wait for your disk to be formatted and encrypted.
Once the process is complete, copy across your sensitive data to the blank USB flash drive, where it will be automatically encrypted and secured with a password.

Article Link: How to Encrypt a USB Flash Drive in macOS Mojave
 
  • Like
Reactions: Guri

Emanuel Rodriguez

macrumors 6502
Oct 17, 2018
346
577
Yep... it works the same as the USB key in this article. Assuming the drive is already properly formatted, just right click and select encrypt.
The only caveat is that it depends on how full the disk is. Some room (although not much) must be made for the Core Storage headers, if the disk is formatted as HFS+. APFS doesn't need to make extra room, though.
 
  • Like
Reactions: Weaselboy

David G.

macrumors 65816
Apr 10, 2007
1,100
443
Alaska
Disagree. It’s an official feature in Mojave and one can still follow the exact same options despite it being in dark mode.
It’s not that the process is different. It’s that black text on a white background is easier to read. Heck, some of the text is grey on black; how in the world could that ever be seen as anything close to desirable for tutorials for the masses? With my vision I’m having difficulty reading it. Let what’s stood the test of time be displayed for the vast majority, and run dark mode on your own machine on your own time.
 
Last edited:

Luba

macrumors 65816
Apr 22, 2009
1,279
185
The only caveat is that it depends on how full the disk is. Some room (although not much) must be made for the Core Storage headers, if the disk is formatted as HFS+. APFS doesn't need to make extra room, though.
Is flash storage on a USB the same type of storage technology as on a SSD? Thus, better to format in APFS.
 

Westside guy

macrumors 603
Oct 15, 2003
5,687
2,842
The soggy side of the Pacific NW
Since I generally need to use my USB sticks on both Windows and Mac (plus occasionally Linux), what I do is create a Veracrypt image on an exFAT-formatted USB stick. I leave enough room for the Mac installer on there - you can make Veracrypt containers “portable” (self-contained) for Windows, but for Mac you need to have Veracrypt installed on the computer.

It’s surprising, but there are still occasions when a USB stick is easier and faster than working over the network.

BTW if you aren’t familiar with Veracrypt - it’s the maintained successor to the last audited version of TrueCrypt.
 
  • Like
Reactions: rickyipcw

Sedulous

Contributor
Dec 10, 2002
2,479
2,430
It’s not that the process is different. It’s that black text on a white background is easier to read. Heck, some of the text is grey on black; how in the world could that ever be seen as anything close to desirable for tutorials for the masses? With my vision I’m having difficulty reading it. Let what’s stood the test of time be displayed for the vast majority, and run dark mode on your own machine on your own time.
Actually white text on black background is easier to read. It is an issue of contrast and how the eye compensates for overall brightness.
 

Emanuel Rodriguez

macrumors 6502
Oct 17, 2018
346
577
Is flash storage on a USB the same type of storage technology as on a SSD? Thus, better to format in APFS.
Yes, the technology is basically identical. The speed differs between flash drives and SSDs for a number of reasons, but the tech is the same. APFS is more optimized for SSDs, but it's better than HFS+ in numerous other ways. It's also the best option for ye ol' spinning rust drives as well. Apple has quietly added defragmentation support to APFS, which is only relevant on magnetic drives.

EDIT: I have found defragmentation off by default on all the magnetic drives I've formatted as APFS though, and has to be enabled manually, via the command-line. Who can say why.
 
  • Like
Reactions: Luba

Luba

macrumors 65816
Apr 22, 2009
1,279
185
Yes, the technology is basically identical. The speed differs between flash drives and SSDs for a number of reasons, but the tech is the same. APFS is more optimized for SSDs, but it's better than HFS+ in numerous other ways. It's also the best option for ye ol' spinning rust drives as well. Apple has quietly added defragmentation support to APFS, which is only relevant on magnetic drives.

EDIT: I have found defragmentation off by default on all the magnetic drives I've formatted as APFS though, and has to be enabled manually, via the command-line. Who can say why.
Oh, what's the command-line command to defrag APFS HDDs?
 

timmyh

Contributing Editor
Mar 18, 2016
142
226
Edinburgh, UK
i would personally pick APFS which is optimised for flash storage devices...
That would work, too. I stuck with Mac OS Extended for compatibility, because you might not know in advance which version of macOS is running on the Mac that you end up plugging the USB stick into.

Using Dark Mode for screenshots isn‘t a good choice for tutorials.

I‘m sorry!
Disagree. It’s an official feature in Mojave and one can still follow the exact same options despite it being in dark mode.
Looking at the comments above, there's obviously differing opinions on the use of dark mode in screenshots. For anyone interested in voting, I've posted a twitter poll on the debate here, and I'll personally honour the results going forward.
 
Last edited:

David G.

macrumors 65816
Apr 10, 2007
1,100
443
Alaska
That would work, too. I stuck with Mac OS Extended for compatibility, because you might not know what version of macOS is running on the Mac that you end up plugging the USB stick into.





Looking at the comments above, there's obviously differing opinions on the use of dark mode in screenshots. For anyone interested in voting, I've posted a twitter poll on the debate here, and I'll personally honour the results going forward.
I do not have a Twitter account and am therefore unable to vote. Mark me down as a vote for standard mode.
P.S. Thank you for doing these tutorials, every now and then I learn something!
 
Last edited:
  • Like
Reactions: timmyh

Emanuel Rodriguez

macrumors 6502
Oct 17, 2018
346
577
Oh, what's the command-line command to defrag APFS HDDs?
Where you see "/Volumes/My Disk", replace "My Disk" with your harddrive's exact name (probably best to copy and paste it in there), and this will enable background defragmentation. The defrag happens when you're not using the disk, which is probably ideal. There is no way to simply "run" a defrag, you can only enable the ability to at some point do it in the background.

Also, you can disable background defragmentation by changing "set=yes" to "set=no". You'll also have to blindly enter your account password when it asks for it, and push return. It won't display anything as you type it.
Code:
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -D set=yes `diskutil info '/Volumes/My Disk'|grep Device\ Identifier|grep -Eo 'disk[0-9]+(s[0-9]+)?'`
Make sure you don't run this on an SSD though, because defragmenting an SSD is not only useless, but can significantly reduce its lifespan. Naturally, if you do, you can simply disable it by changing "set=yes" to "set=no".
[doublepost=1545048373][/doublepost]
That would work, too. I stuck with Mac OS Extended for compatibility, because you might not know in advance which version of macOS is running on the Mac that you end up plugging the USB stick into.
Yes. I was initially going to suggest MacRumors use APFS instead of HFS+ for this article, but I work in IT, and it's hard not to notice the crazy number of people who seem to be religious about never updating anything, even when you know macOS lets you know about updates by default. I don't know how they do it, to be honest. Anywho, definitely best to ensure this guide works, even on those computers.
 
Last edited:
  • Like
Reactions: Luba

MacBH928

macrumors 601
May 17, 2008
4,398
1,613
Do these encryptions ever get corrupted? You don't want to open a folder 3 years later and it just doesn't work, password or not.

Also, what happens if you encrypt the folder and after 3 or 4 MacOS upgrades, will it still be able to decrypt it or it will say software not supported?
What happens if you just don't have a MacOS?
Also is it safe or is it just a stupid security measure that can be unlocked with some 3rd part software?

also why you didn't choose APFS encryption
 

Emanuel Rodriguez

macrumors 6502
Oct 17, 2018
346
577
Do these encryptions ever get corrupted? You don't want to open a folder 3 years later and it just doesn't work, password or not.

Also, what happens if you encrypt the folder and after 3 or 4 MacOS upgrades, will it still be able to decrypt it or it will say software not supported?
What happens if you just don't have a MacOS?
Also is it safe or is it just a stupid security measure that can be unlocked with some 3rd part software?

also why you didn't choose APFS encryption
If the data is being stored on an SSD, the chance of corruption is very low, although not impossible. On a regular magnetic drive, the chance is actually far higher, especially if the data hasn't been touched in three years. This is known as "bit rot". APFS has no protection against bit rot for your data, although it does protect the filesystem metadata. There is the possibility that Apple could implement such a thing, however. Other similar filesystems (ZFS) have support for bit rot protection, so I'm hopeful Apple will see the wisdom in implementing such a thing. The only caveat is that any such protection would consume a large chunk of your storage. If implemented, it would most certainly be optional.

If you're concerned, create an APFS volume without encryption, and you should be fine. The filesystem itself should always work, even if there is minor data corruption.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.