How to Encrypt a USB Flash Drive in macOS Mojave

Discussion in 'Guides, How Tos and Reviews' started by MacRumors, Dec 16, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we're going to show you how to encrypt a USB flash drive (or "thumb drive"), which is useful if you're traveling light and want to take sensitive data with you for use on another Mac.

    Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to prevent access to data on a Mac's startup disk without a password. Note that the following method is only compatible with Macs - you won't be able to access data on the encrypted drive using a Windows machine.

    If this is a requirement, you'll need to use a third-party encryption solution like VeraCrypt. With that in mind, here's how to securely encrypt your USB flash drive.

    [​IMG]

    Attach the USB flash drive to your Mac and locate its disk icon on your desktop, in a Finder window, or in the Finder sidebar, then right-click (or Ctrl-click) it and select Encrypt "[USB stick name]"... from the contextual menu.

    (Note that if you don't see the Encrypt option in the dropdown menu, your USB flash drive hasn't been formatted with a GUID partition map. To resolve this, you'll need to erase and encrypt the USB drive in Disk Utility - before that though, copy any data on the drive to another location for temporary safekeeping.)

    [​IMG]

    When you select Encrypt, Finder will prompt you to create a password, which you'll need to enter the next time you attach the USB flash drive to a Mac. (Don't forget this, otherwise you'll lose access to any data stored on the USB drive!) Once you've chosen a password, verify it, add a meaningful hint if desired, and click Encrypt Disk.

    The encryption process depends on how much data you have on the USB flash drive, but you'll know it's completed when its disk icon disappears and re-mounts. You'll now be able to access the contents of the USB flash drive as usual, but if you physically detach it and re-attach it to your Mac you'll be prompted to enter the password.

    [​IMG]

    Note that the prompt includes an option for macOS to remember this password in my keychain. Check the box, and whenever you attach the USB stick to your Mac again you won't be prompted to enter the password and you'll have automatic access to it, just like any other drive.

    [​IMG]

    If you ever want to decrypt the USB flash drive in future, right-click (or Ctrl-click) its disk icon, select Decrypt "[USB stick name]" from the contextual menu, and enter the password to turn off encryption protection.

    How to Encrypt a USB Flash Drive in Disk Utility
    Before proceeding, make sure you've copied any data on the USB flash drive to a safe location, like your Mac's internal disk.
    1. Launch Disk Utility, located on your Mac in Applications/Utilities.
      [​IMG]

      In the Disk Utility toolbar, click the View button and select Show All Devices if it isn't already ticked.
      [​IMG]

      Select your USB flash drive in the sidebar by clicking its top-level device name (i.e. not the volume name that's listed beneath it).
      [​IMG]

      Click the Erase button in the toolbar.
    2. Give the USB flash drive a name.
      Next, click the Scheme dropdown menu and select GUID Partition Map. (It's important to do this first before the next step, otherwise you won't see the encryption option in the Format dropdown.)
      [​IMG]

      Now click the Format dropdown menu and select Mac OS Extended (Journaled, Encrypted).
      [​IMG]

      Click Erase.
      [​IMG]

      Enter your new password, enter it once more to verify, include a password hint if desired, then click Choose.
      [​IMG]

      Click Erase once again, and wait for your disk to be formatted and encrypted.
      [​IMG]
    Once the process is complete, copy across your sensitive data to the blank USB flash drive, where it will be automatically encrypted and secured with a password.

    Article Link: How to Encrypt a USB Flash Drive in macOS Mojave
     
  2. Fedelix macrumors newbie

    Joined:
    Apr 9, 2014
    #2
    Using Dark Mode for screenshots isn‘t a good choice for tutorials.

    I‘m sorry!
     
  3. Kole macrumors newbie

    Joined:
    Dec 16, 2018
    #3
    Disagree. It’s an official feature in Mojave and one can still follow the exact same options despite it being in dark mode.
     
  4. 1rottenapple macrumors 68020

    Joined:
    Apr 21, 2004
    #4
    Can you encrypt a spinning external hard drive, after it is full of data?
     
  5. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    Yep... it works the same as the USB key in this article. Assuming the drive is already properly formatted, just right click and select encrypt.
     
  6. BigMcGuire Contributor

    BigMcGuire

    Joined:
    Jan 10, 2012
    Location:
    California
    #6
    Dark mode is beautiful! One thing I like about Mac OS is the ease of encrypting personal data.
     
  7. Emanuel Rodriguez macrumors member

    Emanuel Rodriguez

    Joined:
    Oct 17, 2018
    #7
    The only caveat is that it depends on how full the disk is. Some room (although not much) must be made for the Core Storage headers, if the disk is formatted as HFS+. APFS doesn't need to make extra room, though.
     
  8. iapplelove macrumors 601

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #8
    I have.

    I also just encrypted all my G drives since I’m moving away from TC.
     
  9. Westside guy macrumors 603

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #9
    The “from the desktop” encryption process seems pretty much the same as in previous versions of OS X / macOS.
     
  10. Dapsol macrumors newbie

    Joined:
    Nov 5, 2012
    #10
    i would personally pick APFS which is optimised for flash storage devices...
     
  11. David G., Dec 16, 2018
    Last edited: Dec 16, 2018

    David G. macrumors 65816

    Joined:
    Apr 10, 2007
    Location:
    Alaska
    #11
    It’s not that the process is different. It’s that black text on a white background is easier to read. Heck, some of the text is grey on black; how in the world could that ever be seen as anything close to desirable for tutorials for the masses? With my vision I’m having difficulty reading it. Let what’s stood the test of time be displayed for the vast majority, and run dark mode on your own machine on your own time.
     
  12. LinusR macrumors 6502

    LinusR

    Joined:
    Jan 3, 2011
    #12
    Very cool tidbit, didn't know about this -- thanks!
     
  13. jezbd1997 macrumors 6502

    jezbd1997

    Joined:
    Jul 8, 2015
    Location:
    Melbourne Australia
    #13
    Might have compatibility issues, I would definitely be holding off for now. Especially since a lot of Macs are still running Sierra or earlier
     
  14. Luba macrumors 65816

    Luba

    Joined:
    Apr 22, 2009
    #14
    Is flash storage on a USB the same type of storage technology as on a SSD? Thus, better to format in APFS.
     
  15. Westside guy macrumors 603

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #15
    Since I generally need to use my USB sticks on both Windows and Mac (plus occasionally Linux), what I do is create a Veracrypt image on an exFAT-formatted USB stick. I leave enough room for the Mac installer on there - you can make Veracrypt containers “portable” (self-contained) for Windows, but for Mac you need to have Veracrypt installed on the computer.

    It’s surprising, but there are still occasions when a USB stick is easier and faster than working over the network.

    BTW if you aren’t familiar with Veracrypt - it’s the maintained successor to the last audited version of TrueCrypt.
     
  16. nate13 macrumors 6502

    nate13

    Joined:
    Feb 16, 2004
    Location:
    Fargo, ND
    #16
    Exactly why I came to comment. In a dark environment, with dark surroundings, I believe dark mode is awesome. In a bright context (mac rumors home page for example), its just terrible. MR editors take note!!
     
  17. Sedulous macrumors 68020

    Sedulous

    Joined:
    Dec 10, 2002
    #17
    Actually white text on black background is easier to read. It is an issue of contrast and how the eye compensates for overall brightness.
     
  18. Emanuel Rodriguez macrumors member

    Emanuel Rodriguez

    Joined:
    Oct 17, 2018
    #18
    Yes, the technology is basically identical. The speed differs between flash drives and SSDs for a number of reasons, but the tech is the same. APFS is more optimized for SSDs, but it's better than HFS+ in numerous other ways. It's also the best option for ye ol' spinning rust drives as well. Apple has quietly added defragmentation support to APFS, which is only relevant on magnetic drives.

    EDIT: I have found defragmentation off by default on all the magnetic drives I've formatted as APFS though, and has to be enabled manually, via the command-line. Who can say why.
     
  19. shahr04360 macrumors regular

    Joined:
    Jun 4, 2007
    Location:
    Malaysia
    #19
    That’s the first thing crossed in my mind. Too much cosmetic and not user friendly!
     
  20. Luba macrumors 65816

    Luba

    Joined:
    Apr 22, 2009
    #20
    Oh, what's the command-line command to defrag APFS HDDs?
     
  21. timmyh, Dec 17, 2018
    Last edited: Dec 17, 2018

    timmyh Contributing Editor

    timmyh

    Joined:
    Mar 18, 2016
    Location:
    Liverpool, UK
    #21
    That would work, too. I stuck with Mac OS Extended for compatibility, because you might not know in advance which version of macOS is running on the Mac that you end up plugging the USB stick into.

    Looking at the comments above, there's obviously differing opinions on the use of dark mode in screenshots. For anyone interested in voting, I've posted a twitter poll on the debate here, and I'll personally honour the results going forward.
     
  22. David G., Dec 17, 2018
    Last edited: Dec 17, 2018

    David G. macrumors 65816

    Joined:
    Apr 10, 2007
    Location:
    Alaska
    #22
    I do not have a Twitter account and am therefore unable to vote. Mark me down as a vote for standard mode.
    P.S. Thank you for doing these tutorials, every now and then I learn something!
     
  23. Emanuel Rodriguez, Dec 17, 2018
    Last edited: Dec 17, 2018

    Emanuel Rodriguez macrumors member

    Emanuel Rodriguez

    Joined:
    Oct 17, 2018
    #23
    Where you see "/Volumes/My Disk", replace "My Disk" with your harddrive's exact name (probably best to copy and paste it in there), and this will enable background defragmentation. The defrag happens when you're not using the disk, which is probably ideal. There is no way to simply "run" a defrag, you can only enable the ability to at some point do it in the background.

    Also, you can disable background defragmentation by changing "set=yes" to "set=no". You'll also have to blindly enter your account password when it asks for it, and push return. It won't display anything as you type it.
    Code:
    sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -D set=yes `diskutil info '/Volumes/My Disk'|grep Device\ Identifier|grep -Eo 'disk[0-9]+(s[0-9]+)?'`
    
    
    Make sure you don't run this on an SSD though, because defragmenting an SSD is not only useless, but can significantly reduce its lifespan. Naturally, if you do, you can simply disable it by changing "set=yes" to "set=no".
    --- Post Merged, Dec 17, 2018 ---
    Yes. I was initially going to suggest MacRumors use APFS instead of HFS+ for this article, but I work in IT, and it's hard not to notice the crazy number of people who seem to be religious about never updating anything, even when you know macOS lets you know about updates by default. I don't know how they do it, to be honest. Anywho, definitely best to ensure this guide works, even on those computers.
     
  24. MacBH928 macrumors 68030

    MacBH928

    Joined:
    May 17, 2008
    #24
    Do these encryptions ever get corrupted? You don't want to open a folder 3 years later and it just doesn't work, password or not.

    Also, what happens if you encrypt the folder and after 3 or 4 MacOS upgrades, will it still be able to decrypt it or it will say software not supported?
    What happens if you just don't have a MacOS?
    Also is it safe or is it just a stupid security measure that can be unlocked with some 3rd part software?

    also why you didn't choose APFS encryption
     
  25. Emanuel Rodriguez macrumors member

    Emanuel Rodriguez

    Joined:
    Oct 17, 2018
    #25
    If the data is being stored on an SSD, the chance of corruption is very low, although not impossible. On a regular magnetic drive, the chance is actually far higher, especially if the data hasn't been touched in three years. This is known as "bit rot". APFS has no protection against bit rot for your data, although it does protect the filesystem metadata. There is the possibility that Apple could implement such a thing, however. Other similar filesystems (ZFS) have support for bit rot protection, so I'm hopeful Apple will see the wisdom in implementing such a thing. The only caveat is that any such protection would consume a large chunk of your storage. If implemented, it would most certainly be optional.

    If you're concerned, create an APFS volume without encryption, and you should be fine. The filesystem itself should always work, even if there is minor data corruption.
     

Share This Page