Ask Leo! #660 – How Should I Password Protect an External Drive?

[/raw]

Before the articles…

This week’s articles cover a common request — securing the data on an external drive — a strong recommendation — turning on two-factor for your Google account — and a continuation of a series on backing with with Windows 10’s built in tools — turning on File history.

If you visit Ask Leo! in the coming days you may notice tool-tips containing glossary definitions for certain highlighted words. We’re in the process of merging the separate glossary website into Ask Leo! main to be more useful. If you have a term you’d like to see defined, let me know — just reply to this email.

The glossary merge is the first step in a “summer of change” at Ask Leo! that will unify several separate sites. This’ll make it easier for me to provide more value, and at the same time reduce some of the multiple-login confusion. Stay tuned!

In other news: The Ask Leo! Guide to Online Privacy is now available directly in the Kindle store. The paper edition is under construction and I hope to have it available soon as well.

How Should I Password Protect an External Drive?

(skip)

I’m wondering if it’s possible to password protect a USB flash drive or any other external hard drive if I’m using Windows as my operating system? In Windows, there’s a feature called ‘Bit locker’. Is it any different than putting on a password?

BitLocker is one solution, and it’s much more than “just” password protecting the drive.

What you’re really looking for is encryption.

A password alone is not enough

The reason you’re looking for encryption is that a password by itself isn’t enough.

For example, let’s say you somehow attach a password to a drive1. Now someone steals your computer, or gains access to that computer using some other operating system or technology that simply ignores the password requirement. Or perhaps they perform some kind of forensic data recovery on the drive. Either way, they can bypass the password and access your files.

That’s not much protection.

What you want instead is that the data you care about — everything on the drive, in your example — be encrypted, so regardless of how it might be accessed, the data is inaccessible without your password.

Approach #1: BitLocker

Included in Windows 7 and later, in all editions except “Home” or “Starter”, BitLocker is a whole-drive encryption technology that can be used on external or internal drives.

Setting a Password in Bitlocker

Windows will encrypt the drive for you, and require the password you set to access that drive’s contents in the future. (When given the opportunity to save a recovery key, do so. That way, even if you forget the password, you’ll be able to regain access. Without the password or recovery key, the data is completely inaccessible.)

This is the kind of protection you’re looking for.

The only real “problem” that remains is that your drive can only be used with Windows, and with Windows editions that support BitLocker. The drive cannot be viewed elsewhere.

Option #2a: VeraCrypt whole-drive encryption

VeraCrypt, the heir-apparent to the long-favored TrueCrypt, is a high-quality encryption program that supports everything we need: encrypting the entire disk, like BitLocker, and requiring a password, also like BitLocker.

The difference is that it’s from a third party, works on any edition of Windows (include Home), and is compatible with other systems, including Mac and Linux.

VeraCrypt Password Choice

Once you encrypt a drive, you “mount” it to access its contents, providing the password to do so.

There is no “recovery key” for VeraCrypt encrypted drives, so make sure your data is backed up and that you never lose the password you used to encrypt the drive.

When you encrypt a drive, the entire drive is encrypted, and you need the password to access any files (or folders) anywhere on that drive.

An Encrypted Drive

Option #2b: VeraCrypt volume encryption

A hybrid approach avoids encrypting the entire drive, but instead creates a single (large-ish) file, which is then encrypted and used as a container for your files.

Encrypted File Container

Rather then mounting the drive, you mount that encrypted container, specifying the password, at which point its contents become visible as if it were a separate drive. You can choose to place unencrypted data in the drive directly (accessed as E: in the diagram above), or deal with data that’s encrypted in the mounted file container (accessed in drive F: in the diagram above).

As long as the container is mounted and password provided, its contents are available as on any drive. Once unmounted, the files are no longer visible.

VeraCrypt encrypted containers have the advantage that the container itself can be copied to other drives or devices — even using other operating systems — and mounted there for access, when the password is supplied.

My preference

I tend to use BitLocker for drives that are permanently mounted in the computer, such as the system drive. Of course, if you have Windows Home Edition, that’s not an option, in which case VeraCrypt would be my choice.

If I want encryption on an external drive, I use VeraCrypt — either whole-drive or container — because this gives me the flexibility of using that drive or container in any of my systems, whether Windows, Mac, or Linux.

Related Links & Comments: How Should I Password Protect an External Drive?
https://askleo.com/6250

The Ask Leo! Guide to Online Privacy

There’s no avoiding the issue: privacy issues are scary, complex, and even somewhat mystifying.

The Ask Leo! Guide to Online Privacy tackles these topics in terms you can understand. The Ask Leo! Guide to Online Privacy will help you understand what’s at risk, what steps to take, and what to do when you’re not sure.

The Ask Leo! Guide to Online Privacy

Enabling Google Two-Factor Authentication


A high percentage of the questions I’ve received over the years have related to account loss due to hacks or other compromises. Enabling Google Two-Factor Authentication
https://askleo.com/28334

Enable File History in Windows 10


Backing up the files you care about on a regular basis is a common (if incomplete) approach to backing up. While I much prefer an Enable File History in Windows 10
https://askleo.com/28383

The Ask Leo! Tip of the Day

A feature exclusively available to Ask Leo! Patrons Bronze level & above.

More Ask Leo!

Become a Patron
Books
Business
Glossary
Facebook
YouTube
More..

Leo’s Other Projects….

HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ‘ reminding us that people are good, that individuals and individual action matter. Stories – new and old – are published twice a week.

Not All News Is Bad – Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.

leo.notenboom.org – My personal blog. Part writing exercise, part ranting platform, it’s where I write about anything and everything and nothing at all.



Help Ask Leo! Just forward this message, in its entirety
(but without your unsubscribe link below) to your friends. Or, just point them
at https://newsletter.askleo.com
for their own FREE subscription!

Newsletter contents Copyright © 2017,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software,
LLC


[/raw]