Encrypting a USB drive protects your sensitive files and data when they’re transferred between different locations. This tutorial shows how to encrypt a USB drive in Windows 10 and Windows 11 so that no one can read or access the data stored inside without entering the right password. You can later decrypt the USB with a password or recovery key, which is also very easy to do.
Tip: protect your personal information with mail encryption. Find out how it works and the best services that offer it.
Why You Should Encrypt Your Flash Drive
A USB drive is a portable device that offers a convenient way of storing and/or transferring your data, though this can come with several security risks. If you don’t encrypt your flash drive, anyone can get their hands on it and check your private files on their computer without your knowledge or consent.
Encrypting the USB stick is a reliable means of protecting it from data theft or exposure. It also allows you to delete your data more securely before discarding your drive, as it’s near impossible to recover deleted data from an encrypted drive.
Use BitLocker to Go
Windows 10 and 11 come with BitLocker, a feature that makes it easy to encrypt your hard drives When used for USB drives, it is technically called “BitLocker To Go.” BitLocker is only available in the Windows 10 and 11 Pro versions. If you’re using Windows 7/8/8.1/10/11 Home, scroll down for other alternatives.
To encrypt your USB drive using BitLocker To Go in supported Windows versions, follow the steps below:
1. Plug in USB Drive and Open in File Explorer
- Plug your USB drive into your Windows PC and let the computer recognize the drive. If you see “AutoPlay” on your screen, click it to view its options in a pop-up window.
- Select “Open folder to view files.” It will open the USB drive in File Explorer.
2. Turn On BitLocker
- Open Control Panel in Windows.
- Click on “System & Security -> BitLocker Drive Encryption” and enable the feature from there.
- In Windows 11, you can also go to “Settings -> System -> Storage -> Advanced storage settings -> Disks & volumes.” The same is accessible in Windows 10 from “Settings -> Storage -> Manage Disks and Volumes.”
- Select your USB and click “Turn on BitLocker” at the bottom of the screen.
- You’ll be taken directly to Control Panel.
Tip: need a new flash drive? These are the best portable USB options that you can buy.
3. Use BitLocker to Encrypt USB Drive
- Wait a few seconds for BitLocker to initialize the drive. Don’t remove your USB during this setup.
- Check the “Use a password to unlock the drive” box.
- Type in a password you can remember inside the “Enter your password” box and repeat it in the “Re-enter your password” box, then click “Next.” If you have a physical smart card, you can use it to unlock the USB drive with a PIN.
- You’ll get a prompt to back up a recovery key. This key allows you to access the USB drive in the event that you lose the encryption password. Save this key or print it out, but remember to store it safely.
- Select how much of your USB drive you’d like to encrypt: select the entire drive or the used space only. Then click “Next.”
- Choose either New encryption mode or Compatible mode for the BitLocker drive. If you’re going to use the USB drive on the same computer, choose the new encryption mode. However, if you want to use it on other computers running old Windows versions, select “Compatible mode.”
- Wait a few minutes for the encryption to complete. You can pause it in the middle of the process.
- After the encryption is complete, you will see options such as “Manage BitLocker” and “Change BitLocker password” (after pressing “Show more options” in Windows 11) by right-clicking the USB drive. In Windows 10, you will see both options together, as it doesn’t use context menus.
- Windows 10 offers one more option to turn on BitLocker in File Explorer itself. Click “BitLocker” on the ribbon menu followed by “Turn on BitLocker” to activate the encryption wizard.
- Once the device is encrypted and you try to open your USB drive in Windows File Explorer, you’ll see a lock button showing that it is securely encrypted. To access the drive now, you’ll be prompted to enter the password you created initially.
- There are other options such as a smart card that will automatically unlock the drive on your computer or a recovery key if you forgot the password.
Good to know: learn how to enable quick removal of USB drives in Windows.
Use USB Drive Encryption Software
If you’re on a Windows Home edition, you won’t have access to BitLocker to Go. consider using an encryption manager to encrypt your USB drive in Windows. We have two of the best recommendations below.
1. VeraCrypt
VeraCrypt is one of the best USB encryption alternatives for Windows. It also supports macOS and Linux. It uses 256-bit AES encryption, which is very strong and can’t be cracked by brute force. You don’t have to install it on your Windows PC, just download it to your USB drive directly.
- Download whichever is the latest stable release of the “VeraCrypt.exe” installer for Windows. In this case, we are downloading the Portable version.
- Click the portable installer and follow the on-screen instructions that include extracting the installer files to a Windows folder.
3. Click to launch the application from the Windows folder.
- As soon as you see the home screen, select “Create new volume.” This will open a new pop-up window for VeraCrypt Volume Creation Wizard. Choose the “Encrypt a non-system partition/drive” option.
- Select the removable media flash drive for volume location.
- Choose your USB drive encryption option that varies from basic AES to advanced encryption standards, such as Serpent and Twofish.
- After entering the volume size in MB, you will need to enter the password for the USB drive volume.
- To change the password later, click “Volumes -> Select device.” This allows you to select your removable media USB drive, which then displays on the dashboard.
- Select “Change volume password” for the USB drive.
- Rename the password.
Tip: USB ports not working? We have a few tips you may want to try that will help you fix the issue.
2. HasLeo BitLocker Anywhere
HasLeo BitLocker Anywhere is a third-party BitLocker solution that resembles the Windows Pro BitLocker. Apart from Windows Pro, it also supports all editions of Windows Home ranging from Windows 7, 8, 8.1, 10, and 11. This makes it very easy to use.
- Download and install the trial version of HasLeo BitLocker Anywhere.
- Head to the dashboard and right-click the drive letter to bring up the action menus.
- You will see the “Turn on BitLocker” option as soon as you right-click on the USB drive.
- Enter and confirm your passwords to encrypt the drive. You can also save advanced settings, such as 256-bit encryption.
- Wait for the USB encryption to complete.
How to Decrypt Your USB Drive in Windows
After encrypting your USB drive, if you want to make it usable and sharable once again, you will need to decrypt it.
- If you’re using Windows BitLocker or a third-party BitLocker software, such as HasLeo, go to the BitLocker Drive Encryption folder.
- Click “Turn off BitLocker” in Device Manager.
- You will get a warning message as shown below. Click “Turn off BitLocker.”
- Wait a couple of minutes for the USB decrypting process to continue. You should see a status percentage message.
- Once finished, you will see a “Decryption of the [USB] drive is complete” message alert. This means BitLocker has been disabled for the USB drive.
- If you’re using VeraCrypt, it has a “Permanently Decrypt” option that you can access from the top of the “Volumes” tab.
Tip: did you know that you can back up your data by creating a USB image? We show you how.
Frequently Asked Questions
What encryption does BitLocker use?
BitLocker has used the powerful 256-bit XTS-AES encryption mode since Windows 10 version 1511, which has continued all the way to Windows 11’s latest versions. It is impossible to break this with brute force attacks. With the improved algorithm, it also offers integrity support. Windows versions older than 1511 don’t have this new encryption mode. You can also use a lower 128-bit encryption standard with BitLocker.
Can you enable BitLocker with PowerShell?
PowerShell can perform many advanced functions, as it’s a full-fledged scripting interface. To enable BitLocker with PowerShell, open it in Administrator mode (provided you have the Windows Professional edition) and type the following:
$Pin = ConvertTo-SecureString "205020" -AsPlainText -Force
Enable-BitLocker -MountPoint "Drive Letter:" -EncryptionMethod Aes256 -Pin $Pin -TPMandPinProtector -UsedSpaceOnly
After entering a password, the encryption process should start automatically.
Can qn encrypted USB be hacked?
An encrypted USB created using BitLocker, VeraCrypt, or similar powerful tools can never be hacked by brute force attacks. However, encryption doesn’t protect your data and files from human error. Disclosing your password to unauthorized users can cause data breaches, so you should consider using a password manager.
Image credit: Pixabay. All screenshots by Sayak Boral.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox