Updated: May 24, 2018
Use this InfoTip to set up encryption on mobile USB storage devices eg. USB stick. Create a few of them so they are handy.
Prerequisites
- Microsoft Windows 7 and up only.
- A BitLocker-encrypted USB device is not usable on a MacOS desktop. Use this InfoTip for USB devices and MacOS.
- Does not apply to self-encrypting devices.
- This procedure will work for work and home devices.
Setup Procedure
- Insert a blank USB device to a Windows desktop computer.
- Format the device: Right click on USB device in Windows Explorer, select ‘Format…’.
- Enable BitLocker encryption on the USB device: Right click on the USB device in Windows Explorer, select ‘Enable Bitlocker…’
- When prompted to enter a password, pick a strong one, eg. 12 characters, upper, lower, digits and characters.
- The device encryption can take a long time (hours).
- Store the password separately from the USB device. Using a password manager program makes password usage much easier and is highly recommended. Use this InfoTip on password managers.
Using Your Encrypted USB Device
- Once the device is set up, it can be used with any Windows computer as a regular storage device once you use the password with the device, ie. you can copy/delete/move files on the device.
- If you forget the password, the encrypted data is not recoverable IF YOU LOSE/FORGET THE PASSWORD, THE ENCRYPTED DATA IS NOT RECOVERABLE. The use of a password manager is highly recommended.
- To un-encrypt an encrypted device, re-format it as described above.
Missing information on this document? Help us to keep this valuable by emailing additions/errors to: security.admin at utoronto.ca