Updated: May 24, 2018

Use this InfoTip to set up encryption on mobile USB storage devices eg. USB stick. Create a few of them so they are handy.

Prerequisites

  • Microsoft Windows 7 and up only.
  • A BitLocker-encrypted USB device is not usable on a MacOS desktop. Use this InfoTip for USB devices and MacOS.
  • Does not apply to self-encrypting devices.
  • This procedure will work for work and home devices.

Setup Procedure

  1. Insert a blank USB device to a Windows desktop computer.
  2. Format the device: Right click on USB device in Windows Explorer, select ‘Format…’.
  3. Enable BitLocker encryption on the USB device: Right click on the USB device in Windows Explorer, select ‘Enable Bitlocker…’
    1. When prompted to enter a password, pick a strong one, eg. 12 characters, upper, lower, digits and characters.
    2. The device encryption can take a long time (hours).
    3. Store the password separately from the USB device. Using a password manager program makes password usage much easier and is highly recommended. Use this InfoTip on password managers.

Using Your Encrypted USB Device

  1. Once the device is set up, it can be used with any Windows computer as a regular storage device once you use the password with the device, ie. you can copy/delete/move files on the device.
  2. If you forget the password, the encrypted data is not recoverable IF YOU LOSE/FORGET THE PASSWORD, THE ENCRYPTED DATA IS NOT RECOVERABLE. The use of a password manager is highly recommended.
  3. To un-encrypt an encrypted device, re-format it as described above.

 

Missing information on this document? Help us to keep this valuable by emailing additions/errors to: security.admin at utoronto.ca