Encrypt Your EDC Flash Drive with VeraCrypt
During our recent EDC episode, Rich and I mentioned that we both carry flash drives on our person or in our EDC bags. We briefly touched on encryption, but we didn’t really explain why it’s important or how to use it. This post will explain how to use encryption to secure the data on your EDC drive. Before that I’ll talk about my flash drive(s) and hopefully give you some ideas for how to use yours.
EDC Flash Drives
I carry my EDC flash drive on my keys. It is a 128-GB Kingston Data Traveler. The body of the Data Traveler is aluminum, and this flash drive is incredibly robust. It will survive a dunk in water and the day-to-day abuse that goes along with being constantly in my pocket. I find that I do have to replace this drive every eighteen months or so as the USB connector gets too bent to insert into the computer. At $35 I consider this peace of mind to be well worth it.
I also have a second flash drive that I carry in my EDC pack. This flash drive is physically larger and is much more robust than the Kingston; it is a Corsair Survivor. The Survivor is encased in a rugged, two-piece aluminum tube. When the tube is closed it is waterproof to 200 meters, impact and vibration resistant, and available in sizes up to 512 GB.
One important note about both of these drives: both are USB 3.0 rather than the older (and far less expensive 2.0 versions). USB 3.0 permits much faster data transfer and data access. This is important when using encryption because everything accessed from the drive must be decrypted. The faster the drive is, the faster this process is allowed to occur.
The Stuff On The Drive
I carry a lot of important information on this drive. I digitize all of my important documents and keep them on this drive. In the event that I encounter a disaster – be it small-scale personal disaster or large natural or man-made disaster – I will not lose all my data. I probably don’t have to explain the importance of many of these documents to you.
Identity documents like my birth certificate, social security card, and scans of driver’s license and passport, and concealed carry permit,
Ownership documents such as titles and deeds, and insurance policies,
Contact information for friends and family,
Veterinary records for pets (vital in the event you have to evacuate).
I also make sure to include an up-to-date copy of my password manager’s database which contains passwords for all my online accounts. I even have space to store many of my personal photos.
Naturally, with so much personal information available on these drives, I am very interested in keeping it safe. I could lose the drive in a moment of carelessness. It is possible that the drive will one day work itself off my key chain and be dropped somewhere. I could be mugged and have my pocket items stolen. Encryption allows me a convenient way to protect all this data. Encryption assures that anyone in possession of my flash drive will only be able to access the data it contains if they have the correct password.
How To Encrypt Your EDC (or any other) Flash Drive
Encrypting your flash drive really isn’t that difficult. If you’re a Windows user, I recommend you use a free and open-source tool call VeraCrypt. Mac users can use VeraCrypt, too, but they also have an additional option. Mac computers come with an encryption program built right in, but I’ll save those instructions for another article.
If you are a Mac user you may still consider using VeraCrypt. If you encrypt your flash drive with Mac’s native solution, you will only be able to access that drive on a Mac computer. If you encrypt it with VeraCrypt you will be able to access it from any computer with VeraCrypt installed… but of course many computers may not have VeraCrypt installed. There are pros and cons to each approach, so choose the option that is most appropriate for you. If you are a Mac user and plan on using Mac’s built-in encryption, you can skip ahead to that section.
VeraCrypt Encryption Instructions
Before we head into this, I have to let you guys know: this looks harder than it is. I know there are a lot of steps, but they are mostly small, click this/check that kind of steps. This isn’t a very difficult process, and if you follow the instructions step-by-step you’ll be fine. Also, please note, these instructions are for Windows machines. If you’re a Mac user the instructions are only very slightly different and you should still be able to follow along. If you’re a Linux user I’m going to assume you’re already way ahead of me and can probably figure this out on your own.
Step 2: Open VeraCrypt and click “Create Volume” button. This will initiate the Volume Creation Wizard. VeraCrypt refers to encrypted containers as “volumes.”
Step 3: In the Volume Creation Wizard select “Encrypt a Non-System Partition/Drive” and then click Next. When you click “Next” you will be prompted to give administrator permission to make changes to a partition. Click “Ok” and enter your administrator password to confirm this change.
Step 4: On the next screen select “Standard VeraCrypt Volume” and click Next.
Step 5: On the next screen click the “Select Device” button. A new dialogue will appear; look for your device and select the partition below it. BE SURE YOU SELECT THE CORRECT DEVICE! The names of each available partition will probably look unintelligible to you if you aren’t familiar with partition tables. There are still some clues you can look for that will guide you in the right direction: look for the manufacturer of the device and its size.
Step 6: This screen offers two options. I generally recommend using the first option, “Create Encrypted Option and Format It.” This will delete everything from the drive. If you already have files on the drive, you should copy them to your computer, encrypt the drive, then move the files back to the drive. The other option is to “Encrypt Volume In Place” which will encrypt and maintain any documents already on the drive.
Step 7: You will now be prompted to select your encryption options. The defaults on VeraCrypt are extremely secure and I do not recommend changing them. The default encryption algorithm is AES-256 and the default Secure Hash Algorithm is SHA-512; do not make any changes and click Next.
Step 8: On this screen you can simply click Next. If we were making a typical volume, this screen would allow us to select its size. Since we are encrypting the entire disk, the size is already selected for us.
Step 9: On this screen you are prompted to create a passphrase. You must create a strong passphrase, preferably 20 characters or more. This device is at very high risk of loss, and if found the password could be brute-forced at millions of guesses per second. If you need inspiration for coming up with a strong, unpredictable password, read this: https://www.pcmag.com/article2/0,2817,2419274,00.asp
Once you have entered your passphrase twice, click Next.
Step 10: The next option asks if you intend to store files larger than 4 GB in size. Even if you do not, I recommend checking “Yes” to this question. If you select “No” your drive will be formatted as FAT. Unfortunately, FAT isn’t totally compatible with other systems (i.e. Mac and Linux). If you click “Yes” the default file format will now be exFAT, which is completely compatible with other operating systems.
Step 11: Move your mouse around wildly. Seriously. For VeraCrypt’s AES encryption to be secure, it must collect a pool or pseudorandom data. The visible window of VeraCrypt’s graphical user interface is mapped mathematically. When you move your cursor around over this window, the necessary pseudorandom data is collected. Be advised,this only works when the cursor is on the VeraCrypt window, so don’t get too wild with your mouse movements. Once the progress bar at the bottom is completely full (and green), click Format Disk. You will be warned that you are about to delete all content on the disk. We knew that going in, so take a deep breath and click Yes.
Step 12: Wait. Depending on the size of your flash drive and the speed of your computer, this might take anywhere from a few minutes to a couple of hours. Do not interrupt the process by removing the flash drive, shutting down the computer, or closing VeraCrypt until the process is totally complete.
Once the encryption process is complete, you will see several warnings and dialogues. Click through these and exit the Volume Creation Wizard.
Using a VeraCrypt-Encrypted Flash Drive
Now that your flash drive is encrypted with VeraCrypt, you need to know how to use it. You will need to be able to mount (or unlock) it to view, add, modify, or delete the files inside it. Fortunately, this process is pretty easy to navigate.
Step 1: Insert your flash drive into a computer that has VeraCrypt installed.
Step 2: Open VeraCrypt and select a drive letter. VeraCrypt will mount the encrypted volume as a virtual hard drive, so you must assign the volume a drive letter. Do this by simply clicking on any available letter on the VeraCrypt interface.
Step 3: Click the Auto-Mount Devices button. When the password prompt appears, enter your passphrase and click OK.
If you enter your passphrase correctly the volume will mount. To access this volume, simply navigate to This PC in Windows explorer. Windows should display a new drive, as if you’d just plugged in a new flash drive. It will also behave as a flash drive or external hard drive. You can now double-click it to open, then drag your files right over. Easy day.
Step 5: When you are finished working inside your VeraCrypt container, you must secure it before removing the flash drive. Doing so is simple. First, close any files that are open from the container. Next, select the appropriate drive letter from the list on VeraCrypt’s interface, then click “Dismount.” That’s it!
The next time you want to use your VeraCrypt container, simply follow the steps again.
Encryption is massively important for protecting data. It is especially important for any portable data that you keep on your person - the risk of losing such data is incredibly high. Fortunately, protecting it is easy and free. It just takes a little time and patience. If you’ve never done anything like this, go slowly, and get comfortable with it before you commit your data to an encrypted flash drive.
Affiliate Disclosure: Across The Peak uses Amazon Associates to earn a small commission when you click Amazon links on our site. This helps to support the blog and the show. Thank you!