OS X Security: Encrypting External Disks

Encrypting Disks Under 10.8 or 10.9

If you’re running Mountain Lion or Mavericks, this process is really, really easy. However, even though this first method theoretically shouldn’t erase any data on the drive, be sure you have a backup before you begin just in case things go all nutty on you. Better safe than…well, you know.

So to get started, right- or Control-click on the drive’s icon on your Desktop and pick “Encrypt [Name].”

If you don’t see that icon, you can either go to Finder> Preferences> General and turn on showing external disks on your Desktop…

…or you can right-click on the drive’s icon in Finder’s sidebar and encrypt it from there.

Whatever method you choose, the next step will be creating the drive’s password and coming up with a hint for it.

Of course, here comes the Big Bad Scary Caveat™—don’t forget this password, or you’ll lose access to the data on the drive. Irrevocably. Forever and ever. Bad bad bad. Write the password down on a sticky note and shove it in your underpants if you need to. Or store it in your password-management program, which would probably be safer and more sanitary.

Anyway, after you’ve typed in that info, click “Encrypt Disk,” and the process should begin. Unfortunately, there is no progress bar to tell you how far along you are, which is kind of a huge oversight on Apple’s part. You can right-click on the drive’s icon at any point to see if it’s still encrypting:

However, in my testing, that contextual menu sometimes shows spurious messages. 

Um, what? You lie to me, menu.

So give it some time. This process can take hours depending on the size of the drive you’re encrypting, so go get some coffee or take a nap while you let it do its thing.

You can tell that it’s finished by right-clicking on that same icon. If you see “Decrypt [Name]” in black text, you’re ready to go!

Then whenever you plug in the disk afterward, it should ask you for the password.

For extra security, don’t select “Remember this password in my keychain,” and your Mac will ask you for the password every time.

Encryption with 10.7 Lion

So what do you do if you’re not running 10.8 or 10.9? The process isn’t much more difficult, but it does require that you erase the contents of the drive. What you’ll do is plug in the drive and open the Disk Utility program (it’s within Applications> Utilities). 

Select the correct drive’s partition (it’s the named, indented icon) from the left-hand list.

Click on the Erase tab, and then from the “Format” drop-down menu, choose “Mac OS Extended (Journaled, Encrypted).”

Name your soon-to-be-nuked drive whatever you like, and click “Erase” at the bottom-right. As before, you’ll have to then pick a password to get the process started. 

I gotta repeat my warning: This will erase the data off of the drive you're encrypting. We’re clear on that, right?

To be honest, I almost always use this method instead of the one I described above, even under Mavericks and Mountain Lion. It takes tons less time since it doesn’t have to preserve any existing files, and you actually get a Disk Utility progress bar to know when it’s finished. Of course, if you have to keep the stuff that’s already on the drive, the right-click method is your best choice.

One final point—if you encrypt a drive, don’t expect to be able to read its files on earlier versions of the operating system. A drive you encrypt under 10.9 won't be readable with a Mac running 10.6, for example. But no matter what, your data will be secure if it falls into the wrong hands. Don’t you feel better? I feel better. I like knowing that my extensive collection of Firefly fanfic is safe. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!