How do I format my external hard drive to be encrypted on my Mac?

Table of Contents

Quick Answer

To format an external hard drive to be encrypted on a Mac, you need to use Disk Utility. Follow these steps:

Connect the external drive to your Mac
Open Disk Utility (located in Applications > Utilities)

Select the external drive on the left side
Click Erase at the top
Choose “Mac OS Extended (Journaled, Encrypted)” as the format

Enter a name for the drive
Click Erase
Enter a password to encrypt the drive

Click Choose
Click Done when formatting is complete

This will format the drive as encrypted using AES-XTS encryption. You’ll need to enter the password each time you connect the drive to access the contents.

What options do I have for encrypting an external hard drive on Mac?

There are a couple options for encrypting external hard drives on Mac:

Format with encrypted file system

You can format the drive with an encrypted file system like Mac OS Extended (Journaled, Encrypted). This fully encrypts the entire drive at the disk level.

Use FileVault encryption

FileVault is Mac’s built-in whole-disk encryption tool. It can encrypt the system drive on your Mac, and also external drives.

Use a third-party encryption tool

There are many third-party apps available that can encrypt external drives, such as VeraCrypt, Cryptomator, and BoxCryptor. These provide an added layer of security on top of Mac’s encryption.

Store encrypted files/folders on the drive

Rather than encrypting the full disk, you can also just encrypt specific files or folders that you want to keep private. MacOS has native encryption capabilities for this.

So in summary, formatting with FileVault or Mac OS Extended (Journaled, Encrypted) are the simplest full-disk options. Third-party tools offer more customization. And you can also selectively encrypt just some contents.

Why should I encrypt my external hard drive?

Here are some key reasons you may want to encrypt an external drive:

Protect sensitive data – If the drive contains private, sensitive or confidential data, encryption keeps it secure if the drive is lost or stolen.
Privacy – Encryption guarantees the data is unreadable without the password. So it maintains privacy if the drive ends up in the wrong hands.

Prevent unauthorized access – Encryption foils anyone trying to access the drive contents without credentials.
Security compliance – Some organizations require encryption to comply with security policies or industry regulations.
Wipe data securely – An encrypted drive can be wiped by securely discarding the encryption key to ensure data is unrecoverable.

Portability – An encrypted drive’s contents can be safely transported or stored offsite without worrying about security.

In general, encryption protects against data theft or exposure if the external drive is lost, stolen or improperly accessed. It provides an important layer of security for your sensitive data.

How do I encrypt an external hard drive on Mac with Disk Utility?

Here are the step-by-step instructions to encrypt an external drive using Disk Utility on Mac:

Connect the external drive – Physically connect the drive to your Mac using a USB, Thunderbolt or FireWire cable.
Open Disk Utility – Find and launch Disk Utility, located at /Applications/Utilities/ or searchable in Spotlight.
Select external drive – Click the external drive you want to encrypt in the left sidebar in Disk Utility.

Click Erase – Along the top menu bar, click the Erase button.
Choose format – In the popup, choose “Mac OS Extended (Journaled, Encrypted)” as the Format.
Name drive – Optionally enter a Name for the drive, like “Encrypted External Drive.”

Start erasing – Click the Erase button at the bottom right. This will fully erase and format the drive.
Enter password – You’ll be prompted to set a password for the encryption. Choose a strong, hard to guess password.
Confirm password – Enter the password again to confirm it.

Let it complete – The external drive will now be fully encrypted. This process can take some time to complete depending on the drive size and speed.
Access drive – Once encrypted, you’ll need to enter the password each time you connect the drive to access the contents.

And that’s it! After following these steps, your external drive will be encrypted and inaccessible without the password.

How do I encrypt an external hard drive on Mac with FileVault?

FileVault is Mac’s builtin full-disk encryption tool. Here is how to use it on an external drive:

Connect the drive – Connect the external drive to the Mac using a cable.
Open Finder – Open a Finder window and locate the external drive on the left sidebar.

Right-click the drive – Right-click on the drive icon and select “Encrypt [Drive Name]” from the contextual menu.
Set password – You’ll be prompted to set a password that will be needed to access the encrypted drive.
Encrypt! – Click Encrypt Disk button and your drive will start getting encrypted by FileVault.

Track progress – You can track the encryption progress in Finder. The drive icon will change appearance when fully encrypted.
Access drive – After encryption completes, you’ll need to enter the password each time to access the drive contents.
Decrypt later – To decrypt the FileVault encrypted drive, right-click it and select Decrypt [Drive Name].

The advantage of using FileVault is that it’s built right into macOS and easy to use. But it lacks some customization options that third-party encryption tools offer.

What are the differences between encrypting with Disk Utility versus FileVault?

Here are the main differences between encrypting an external drive with Disk Utility compared to FileVault:

Feature	Disk Utility	FileVault
Speed	Faster encryption	Slower encryption
Mac version	Works on all versions	Only works on Mac OS X 10.3+
Type	Full disk encryption	Full disk encryption
Encryption standard	AES-XTS 128 or 256-bit encryption	AES-XTS 128 or 256-bit encryption
Encryption control	Full control from Disk Utility	Encrypt/decrypt from Finder
Key escrow	No escrow or recovery key	Optional recovery key can be stored with Apple
Cross-platform	Drive accessible on Mac only by default	Compatible with Mac and Windows PCs

In summary, Disk Utility offers a faster more customizable encryption process while FileVault leverages native macOS integration for simplicity. FileVault also offers options like key escrow and cross-platform compatibility.

What third-party encryption tools can I use on Mac for external drives?

Here some of the best third-party encryption tools for external drives on Mac:

Veracrypt – Provides full-disk and partition encryption using AES, Twofish, Serpent or combinations. Supports hidden volumes within partitions.
Cryptomator – Open-source client-side encryption tool. Cloud-friendly and uses AES and HMAC. Integrates with cloud storage services.

BoxCryptor – Encrypts files and folders to be stored locally or uploaded to cloud storage. Offers AES-256 encryption.
Encrypto – Drag-and-drop interface for encrypting external drives or disk images. Uses AES-256 encryption.
Boxcryptor – Encrypts external drives in FAT32, HFS+, APFS, exFAT, and NTFS formats. Includes cloud storage integration.

AES Crypt – Open source encryption tool that uses AES-256 and SHA hashes. Effective for encrypting files and folders.

Third party tools provide added security layers like two-factor authentication, hidden encrypted volumes, and support for portable encrypted vaults.

The advantage over Disk Utility and FileVault is enhanced security, flexibility and customizability for your specific encryption needs. The downside is they can be more complex to set up and manage.

Should I use software encryption or hardware encryption?

For encrypting external hard drives, you have the choice between software encryption utilizing tools like FileVault or VeraCrypt, or hardware encryption with a drive that has encryption built-in. Here’s how they compare:

Software Encryption

Typically free or lower cost to implement
Platform-independent, can be used across operating systems

Applied in software, so is susceptible to malware/hacks
Can experience performance lag during intensive disk tasks
Requires configuring encryption on each drive manually

Hardware Encryption

Built into some external drive products, so it’s seamless to the user
Encryption/decryption handled directly on the disk controller, independent of OS
Good performance since encryption workload is offloaded from system

More expensive drives than standard external options
Typically platform-dependent and not always cross-compatible

In summary, software gives you more flexibility while hardware is seamless and fast. For casual home use, software solutions are typically sufficient. But for high security needs, choose hardware-encrypted drives designed specifically for strong security.

What risks are there with encrypting an external drive?

While encryption provides important protection for data, there are also some risks and drawbacks to consider:

Forgotten passwords – If you forget the password, the data will be inaccessible and unrecoverable without a backup key.
Hardware failures – Drive failures may lead to irrecoverable data loss if a backup was not maintained.

Performance impact – Encryption can reduce disk performance, especially for large file transfers or frequent disk access.
Loss of drive – While data is secure, loss of the physical drive means loss of access until drive is recovered.
Software attacks – Bugs or flaws in encryption software implementations may compromise security.

Limited functionality – Heavily encrypted drives may not work with some applications or operating system features.
Costs – Hardware encrypted disks are typically more expensive than standard external drives.

The risks can be mitigated through strong key management, use of hardware encryption, encrypting only when necessary, comprehensive backups, and drive redundancy. But encryption does introduce complexity.

What are some best practices for encryption key management?

Encryption depends on passwords or keys to secure data. Here are some best practices for properly managing encryption keys:

Use strong passwords that would be hard to guess and at least 12 characters or longer.
Do not store unencrypted passwords or write them down where they could be accessed.

Use a password manager app to randomly generate and store passwords securely.
Consider using a recovery key that can unlock drive if main password is lost.
Enable multi-factor authentication for access to key storage or password manager.

Change encryption passwords periodically such as every few months.
Restrict access to keys through file permissions or physical security.
Securely wipe and invalidate old keys when changing passwords.

Back up new keys securely such as on an external encrypted drive or using a security deposit box.

Proper key management maintains the integrity of encryption and prevents data loss scenarios. For maximum security, consider using a hardware security module for storing keys.

How can I access an encrypted external drive’s data on both Mac and Windows PC?

To share an encrypted external drive between Mac and Windows, you have a couple options:

Use an exFAT formatted drive

Format drive as exFAT using Disk Utility on Mac
exFAT works natively on both macOS and Windows
Use FileVault encryption on Mac, BitLocker on Windows

Compatible encryption between operating systems
Simple to set up but less security than third-party tools

Use a cross-platform encryption tool

Use VeraCrypt or Cryptomator on both systems

Provides enhanced security with one encryption platform
Seamless accessibility across operating systems
More complex to configure but stronger security

The best method depends on your specific needs for security, compatibility, and ease of use.

Conclusion

Encrypting an external hard drive on your Mac is a great way to protect sensitive files and data. Both Disk Utility and FileVault offer streamlined full-disk encryption optimized for Mac. For stronger security with more customization, utilize a third-party encryption tool like VeraCrypt. Manage your encryption keys properly, use strong passwords, and maintain backups for maximum benefit. With the right encryption approach, you can securely access your external drive from Mac, Windows or any other system you need.