The USB sticks are very comfortable to always carry our data and share them with other people. In addition, due to its price, we can get a large capacity for very little money. However, these memories have a serious drawback, and that is, if we lose them or they steal them, all the data that we had in them will be exposed, and anyone can access them. To avoid this, in this article we will explain how we can apply encryption to any USB memory from Windows, without third party software. Simply using BitLocker.
Bitlocker, the encryption software
Bitlocker is one of the Microsoft tools included by default in the professional editions of Windows (Pro, Enterprise and Education) whose main purpose is to allow us to encrypt the data of any unit so that nobody, without the keys and passwords, can access these data. Regardless of the equipment connected to the hard disk or the corresponding USB memory.
Incompatibilities
By default, Windows 10 uses an XTS-AES algorithm to encrypt data with Bitlocker. This algorithm offers high performance and features functions and systems to ensure data integrity. The problem with this algorithm is that it is not compatible with previous versions of Windows. Therefore, if we want maximum compatibility, it is necessary to change the Bitlocker encryption to use different algorithms, such as AES-CBC .
In addition, we must bear in mind that Bitlocker is a Microsoft program exclusive to Windows, so if we try to use any drive encrypted on other computers, such as macOS or Linux, we will have problems. Although there is third-party software, both for macOS and for Linux, which allows us to open these types of encrypted drives.
If we try to open an encrypted drive in a Home edition of Windows, not having this Bitlocker, we will not be able to access it. We will have to resort to specific third-party programs for this.
Encrypt your USB sticks with Bitlocker
The first thing we must do is connect the USB memory to our computer so that Windows recognizes it, mount it and give us access to all the files that we have saved. Once the USB memory is ready, what we have to do is select it in the left bar of the file browser, and in the ” Drive tools ” tab of the Ribbon bar, we will find the BitLocker section.
We click on this option and choose ” Activate BitLocker “.
Windows will start preparing BitLocker to encrypt the USB memory that we have connected to our computer. After a few seconds, the assistant himself will ask us for a master password (as long and complex as possible, to prevent them from deciphering the unit with brute force attacks).
Once the password has been entered, the next step will be to choose how to save a backup copy of the recovery key. This password is essential to recover access to the unit in case we forget the password.
The next step will be to choose the type of encryption we want to use. We can choose the option to encrypt the space used, which is faster, or encrypt the entire unit, slower but much safer.
We must also choose the encryption mode. Being a USB stick, which we will surely connect to other computers, it is best to opt for the ” compatible mode ” (AES-CBC, as we have explained before).
We are ready to start encrypting the unit.
The encryption process will take more or less time depending on the characteristics of the unit we are encrypting, the hardware of our PC and the data of the equipment.
When finished, we will have the unit encrypted. No one who does not have the recovery key or the BitLocker master password can access the data stored on this unit. To unlock the unit, we must simply write the password in the section that appears when trying to enter it.
How to remove BitLocker encryption from the USB drive
It may be that after a while we are no longer interested in continuing to encrypt the unit. Either because we do not carry confidential data in it or for convenience.
In that case, we can choose two options. The first one is to format the drive, losing all its content. And the second disable BitLocker while maintaining the data.
For the second case, we must reconnect the unit to the PC, unlock it and, once this is done, go to the ” Control panel> System and security> BitLocker unit encryption ” section where we will see all the Our PC units encrypted with this tool.
We select our USB memory, choose ” disable BitLocker ” and Windows will begin to disable encryption on this unit. The process can also take more or less time depending on the data the unit has.
When the process is finished, we will already have the memory without encryption, and all the data in it will remain intact.
