Lock down your external drives

Roman Loyola
24 December, 2011
View more articles fromthe author

If someone wanted to steal your data, they could just pick up your external drive and walk away. But you can keep your information secure by using Lion’s FileVault 2 to encrypt the data on your drive. Once encrypted, a drive will require a password from anyone trying to access its data.

FileVault 2 can encrypt external drives connected via USB and FireWire. To encrypt your drive, you need to reformat it in Disk Utility (found in /Applications/Utilities). If you want to encrypt a hard drive that has data on it already, you must first back up the drive before reformatting it and then, once you’ve reformatted it, copy the data back to it.

External drives must be formatted using the HFS+ file format for FileVault to work. That’s a problem only if you want to use the drive with both a Windows PC and a Mac. Drives that use the FAT file format can’t be encrypted using FileVault. During our testing, encrypted external hard drives also could only be used with Macs running Lion.


To encrypt an external drive, connect it to your Mac, wait until it mounts on your desktop and then launch Disk Utility. In that program’s left column, you’ll see a list of your Mac’s storage devices. Your external drives should be listed there. Select the one you want and then click the Erase tab in the section to the right.

In the Format pop-up menu, you’ll see two new disk formats. In addition to the standard ones – Mac OS Extended (Journaled), Mac OS Extended (Case-sensitive, Journaled), MS-DOS (FAT) and ExFAT – there are also Mac OS Extended (Journaled, Encrypted) and Mac OS Extended (Case-sensitive, Journaled, Encrypted). In most cases, you should choose Mac OS Extended (Journaled, Encrypted). The other new format lets you do things like have files named 2011taxes.txt and 2011Taxes.txt in the same folder.) Provide a name for the drive and then click Erase.


A window will appear, asking you to confirm that you want to create an encrypted volume. You’ll need to provide a password – the one you’ll enter whenever you mount the drive, so be sure to memorise it. If you enter the wrong password or don’t enter one at all, you won’t be able to access the data. After you enter and confirm the password, click Erase. This starts the formatting process, which takes several minutes. Once the drive is formatted, enter the password.

At the password-entry window, you can choose to save your password in your keychain, but think twice before doing so: Storing the password means that you won’t have to enter it to mount the drive from your Mac, but someone else could access the drive a lot easier from that Mac.

And if you try to attach the encrypted drive to another Mac that doesn’t have your keychain information, you’ll need to enter your password again.


I have lots of data on my drive already.

You must back up your data and then recopy it to the drive after encrypting it.

I sometimes use my external drive with a Mac that’s running an older operating system.

Drives encrypted using FileVault 2 work only with Macs running OS X 10.7 (Lion).

I use my external drive with both a Mac and a Windows computer.

To work across platforms, a drive must be formatted using the FAT file format. FileVault requires the HFS+ format, so you can’t encrypt your drive.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us