BitLocker is one solution, and it’s much more than “just” password protecting the drive.
What you’re really looking for is encryption.
Become a Patron of Ask Leo! and go ad-free!
A password alone is not enough
The reason you’re looking for encryption is that a password by itself isn’t enough.
For example, let’s say you somehow attach a password to a drive1. Now someone steals your computer, or gains access to that computer using some other operating system or technology that simply ignores the password requirement. Or perhaps they perform some kind of forensic data recovery on the drive. Either way, they can bypass the password and access your files.
That’s not much protection.
What you want instead is that the data you care about — everything on the drive, in your example — be encrypted, so regardless of how it might be accessed, the data is inaccessible without your password.
Approach #1: BitLocker
Included in Windows 7 and later, in all editions except “Home,” “Starter” or Windows 7’s “Pro”, BitLocker is a whole-drive encryption technology that can be used on external or internal drives.
Windows will encrypt the drive for you, and require the password you set to access that drive’s contents in the future. (When given the opportunity to save a recovery key, do so. That way, even if you forget the password, you’ll be able to regain access. Without the password or recovery key, the data is completely inaccessible.)
This is the kind of protection you’re looking for.
The only real “problem” that remains is that your drive can only be used with Windows, and with Windows editions that support BitLocker. The drive cannot be viewed elsewhere.
Option #2a: VeraCrypt whole-drive encryption
VeraCrypt, the heir-apparent to the long-favored TrueCrypt, is a high-quality encryption program that supports everything we need: encrypting the entire disk, like BitLocker, and requiring a password, also like BitLocker.
The difference is that it’s from a third party, works on any edition of Windows (include Home), and is compatible with other systems, including Mac and Linux.
Once you encrypt a drive, you “mount” it to access its contents, providing the password to do so.
There is no “recovery key” for VeraCrypt encrypted drives, so make sure your data is backed up and that you never lose the password you used to encrypt the drive.
When you encrypt a drive, the entire drive is encrypted, and you need the password to access any files (or folders) anywhere on that drive.
Option #2b: VeraCrypt volume encryption
A hybrid approach avoids encrypting the entire drive, but instead creates a single (large-ish) file, which is then encrypted and used as a container for your files.
Rather then mounting the drive, you mount that encrypted container, specifying the password, at which point its contents become visible as if it were a separate drive. You can choose to place unencrypted data in the drive directly (accessed as E: in the diagram above), or deal with data that’s encrypted in the mounted file container (accessed in drive F: in the diagram above).
As long as the container is mounted and password provided, its contents are available as on any drive. Once unmounted, the files are no longer visible.
VeraCrypt encrypted containers have the advantage that the container itself can be copied to other drives or devices — even using other operating systems — and mounted there for access, when the password is supplied.
I tend to use BitLocker for drives that are permanently mounted in the computer, such as the system drive. Of course, if you have Windows Home Edition, that’s not an option, in which case VeraCrypt would be my choice.
If I want encryption on an external drive, I use VeraCrypt — either whole-drive or container — because this gives me the flexibility of using that drive or container in any of my systems, whether Windows, Mac, or Linux.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!