When your data security matters.
BitLocker is one solution, and it’s much more than “just” password protecting the drive.
What you’re really looking for is encryption.
Become a Patron of Ask Leo! and go ad-free!
Protecting an external hard drive
If you have Windows Pro edition and plan to use your external drive only with other machines using Windows Pro, then BitLocker is a simple and quick way to encrypt your external drive with a password. If you need to support Windows Home edition or other operating systems, VeraCrypt can be an excellent solution.
A password alone is not enough
The reason you’re looking for encryption is that a password by itself isn’t enough.
For example, let’s say you somehow attach a password to a drive.1 Now someone steals your computer or gains access to that computer using some other operating system or technology that just ignores the password requirement. Or perhaps they perform some kind of forensic data recovery on the drive. Either way, they can bypass the password and access your files.
That’s not much protection.
What you want instead is to encrypt the data you care about. In your case, that’s everything on the drive. That means the data is inaccessible without your password or encryption key.
Approach #1: BitLocker
BitLocker is included in both Windows 10 and 11 Pro Edition. (A subset of Bitlocker was added to Home editions, but this serves only to perform full disk encryption on system drives.)
Right-click on the drive in Windows File Explorer and click on Turn on BitLocker.
This will bring up a dialog to determine how you want to encrypt the drive.
While there may be other options, “Use a password to unlock the drive” is perhaps the simplest and addresses your question directly. This is how you password-protect an external drive.
Windows encrypts the drive for you and requires the password you set to access that drive’s contents in the future. (When given the opportunity to save a recovery key, do so. That way, even if you forget the password, you’ll be able to regain access. Without the password or recovery key, the data is completely inaccessible.)
The only real “problem” that remains is that your drive can only be used with Windows and with Windows editions that support BitLocker. The drive cannot be viewed elsewhere even if you know the password.
Option #2a: VeraCrypt whole-drive encryption
VeraCrypt, the heir-apparent to the long-favored TrueCrypt, is a high-quality encryption program that supports everything we need: encrypting the entire disk like BitLocker, and requiring a password, also like BitLocker.
The difference is that it’s from a third party, works on any edition of Windows (include Home), and is compatible with other systems, including Mac and Linux.
After installing and running VeraCrypt, click on the Create Volume button to open the Volume Creation Wizard. (A “Volume” in this context is a generic term for disk or partition.)
Select “Encrypt a non-system partition/drive” as shown above and click Next. On the next dialog, select “Standard VeraCrypt volume” and click Next. Then click Select Device… to select the drive you want to encrypt. You’ll then have the option to “Create encrypted volume and format it” or “Encrypt partition in place”. The former will erase everything on the drive, but is faster. The latter will preserve your data, but will take longer to complete. Click Next, at which point you’ll have some encryption options you can generally ignore. Click Next and confirm that the size of the device is shown correctly. Click Next to specify your password for the data you’re about to encrypt.
After completing a couple of additional screens, your drive will be encrypted.
Now in order to view the contents of the drive, you need to “Auto-Mount Devices” in VeraCrypt and assign it a new drive letter through which to access the encrypted contents.
There is no recovery key for VeraCrypt encrypted drives, so make sure your data is backed up and that you never lose the password you used to encrypt the drive.
When you encrypt a drive, the entire drive is encrypted, and you need the password to access any files (or folders) anywhere on that drive.
Option #2b: VeraCrypt volume encryption
A hybrid approach avoids encrypting the entire drive and instead creates a single (large-ish) file, which is then encrypted and used as a container for your files. Contaniers can be copied to other drives, and can be design to leave unencrypted space on the drive as well.
The process is similar to that above, but starts by selecting “Create an encrypted file container”.
Rather then mounting the drive, you mount that encrypted container and specify the password, at which point its contents become visible as if it were a separate drive. You can choose to place unencrypted data in the drive directly (accessed as E: in the diagram above), or deal with data that’s encrypted in the mounted file container (accessed in drive F: in the diagram below).
As long as the container is mounted and password provided, its contents are as available as on any drive. Once unmounted, the files are no longer visible.
VeraCrypt-encrypted containers have an advantage in that the container can be copied to other drives or devices — even using other operating systems — and mounted there for access as long as the correct password is supplied.
I tend to use BitLocker for drives that are permanently mounted in the computer, such as the system drive.
If I want encryption on an external drive, I use VeraCrypt — either whole-drive or container — because that gives me the flexibility of using that drive or container in any of my systems, whether Windows, Mac, or Linux.
I’d also suggest you subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.