For the past couple of years I’ve been keeping my online passwords and some documents on a USB flash drive using Keepass a great open source program that stores your passwords in a highly encrypted database. But I also keep documents on my usb drive and other non-encrypted information. I started to wonder about the fact if I lose my usb drive do I really want anybody to be able to access the information on it even if my passwords are more or less safe? Was there a way I could lock it down securely?
I found TrueCrypt, another open source program that can highly encrypt your entire USB drive. With TrueCrypt you have the option to encrypt only a portion of your drive (you leave an encrypted file on the drive along with your unencrypted files), or the entire drive. I decided to encrypt the whole drive, rather than just a file. See the Beginner’s Tutorial. Note that I encrypted the entire USB Drive using the modification of the instructions found at the end of the tutorial:
Instead of creating file containers, you can also encrypt physical partitions or drives (i.e., create TrueCrypt device-hosted volumes). To do so, repeat the steps 1-3, but in the step 3 select the second or third option. Then follow the remaining instructions in the wizard. When you create a device-hosted TrueCrypt volume within a non-system partition/drive, you can mount it by clicking Auto-Mount Devices in the main TrueCrypt window. For information pertaining to encrypted system partition/drives, see the chapter System Encryption
That way when someone picks up my USB drive and plugs it into their computer, they see nothing, not even the encrypted files or true crypt, and some computers will offer to format it for them. In order to use it you need TrueCrypt on your computer and know the password. Using the “container file method” you could store the TrueCrypt progam on your USB drive but I think it’s more secure to make that fact a little less obvious. If you have a container file with TrueCrypt located on the USB flash drive all they need to do is figure out the password. The only downside of encrypting the whole drive is that if you don’t have TrueCrypt on a computer, you have to download it from the internet to get your USB drive to work.
Passwords, by the way should be long and complex, not a dictionary word, and one that you can remember. Sounds impossible? See these tips on how to make a good password that you can remember. The longer the password the better.
I also devised an Autohotkey script in my computer’s start folder, so when I plug my flash drive in, the computer detects the drive and automatically brings up TrueCrypt’s password dialog. As soon as I put in my password it opens the drive’s folders. Here is my script,:Mount True Crypt -wc.txt, (right click and download, after downloading, change extension to “ahk”)”. – this is only for informational purposes – no warranty whatsoever – you will likely need to tweak it to get it to work on your system. Read Autohotkey’s help if you get stuck. BTW, AutoHotkey is an awesome program – practically a full blown computer language but very simple to use.