How to Encrypt a USB Flash Drive in macOS Mojave

In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we’re going to show you how to encrypt a USB flash drive (or “thumb drive”), which is useful if you’re traveling light and want to take sensitive data with you for use on another Mac.

Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to prevent access to data on a Mac’s startup disk without a password. Note that the following method is only compatible with Macs – you won’t be able to access data on the encrypted drive using a Windows machine.

If this is a requirement, you’ll need to use a third-party encryption solution like VeraCrypt. With that in mind, here’s how to securely encrypt your USB flash drive.



Attach the USB flash drive to your Mac and locate its disk icon on your desktop, in a Finder window, or in the Finder sidebar, then right-click (or Ctrl-click) it and select Encrypt “[USB stick name]”… from the contextual menu.

(Note that if you don’t see the Encrypt option in the dropdown menu, your USB flash drive hasn’t been formatted with a GUID partition map. To resolve this, you’ll need to erase and encrypt the USB drive in Disk Utility – before that though, copy any data on the drive to another location for temporary safekeeping.)



When you select Encrypt, Finder will prompt you to create a password, which you’ll need to enter the next time you attach the USB flash drive to a Mac. (Don’t forget this, otherwise you’ll lose access to any data stored on the USB drive!) Once you’ve chosen a password, verify it, add a meaningful hint if desired, and click Encrypt Disk.

The encryption process depends on how much data you have on the USB flash drive, but you’ll know it’s completed when its disk icon disappears and re-mounts. You’ll now be able to access the contents of the USB flash drive as usual, but if you physically detach it and re-attach it to your Mac you’ll be prompted to enter the password.



Note that the prompt includes an option for macOS to remember this password in my keychain. Check the box, and whenever you attach the USB stick to your Mac again you won’t be prompted to enter the password and you’ll have automatic access to it, just like any other drive.



If you ever want to decrypt the USB flash drive in future, right-click (or Ctrl-click) its disk icon, select Decrypt “[USB stick name]” from the contextual menu, and enter the password to turn off encryption protection.

How to Encrypt a USB Flash Drive in Disk Utility

Before proceeding, make sure you’ve copied any data on the USB flash drive to a safe location, like your Mac’s internal disk.

  1. Launch Disk Utility, located on your Mac in Applications/Utilities.


  2. In the Disk Utility toolbar, click the View button and select Show All Devices if it isn’t already ticked.


  3. Select your USB flash drive in the sidebar by clicking its top-level device name (i.e. not the volume name that’s listed beneath it).


  4. Click the Erase button in the toolbar.
  5. Give the USB flash drive a name.
  6. Next, click the Scheme dropdown menu and select GUID Partition Map. (It’s important to do this first before the next step, otherwise you won’t see the encryption option in the Format dropdown.)


  7. Now click the Format dropdown menu and select Mac OS Extended (Journaled, Encrypted).


  8. Click Erase.


  9. Enter your new password, enter it once more to verify, include a password hint if desired, then click Choose.


  10. Click Erase once again, and wait for your disk to be formatted and encrypted.

Once the process is complete, copy across your sensitive data to the blank USB flash drive, where it will be automatically encrypted and secured with a password.

Discuss this article in our forums

EU’s Juncker takes aim at Hungary’s Orban over fake news

European Union leaders on Friday backed a plan to tackle fake news on the internet and the bloc’s chief executive rounded on one of the EU chiefs, Hungarian Prime Minister Viktor Orban, as one of the main culprits in spreading disinformation.

New Facebook bug exposed photos of up to 6.8 million users

Facebook Inc said it had fixed a bug that may have exposed private photos of up to 6.8 million users, the latest in a string of glitches that have caused regulators around the world to investigate the social media giant’s privacy practices.

Russian lawmakers seek tighter internet control to counter ‘aggressive’ U.S.

A group of three Russian lawmakers close to the Kremlin has proposed a tightening of state control over the local internet in response to what they view as “aggressive” U.S. cyber security actions, a parliamentary document showed on Friday.

Chinese hackers targeting U.S. Navy contractors with multiple breaches: WSJ

Chinese hackers have breached U.S. Navy contractors to steal a raft of information, including missile plans, through what some officials describe as some of the most debilitating cyber campaigns linked to Beijing, the Wall Street Journal reported on Friday.

‘123456’ and ‘Password’ Remain Worst Passwords of the Year for Fifth Consecutive Year

SplashData published its annual list of the worst passwords of the year this week, sourced from more than five million passwords leaked on the internet this year. Like previous years, 2018 saw numerous high-profile data leaks, but many people have continued to use easily guessable passwords for their online accounts.

The new password autofill feature in iOS 12


For the fifth consecutive year, “123456” and “password” are the top two most popular passwords online. New entries on the list include “111111”, “sunshine”, “princess”, “666666”, “654321”, and “donald” at number 23. SplashData CEO Morgan Slain discussed the list: “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”

The top 10 most popular passwords of 2018:

1) 123456

2) password

3) 123456789

4) 12345678

5) 12345

6) 111111

7) 1234567

8) sunshine

9) qwerty

10) iloveyou

Higher up the list, popular passwords include people’s names like “daniel”, “hannah”, and “thomas”; pop culture references like “solo”, “tigger”, and “lakers”; random items like “cookie” and “banana”; birth years like “1990” and “1991”; and simple phrases like “whatever” and “test”. As Slain explained, using super-simple phrases like these for any account online is a bad idea because it’s so easy to guess what they are.

“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” says Slain. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”

In total, SplashData estimated that almost 10 percent of people have used at least one of the top 25 worst passwords on this year’s list, and nearly 3 percent of people have used the worst password at one time, “123456”. Most of the five million passwords that were leaked and evaluated for the report came from users in North America and Western Europe.

To help users stay safe, SplashData said that their passwords should be no shorter than twelve characters and have mixed types of characters in each one. Every log-in should have a different password, and investing in a password management app to store everything, generate random new passwords, and automatically log into websites is always a good idea.

Apple itself introduced a new password autofill feature in iOS 12 this year, making it easy to connect to third-party password apps and fill out your passwords throughout iOS. If you haven’t tried it out yet, check out our guide on using the feature to find out how it works.

Discuss this article in our forums

Apple Music Connect to Shut Down, Suffering Same Fate as iTunes Ping

Apple today announced that its Apple Music Connect social platform for artists is in the process of shutting down, suffering the same fate as Ping, the company’s previous social network for music removed from iTunes in October 2012.



In a letter shared with artists, Apple said artists will no longer be able to post to Connect as of today, with the feature now removed from artist pages and the “For You” tab in Apple Music. Apple says all previously uploaded Connect content will remain searchable in Apple Music until May 24, 2019:

We’ve made a few changes to Apple Music that we’d like to tell you about.

We’re always looking for ways to enhance our focus on artists and help them better connect to fans. So we’ve given Artist Pages an all-new design and added new, personalized Artist Radio.

Today we’re streamlining music discovery by removing Connect posts from Artist Pages and For You. This means you’ll no longer be able to post to Connect as of December 13, 2018, but all previously uploaded content will still be searchable until May 24, 2019. You can still create Artist Playlists with the latest version of Apple Music.

We’re also excited about the latest beta of Apple Music for Artists, which gives you everything you need to understand your music’s impact across Apple Music, as well as valuable audience insights. You can even upload your own photo to use on your Artist Page. Sign up for free today.

Thank you for helping us make Apple Music a vibrant community for artists and fans.

Connect had its own tab in Apple Music when the app first launched in 2015, but its presence was later reduced to a section in the “For You” tab.

Discuss this article in our forums

Scammers are sending bomb scares to nab BTC

A new scam is making the rounds that promises to disrupt countless offices and schools. The scam is simple: the scammers send an email threatening to detonate a bomb if they don’t get a certain amount of Bitcoin within a specified time frame. Because there is little upside to ignoring a bomb threat at this point in history, entire offices are now being evacuated as this scam spreads.

The scammers usually send something like this:

My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.

My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.

I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.

Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv

You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.

This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.

I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.

If the explosive device explodes and the authorities notice this letter:
We are not terrorists and dont assume any responsibility for explosions in other buildings.

This particular address is empty and the address changes with each email. The NYPD reacted to these threats and noted that they are not credible.

The FBI wasn’t so certain and recommend vigilance.

Ultimately scams like this one do more harm than good and are rarely credible. While nothing is impossible, please take a moment before panicking if you receive one of these emails.