USB flash drives are great for transporting files and documents back and forth from the office to home or to a meeting or on a business trip. On the other hand, the small size and ease of mobility also has disadvantages. Thumb drives are incredibly easy to forget in the USB port and they’re small enough to fall out of—or be taken from—your pocket or bag unnoticed.


Because theft or human error is so common, your best defense is to encrypt your USB flash drive. This protects your files and documents in case someone else gets their thumb on it. Encryption might sound technical and complicated, but it is a rather simple concept and process. You can buy drives that come encrypted out-of-the-box, but you’ll pay for it. If you’ve got a few minutes, you can save some money by encrypting any drive yourself.


Choosing the right encryption utility

There are too many encryption utilities out there to list them all. WinEncrypt, My Lockbox, EncryptOnClick are just a few. You’ll probably see the free and open source solution, TrueCrypt, discussed the most. You might even remember our recent how-to series on this solution.


Unfortunately, TrueCrypt’s portable mode still requires Administrator privileges on the computers you plug the USB drive into. Therefore, this utility isn’t a candidate if you plan to use public workstations, or even your work PC. Isn’t portability the whole idea behind thumb drives?


The solution we’re going to discuss is called FreeOTFE, the latter short for On-The-Fly-Encryption. In addition to eliminating the need to install software on the computers you plug your drive into, it doesn’t require admin rights. So your files will be protected and you’ll be able to use the drive on any ol’ computer—perfect!


Getting started with FreeOTFE

If you browse the FreeOTFE site, you’ll find three different utilities: FreeOTFE, FreeOTFE Explorer, and FreeOTFE4PDA. They are all compatible. Encrypted volumes you create in one are accessible in the others.


FreeOTFE is the main utility, offering the most convenient encryption and decryption techniques. The portable mode provides full functionality without installing software onto the computers you plug into, however admin rights are required. The FreeOTFE Explorer utility involves a bit more crude of a process (it’s not true on-the-fly-encryption), but it can run on any computer and with any user without installation. The FreeOTFE4PDA utility provides support for Windows Mobile PDAs.


The FreeOTFE Explorer utility we’re going to use creates encrypted file container volumes. It’s like creating a scrambled and password-protected compressed (ZIP) file. You create what looks like a single file on your USB drive.


You can then mount (open) the volume in FreeOTFE Explorer. You can drag or copy folders and files into the file container, and vice-versa. When you unmount the file container or unplug the drive, the contents remain scrambled and password-protected. When browsing the files on the USB drive in Windows without any FreeOTFE utility, the file container looks like any other single file.


When you install FreeOTFE Explorer onto a USB drive, you can set it to open automatically. Therefore, you can just plug it into any computer and FreeOTFE Explorer will appear. Then you can quickly mount the file container to access the files.


Encrypting your USB flash drive

If you want the entire drive space available for encrypting, you must delete any existing files on the drive. If you don’t want to lose them, temporarily transfer them to a computer and then you can put them back after you’ve created the encrypted volume.


First you must install the FreeOTFE Explorer onto your computer (which you can remove after you’re done) and onto your flash drive:


  1. Download and install FreeOTFE Explorer onto one of your computers.
  2. Open FreeOTFE Explorer.
  3. Click Tools > Copy FreeOTFE Explorer to USB drive.
  4. On the dialog that opens, select the Drive letter of the desired flash drive. If there’s just one, it will select it for you.
  5. Optionally, change the installation path and autorun preferences.
  6. Click OK and wait for it to copy the files over.


Once the utility is installed onto your flash drive, you can create an encrypted volume on it to start protecting your files; here’s how:


  1. Open FreeOTFE Explorer from the computer via the Start Menu or from the flash drive by running FreeOTFEExplorer.exe within the installation folder (FreeOTFE_Explorer).
  2. Click the New button.
  3. On the wizard, click Next.
  4. Click Browse, move to your flash drive, specify a filename, and click Save.
  5. Click Next.
  6. Specify the desired size of the encrypted volume and click Next. If you’re unsure of the drive’s capacity or available space, open Computer and right-click the drive icon and click Properties. Remember, to make use of the most space possible you want to delete all the files on the drive, leaving just the FreeOTFE_Explorer directory.
  7. Unless you have a preference over the particular encryption technique, click Next to accept the defaults.
  8. Again, to use the default settings, click Next.
  9. Enter your desired password twice and click Next. Note that hitting Enter creates blank lines in the password.
  10. Unless you want to review the Advanced options, click Finish.


The encrypted volume will automatically be mounted in the FreeOTFE Explorer. You should see the filename of the volume on the top menu bar.


You can start dragging and dropping files into the window or use the Store feature to choose the files or folders you want to import. When you want to use or open the files, you can double-click them or click Extract to export them.


Before you unplug your flash drive this time and every time, make sure you close or unmount the volume by clicking Dismount.


Don’t stop now

Now if your flash drive gets into someone else’s hands, they can’t access the files and documents inside your encrypted volume. However, remember they can simply delete the file container, and you’ll lose all your data. So make sure you look into a backup solution. Plus don’t forget about encrypting your other computers and devices.


Eric Geier is the Founder and CEO of NoWiresSecurity, which helps businesses easily protect their Wi-Fi with enterprise-level encryption by offering a hosted RADIUS/802.1X authentication service. He is also the author of many networking and computing books for brands like For Dummies and Cisco Press.