If someone wanted to steal your data, they could just pick up your external drive and walk away. But you can keep your information secure by using Lion’s FileVault 2 to encrypt the data on your drive. Once encrypted, a drive will require a password from anyone trying to access its data.

FileVault 2 can encrypt external drives connected via USB and FireWire. To encrypt your drive, you need to reformat it in Disk Utility (found in /?Applications/Utilities). If you want to encrypt a hard drive that has data on it already, you must first back up the drive before reformatting it, and then once you’ve reformatted it, copy the data back to it.

External drives must be formatted using the HFS+ file format for FileVault to work. That’s a problem only if you want to use the drive with both a Windows PC and a Mac. Drives that use the FAT file format can’t be encrypted using FileVault. During our testing, encrypted external hard drives could only be used with Macs running Lion.

Reformat your disk

To encrypt your external drive, first you’ll need to reformat it. Make sure to copy all data to another drive first

To encrypt an external drive, connect it to your Mac, wait until it mounts on your desktop, and then launch Disk Utility. In that program’s left column, you’ll see a list of your Mac’s storage devices. Your external drives should be listed there. Select the one you want, and then click the Erase tab in the section to the right.

In the Format pop-up menu, you’ll see two new disk formats. In addition to the standard ones – Mac OS Extended (Journaled), Mac OS Extended (Case-sensitive, Journaled), MS-DOS (FAT), and ExFAT – there are also Mac OS Extended (Journaled, Encrypted), and Mac OS Extended (Case-sensitive, Journaled, Encrypted).

In most cases, you should choose Mac OS Extended (Journaled, Encrypted). The other new format lets you do things like have files named 2011taxes.txt and 2011Taxes.txt in the same folder.) Provide a name for the drive, and then click Erase.

Set up a password

A window will appear, asking you to confirm that you want to create an encrypted volume. You’ll need to provide a password – the one you’ll enter whenever you mount the drive, so be sure to memorise it. If you enter the wrong password or don’t enter one at all, you won’t be able to access the data. After you enter and confirm the password, click Erase. This starts the formatting process, which takes several minutes. Once the drive is formatted, enter the password.

At the password-entry window, you can choose to save your password in your keychain, but think twice before doing so: storing the password means that you won’t have to enter it to mount the drive from your Mac, but someone else could access the drive a lot more easily from that Mac. And if you try to attach the encrypted drive to another Mac that doesn’t have your keychain information, you’ll need to enter your password again.