KEYFILE DEFENSE
We mention keyfiles in the 10-step walkthrough below, largely to say that they don’t work with a system boot drive. However, keyfiles are one of the best ways to improve your encryption security, because they add a second factor of authentication to the procedure—you need both your password and the keyfile (which can be stored anywhere) before VeraCrypt is able to decrypt your data drive or container file.
Keyfiles are useful because they boost security, especially if you’re using a weak password. Enable multiple people to access the same file—don’t use a password, just give them all the same keyfile—and it enables shared access when multiple people want a file protected; multiple different keyfiles can be used to lock a volume, and all must be present to open it.
Technically, you can use any file as a keyfile: that MP3 over there, that icon file here, or a photo you’ve taken. VeraCrypt only uses the first 1,024kb of the keyfile, so do be wary; it might sound clever using an image or MP3 file, but if a single bit changes (something reencodes the JPEG or MP3) in that first 1,024kb, you lose all access to the encrypted volume. Keyfiles can also be generated for you, which is a little more sensible.
When you come to mounting a volume, just point VeraCrypt at where the keyfile is stored. This could be on a local drive, the desktop, a network share, or a removable USB drive. You’ll want to keep a backup somewhere secure, just in case you lose it.