Latest Secure USB Drives for Your Data On The Go
October 2023 Ian Chiu
Time and again, reports of stolen or misplaced USB drives containing confidential personal information would make headlines. Such accidental data breaches by institutions and different government branches were compounded by shocking revelations that the files weren’t even encrypted. It’s baffling to see most decision-makers turn a blind eye to the importance of enforcing encryption especially when sensitive information is being moved between places on a regular basis with USB drives.
If getting security up and running is a daunting task, there are drives that combine ease of use with hardened data security. They should lessen the hassle of setting up and maintaining an encrypted drive. Additionally, the drives listed below are also scalable for multi-user scenarios. In our October 2023 update, we added Kingston IronKey Vault Privacy 50 to the list.
Contents
Kingston IronKey Vault Privacy 80 SSD
USB SSD combines a touch-screen login interface and proven IronKey security
IronKey from Kingston has been known as a reliable, trustworthy brand for USB drives with enterprise-grade hardware encryption. Its software allows administrators to impose rigid security policies to protect sensitive data from being compromised in the event a user fails to adhere to established protocols.
Its recently announced IronKey Vault Privacy 80 raises the bar further with a color touch-screen interface coupled with OS-independent onboard user authentication. This is by far considered the best defense against all sorts of keylogger malware as users never have to enter passwords on the PC to begin with.
Passwords consisting of a minimum of six letters, numbers, space, or a combination of all three are accepted. Comparatively, some USB drives with a hardware keypad only accept PINs. The FIPS 197-certified drive is also said to be immune to BadUSB – a type of attack that targets and injects malicious codes into a drive’s firmware. Lastly, there’s a read-only mode to protect the drive from being written to it by malicious software on untrusted PCs.
The IronKey Vault Privacy 80 is a USB 3.2 Gen 1 SSD with a maximum capacity of up to 1920GB. That being said, speeds are rated for a mere 250MB/s – likely due to IronKey’s use of a SATA SSD and the encryption performance of the onboard hardware processor. Our only gripe with the virtual keypad drive is that if anything ever happens to the touchscreen, you will be left with a very expensive paperweight until Kingston repairs it. That is provided your unit is still covered by Kingston’s three-year warranty.
- FIPS 197 Certified with XTS-AES 256-bit Encryption
- Unique Intuitive Touch-screen
- Multi-Password (Admin/User) Option with PIN & Passphrase Modes
Kingston IronKey Vault Privacy 50
New passphrase option for the trusted secure flash drive series
Being FIPS 197 certified, TAA compliant, Kingston IronKey Vault Privacy 50 is a security-first flash drive that comes with enterprise-grade data protection. It safeguards sensitive data from unauthorized access with XTS-AES 256-bit hardware encryption.
Its tamper-resistant design further defends against threats such as brute force attack, keystroke spoofing, and BadUSB. Last but not least, IronKey’s IPX8 rating ensures the drive can withstand continuous immersion in water up to 1.5m deep for up to 30 minutes.
One notable feature first seen on a flash drive is the ability for users to create a passphrase of up to 64 characters. The increase in length alone makes passphrases much more difficult to crack than traditional passwords, which in the case of IronKey supports up to 16 characters.
On top of that, users can bring up the login manager’s virtual keyword to thwart malware from maliciously spying on users’ keystrokes. There’s also a master login to recover the data and to reset user password if needed. And added peace of mind, admins have the option to set the drive in read-only or write-protected mode to make sure data is safe from unauthorized modifications on untrusted PCs. Drive capacities are available ranging from 8 to 256GB. Kingston recently added a much-needed USB-C option to the IronKey Vault Privacy 50 series for those who have moved onto a completely USB-A free environment.
- FIPS 197 Certified with XTS-AES 256-bit Encryption
- Brute Force and BadUSB Attack Protection
- Multi-Password Option with Complex/Passphrase modes
SanDisk G-Drive ArmorLock SSD
A USB drive marries Apple’s Face ID and Touch ID for more intuitive mobile data security
Password-based authentications coupled with various data encryption protocols have been the de facto method of safeguarding content on an external drive. With SanDisk G-Drive ArmorLock SSD, we now have a more elegant mechanism for user authentication by taking advantage of Apple’s robust Face ID and Touch ID.
Under the hood, the ArmorLock houses a 2TB NVMe SSD with USB 3.2 Gen 2×2 interface that delivers up to 1GB/s transfer rate. Unlike other direct-attached storage, the first step to installing the drive requires the user to first register the ArmorLock on their iPhone, iPad, or Mac. Next scan the QR code on the back of the SSD using the drive’s iOS app. If only Mac is at your disposal, input the 8-digit code found next to the QR code. After that, the iOS app will then complete a digital handshake via Bluetooth LE over a secure connection. For Mac, the physical USB connection will take care of the pairing process. Keep in mind if you intend to use ArmorLock on Windows, you will need an iOS device to manage the drive privileges.
Thereafter, only the authorized devices can unlock content on the SSD as they become a security key that adds an extra layer of protection. Together, the strength of two-factor authentication and the convenience of Apple’s trusty biometric security are gracefully integrated into a one-of-a-kind USB drive. Data security features aside, the ArmorLock’s app can keep a record of the locations where the drive is successfully logged in. In the event that the drive is misplaced, authorized users at least have a clue of the unit’s last known whereabouts. Lastly, the ArmorLock is rated for IP67 and is crush-resistant up to 1000 pounds. Such quality build should bode well for the longevity of the drive.
- Protected by our revolutionary ArmorLock security technology
- Simple unlock with your phone, no password needed
- Auto Unlock feature to quickly gain access to your SSD with a pre-authorized device
Apricorn Aegis Secure Key 3NXC
An encryption USB-C drive with keypad authentication not only for PCs and Macs but also iPad and Android
Flash drives with onboard keypad authentication aren’t new, but Apricorn is serious about getting this right. Its USB-C flash drive – Aegis Secure Key 3NXC – is all about security. Everything from data on the drive to encryption keys is protected with hardware-based 256-bit AES XTS encryption utilizing the XTS block cipher mode. And under the hood, the drive facilitates authentications on battery power so the correct key sequence has to be entered before the drive will even show up as active hardware.
Its self-contained security essentially prevents any communication from the host computer to the drive until the PIN is physically entered. As a result, this removes the easy options for snoops. There’s no password to be sniffed via keyloggers and conventional means of brute force attacks on the drive won’t help. Ten incorrect attempts will wipe the cipher and the data is effectively lost. This should deter any means of sophisticated attacks that leverage the PC’s computing power to crack the drive’s password. Currently awaiting FIPS 140-2 Level 3 certification, IP68-certified Aegis Secure Key 3NXC is also completely impervious to dust ingress.
As a friendly reminder, if you ever notice keystrokes aren’t registering as well as they used to, that could be the first sign that keypad could eventually fail altogether. You may need to move your backup out of the drive and send the Aegis Secure Key 3NXC back for repair, provided it’s within the three-year warranty period.
- FIPS 140-2 Level 3 Validated
- 256-BIT AES-XTS Hardware Encryption
- USB 3.2 With Type C Connector. Power Supply: USB Port / Internal Battery
Samsung T7 Touch SSD
A speedy external SSD paired with biometric security and Android compatibility
The Samsung T7 Touch is the fourth iteration of the company’s external solid-state drive line-up. Save for the Thunderbolt 3-powered X5 which packs an NVMe SSD, previous generations house an mSATA SSD – a limiting factor to performance. Now, the latest T7 also packs an NVMe SSD and it is coupled with a 10Gbps USB-C port to leverage the potential of Samsung’s 92-layer TLC V-NAND. Samsung proclaims the T7 has a top transfer speed of 1050MB/s, up from 540MB/s of the T5.
What further differentiates the Samsung T7 Touch from its siblings is the built-in capacitive fingerprint reader, complemented with cross-platform compatibility across PC, Mac and Android. (Though, you will need to install software on each device separately to access protected data on the T7.) The additional circuits also make the Samsung slightly larger than the last generation T5. Keep in mind the T7 hasn’t passed any FIPS certifications so its biometric security is likely meant for hiding personal data from prying eyes than safeguarding sensitive corporate secrets from resourceful hackers.
- Connectivity Technology: Nein
- English (Publication Language)
Kanguru Defender Bio-Elite 30
A enterprise-grade secure flash drive with built-in fingerprint authentication
For most people, passwords have become a thing of the past with the widespread adoption of biometrics in mobile devices. Bio-authentication integrated into our USB drives seems like the next evolutionary step, offering convenience without sacrificing security.
Kanguru Defender Bio-Elite 30 is an secure thumb drive with fingerprint authentication. It is OS-agnostic, meaning the drive will mount on any USB-compatible hosts if it identifies a registered fingerprint. On the security department, Defender Bio-Elite 30 is loaded with 256-bit AES XTS hardware encryption and comes with built-in RSA-2048 digitally-signed firmware to safeguard against attacks like BadUSB. As soon as the drive detects an intrusion, it will cut off access to it to prevent damage.
Positioned as a enterprise-grade storage solution, Defender Bio-Elite 30 complies with security standards such as HIPAA, GDPR, etc. It ships with a command console that allows admin to set different read-and-write privileges depending on the accounts. Users can register up to six different fingerprints. The console is also where you will also find a host of add-ons from Kanguru (i.e. FireFox private browser, BitDefender anti-virus, and USBtoCloud. Though you will need to subscribe to latter two services after their free trials expire.
- Store, organize and secure all of your personal information in one convenient place
- Military Grade, AES 256-Bit Hardware Encryption With Biometric Fingerprint Access
- FIPS 197 Certified
Nexcopy manufactures a variety of PC-based and standalone USB duplicator solutions.
PC based systems support advanced USB functions such as write protection, CD-ROM partition and multi-partition creation, while standalone systems are ultra-fast, high speed USB copiers duplicating gigabytes of data quickly and accurately.