June 2022 Ian Chiu
Time and again, reports of stolen or misplaced USB drives containing confidential personal information would make headlines. Such accidental data breaches by institutions and different government branches were compounded by shocking revelations that the files weren’t even encrypted. It’s baffling to see most decision-makers turn a blind eye to the importance of enforcing encryption especially when sensitive information is being moved between places on a regular basis with USB drives.
If getting security up and running is a daunting task, there are drives that combine ease of use with hardened data security. They should lessen the hassle of setting up and maintaining an encrypted drive. Additionally, the drives are also scalable for multi-user scenarios.
USB SSD combines a touch-screen login interface and proven IronKey security
IronKey from Kingston has been known as a reliable, trustworthy brand for USB drives with enterprise-grade hardware encryption. Its software allows administrators to impose rigid security policies to protect sensitive data from being compromised in the event a user fails to adhere to established protocols.
Its recently announced IronKey Vault Privacy 80 raises the bar further with a color touch-screen interface coupled with OS-independent onboard user authentication. This is by far considered the best defense against all sorts of keylogger malware as users never have to enter passwords on the PC to begin with.
Passwords consisting of a minimum of six letters, numbers, space, or a combination of all three are accepted. Comparatively, some USB drives with a hardware keypad only accept PINs. The FIPS 197-certified drive is also said to be immune to BadUSB – a type of attack that targets and injects malicious codes into a drive’s firmware. Lastly, there’s a read-only mode to protect the drive from being written to it by malicious software on untrusted PCs.
The IronKey Vault Privacy 80 is a USB 3.2 Gen 1 SSD with a maximum capacity of up to 1920GB. That being said, speeds are rated for a mere 250MB/s – likely due to IronKey’s use of a SATA SSD and the encryption performance of the onboard hardware processor. Our only gripe with the virtual keypad drive is that if anything ever happens to the touchscreen, you will be left with a very expensive paperweight until Kingston repairs it. That is provided your unit is still covered by Kingston’s three-year warranty.
A USB drive marries Apple’s Face ID and Touch ID for more intuitive mobile data security
Password-based authentications coupled with various data encryption protocols have been the de facto method of safeguarding content on an external drive. With SanDisk G-Drive ArmorLock SSD, we now have a more elegant mechanism for user authentication by taking advantage of Apple’s robust Face ID and Touch ID.
Under the hood, the ArmorLock houses a 2TB NVMe SSD with USB 3.2 Gen 2×2 interface that delivers up to 1GB/s transfer rate. Unlike other direct-attached storage, the first step to installing the drive requires the user to first register the ArmorLock on their iPhone, iPad, or Mac. Next scan the QR code on the back of the SSD using the drive’s iOS app. If only Mac is at your disposal, input the 8-digit code found next to the QR code. After that, the iOS app will then complete a digital handshake via Bluetooth LE over a secure connection. For Mac, the physical USB connection will take care of the pairing process. Keep in mind if you intend to use ArmorLock on Windows, you will need an iOS device to manage the drive privileges.
Thereafter, only the authorized devices can unlock content on the SSD as they become a security key that adds an extra layer of protection. Together, the strength of two-factor authentication and the convenience of Apple’s trusty biometric security are gracefully integrated into a one-of-a-kind USB drive. Data security features aside, the ArmorLock’s app can keep a record of the locations where the drive is successfully logged in. In the event that the drive is misplaced, authorized users at least have a clue of the unit’s last known whereabouts. Lastly, the ArmorLock is rated for IP67 and is crush-resistant up to 1000 pounds. Such quality build should bode well for the longevity of the drive.
An encryption USB-C drive with keypad authentication not only for PCs and Macs but also iPad and Android
Flash drives with onboard keypad authentication aren’t new, but Apricorn is serious about getting this right. Its USB-C flash drive – Aegis Secure Key 3NXC – is all about security. Everything from data on the drive to encryption keys is protected with hardware-based 256-bit AES XTS encryption utilizing the XTS block cipher mode. And under the hood, the drive facilitates authentications on battery power so the correct key sequence has to be entered before the drive will even show up as active hardware.
Its self-contained security essentially prevents any communication from the host computer to the drive until the PIN is physically entered. As a result, this removes the easy options for snoops. There’s no password to be sniffed via keyloggers and conventional means of brute force attacks on the drive won’t help. Ten incorrect attempts will wipe the cipher and the data is effectively lost. This should deter any means of sophisticated attacks that leverage the PC’s computing power to crack the drive’s password. Currently awaiting FIPS 140-2 Level 3 certification, IP68-certified Aegis Secure Key 3NXC is also completely impervious to dust ingress.
As a friendly reminder, if you ever notice keystrokes aren’t registering as well as they used to, that could be the first sign that keypad could eventually fail altogether. You may need to move your backup out of the drive and send the Aegis Secure Key 3NXC back for repair, provided it’s within the three-year warranty period.
A speedy external SSD paired with biometric security and Android compatibility
The Samsung T7 Touch is the fourth iteration of the company’s external solid-state drive line-up. Save for the Thunderbolt 3-powered X5 which packs an NVMe SSD, previous generations house an mSATA SSD – a limiting factor to performance. Now, the latest T7 also packs an NVMe SSD and it is coupled with a 10Gbps USB-C port to leverage the potential of Samsung’s 92-layer TLC V-NAND. Samsung proclaims the T7 has a top transfer speed of 1050MB/s, up from 540MB/s of the T5.
What further differentiates the Samsung T7 Touch from its siblings is the built-in capacitive fingerprint reader, complemented with cross-platform compatibility across PC, Mac and Android. (Though, you will need to install software on each device separately to access protected data on the T7.) The additional circuits also make the Samsung slightly larger than the last generation T5. Keep in mind the T7 hasn’t passed any FIPS certifications so its biometric security is likely meant for hiding personal data from prying eyes than safeguarding sensitive corporate secrets from resourceful hackers.
After biometrics has become mainstream security in smartphones, no one really wants to deal with passwords anymore. It seems natural fingerprint locking technology would find its way into flash drives. For those who depend on good old thumb drives as a standard tool to exchange data on a regular basis with colleagues, Lexar’s JumpDrive F35 USB drive – now equipped with fingerprint authentication – is worth a look.
The JumpDrive F35 can store up to 10 fingerprint IDs so one can add different colleagues to the list of authorized users. As soon as all users are being enrolled with Lexar’s Windows-only software, the drive no longer needs the software for authentication. Unlocking the drive content is as simple as resting your finger on top of the glass surface on the F35. Lexar promises fingerprint recognition in less than a second at which speed is pretty much standard these days. The data is further protected with 256-bit AES encryption. Though, we aren’t sure if it’s full-disk encryption or not.