December 2020 Ian Chiu
A USB drive marries Apple’s Face ID and Touch ID for more intuitive mobile data security
Password-based authentications coupled with various data encryption protocols have been the de facto method of safeguarding content on an external drive. With G-technology ArmorLock SSD, we now have a more elegant mechanism for user authentication by taking advantage of Apple’s robust Face ID and Touch ID.
Under the hood, the ArmorLock houses a 2TB NVMe SSD with USB 3.2 Gen 2×2 interface that delivers up to 1GB/s transfer rate. Unlike other direct-attached storage, the first step to installing the drive requires the user to first register the ArmorLock on their iPhone, iPad or Mac. Next scan the QR code on the back of the SSD using the drive’s iOS app. If only Mac is at your disposal, input the 8-digit code found next to the QR code. After that, the iOS app will then complete a digital handshake via Bluetooth LE over a secure connection. For Mac, the physical USB connection will take care of the pairing process. Keep in mind if you intend to use ArmorLock on Windows, you will need an iOS device to manage the drive privileges.
Thereafter, only the authorized devices can unlock content on the SSD as they become a security key that adds an extra layer of protection. Together, the strength of two-factor authentication and the convenience of Apple’s trusty biometric security are gracefully integrated into a one-of-a-kind USB drive. Data security features aside, the ArmorLock’s app can keep record of the locations where the drive is successfully logged in. In the event that the drive is misplaced, authorized users at least have a clue of the unit’s last known whereabouts. Lastly, the ArmorLock is rated for IP67 and is crush resistant up to 1000 pounds. Such quality build should bode well for the longevity of the drive.
An encryption USB-C drive with keypad authentication not only for PCs and Macs but also iPad and Android
Flash drives with onboard keypad authentication aren’t new, but Apricorn is serious about getting this right. Its USB-C flash drive – Aegis Secure Key 3NXC – is all about security. Everything from data on the drive to encryption keys is protected with hardware-based 256-bit AES XTS encryption utilizing the XTS block cipher mode. And under the hood, the drive facilitates authentications on battery power so correct key sequence has to be entered before the drive will even show up as active hardware.
Its self-contained security essentially prevents any communication from the host computer to the drive until the PIN is physically entered. As a result, this removes the easy options for snoops. There’s no password to be sniffed via keyloggers and conventional means of brute force attacks on the drive won’t help. Ten incorrect attempts will wipe the cipher and the data is effectively lost. This should deter any means of sophisticated attacks that leverage the PC’s computing power to crack the drive’s password. Currently awaiting FIPS 140-2 Level 3 certification, IP68-certified Aegis Secure Key 3NXC is also completely impervious to dust ingress.
A speedy external SSD paired with biometric security and Android compatibility
The Samsung T7 Touch is the fourth iteration of the company’s external solid state drive line-up. Save for the Thunderbolt 3-powered X5 which packs a NVMe SSD, previous generations house a mSATA SSD – a limiting factor to performance. Now, the latest T7 also packs a NVMe SSD and it is coupled with a 10Gbps USB-C port to leverage the potential of the Samsung’s 92-layer TLC V-NAND. Samsung proclaims the T7 has a top transfer speed of 1050MB/s, up from 540MB/s of the T5.
What further differentiates the Samsung T7 Touch from its siblings is the built-in capacitive fingerprint reader, complemented with cross-platform compatibility across PC, Mac and Android. (Though, you will need to install software on each device separately to access protected data on the T7.) The additional circuits also make the Samsung slightly larger than the last generation T5. Keep in mind the T7 hasn’t passed any FIPS certifications so its biometric security is likely meant for hiding personal data from prying eyes than safeguarding sensitive corporate secrets from resourceful hackers.
After biometric has become mainstream security in smartphones, no one really wants to deal with passwords anymore. It seems natural fingerprint locking technology would find its way into flash drives. For those who depend good old thumb drives as a standard tool to exchange data on a regular basis with colleagues, the Lexar’s JumpDrive F35 USB drive – now equipped with fingerprint authentication – is worth a look.
The JumpDrive F35 can store up to 10 fingerprint IDs so one can add different colleagues to the list of authorized users. As soon as all users are being enrolled with Lexar’s Windows-only software, the drive no longer needs the software for authentication. Unlocking the drive content is as simple as resting your finger on top of the glass surface on the F35. Lexar promises fingerprint recognition in less than a second at which speed is pretty much standard these days. The data is further protected with 256-bit AES encryption. Though, we aren’t sure if it’s full-disk encryption or not.
A non-obstructive USB dongle stays semi-permanent on PC for hassle-free two-factor hardware authentication
Two-factor authentication has always been at our disposal, but most of us don’t really bother unless we are forced to comply with online banking requirements. There has been a solution called YubiKey; it works with U2F, an emerging open authentication standard hosted by FIDO Alliance whose goal is to add an extra layer of security for browsers and mainstream web services, such as Gmail, FaceBook and DropBox.
The YubiKey neither requires drivers nor client software. Since it is recognized as a USB HID device, the platform-independent token works seamlessly with Windows, Mac and Linux. The keys themselves are manufactured in Sweden and USA in ways that reportedly make them tamper-proof. The fourth-generation of YubiKey now offers even faster and stronger crypto. Out of the three models, one ($50) supports the new USB-C connector while a nano version with regular USB-A plug allows you to flush mount it on your PC.
A USB dongle brings fingerprint authentication that is complaint with Windows 10 Hello
Fingerprint authentication is also an integrated part of Windows Hello that replaces passwords with biometric recongition. Though, generations of older PCs wouldn’t have the hardware sensors required by Windows’s new bio-security system. If you have a spare USB port, then the unobstructive PQI dongle might be what you are looking for.
The PQI’s My LocKey fingerprint reader is powered by Synaptics-powered Natural ID fingerprint sensor that works with Hello. The engine is reportedly fast enough to finish authentication with 0.15 second. Everything is housed inside a USB dongle whose size is comparable to that of a mini flash drive so the PQI can stay connected to your laptop at all times. Getting this ready only requires that you follow several steps of simple registration procedures before you can start logging in Windows with a single touch of a finger.
These are 6 up-to-date USB security solutions we’ve found so far. We hope you find them useful. If you are using some other products that aren’t lised here, let us know if the comments below.