7 secure USB drives

USB flash drives are very small, very portable, very convenient -- and very easy to lose. In fact, the question to ask these days isn't how to avoid losing your flash drive, but how to make sure your data is safe when you do. As a result, Computerworld decided it was time to look at seven USB flash drives that are outfitted with security features to keep your data safe.

Each device was tested for speed using Simpli Software's Hd Tach 3.0 . Interestingly, the reviewers came up with a wider range of performance numbers than anyone actually expected.

In fact, this turned out to be a very diverse group of drives with features ranging from secure and unsecure data partitioning, to waterproof, stainless-steel cases, to support for passwords of up to 99 characters. In every instance, there are different levels of ingenuity that went into the creation of these handy, very mobile devices, even if the level of protection varies.

This is by no means the definitive list of all the drives available -- only some from the largest vendors and the most highly advertised. There are many types of secure USB drives out there, including those using fingerprint scanning technology (we'll visit those in a later review).

In choosing a secure USB flash drive, you may have to first decide the relative importance of security, price, and speed, and compromise among those three factors. But in the end, we found that one drive stands out above the others.

1. Corsair Flash Padlock

The Corsair Flash Padlock is a horse of a different color from the encrypted drives in this roundup. This device is the same conceptually as the gear that kept your high school locker free from prying eyes -- a combination lock. It's strictly physical security, no encryption.

The Padlock looks like a traditional flash drive with a pull-off cap, except for the numeric keypad down the front. The keypad consists of five numbered buttons, while a sixth has a "key" icon. It's your entry point to accessing the security features of the drive.

As shipped, the Padlock is unlocked and can be used as a standard flash device. If you want to protect your data, you'll need to follow the instructions in the 17-page user manual (it's in six languages).

Security features

Setting up the drive involves pressing the key button, entering your selected PIN through the keypad, pressing the key button again, re-entering your PIN, followed by pressing the key button one last time. It's redundant grunt work with a few five-second time limits to make things tricky. Corsair recommends at least four digits, but the drive allows up to a 10-digit PIN.

After you've done that, you have 15 seconds to plug in the drive or it will automatically lock. However, if that happens, you'll just need to re-enter your PIN again to unlock it. If you don't unlock the drive, your computer won't recognize it at all, for anything. There's no need to lock the padlock once you remove it from your PC. It will do that itself after a few seconds.

What happens if you forget your PIN? If you register your PIN at Corsair's site you can retrieve it from there. If you didn't -- well, the Padlock is relatively inexpensive, so you can probably afford to buy another, since the one you have is now useless.

You can also change your PIN or totally unlock the drive if you no longer have a need for its security.

Speed, pricing and the bottom line

According to Hd Tach, the Padlock has a burst speed of 15.9MB/sec. and an average read rate of 15.4MB/sec. Both are rather slow, and although there was no discernible difference during music or video playback, it did take four times longer to get an 888MB video onto the Padlock than it did onto Corsair's Survivor.

I found the 1GB model on PriceGrabber for $27-$39 .

The key feature of the Corsair Flash Padlock is the lack of any software whatsoever. That means there is no AES encryption, but it also means the Padlock is compatible with Vista, XP, older versions of Windows, Linux, and yes, even Mac OS X. If you don't want or need the cross-platform versatility, or aren't comfortable with a keypad and a drop of glue standing between your data and the outside world, select one of the faster and more secure drives in our roundup. --Bill O'Brien

2. The Corsair Survivor

In a world of push and slide or pop-off flash drive ends, Corsair may have inadvertently developed the perfect security feature for its Survivor GT . The aluminum barrel is capped by two seemingly immutable ends -- immune to pushing, sliding or yanking.

So how does the Survivor GT connect to your PC's USB port? The drive actually screws in and out of a protective barrel.

Security features

Survivor uses TrueCrypt 4.3 encryption software, which is a 256-bit AES encryption method operating in the XEX-based Tweaked CodeBook mode. The 256-bit AES encryption protocol has become the standard for secure drives at this point, but TrueCrypt's implementation is possibly an overly onerous application for the average joe.

The setup is fairly easy if you follow along with the Beginner's Tutorial . It will walk you through all of the steps needed to setup a TrueCrypt "container," which is simply a secure area of storage on the flash drive that you can make either visible or invisible to prying eyes. (Just don't select an existing volume or folder name. It doesn't become encrypted; it gets erased if you do.)

Encryption options come next, including your selection of available hash algorithms. If you're not up to speed on those things, the pre-chosen defaults are plenty secure for the average potentially careless owner. The onerous password selection assails you immediately thereafter and, the more closely you follow TrueCrypt's recommendations, the more secure your data will be.

The software has a 93-page electronic user manual , recommends a 20+ character password (to a maximum of 64) that includes non-alpha or numeric characters, and has a paragraph on "Plausible Deniability" that begins, "In case an adversary forces you to reveal your password," and then goes on to describe that TrueCrypt leaves no visible fingerprint on your drive or files to indicate protected data exists, so you can disavow that there is any. It all works in the long run, but in most cases, the user won't be a member of the Special Forces carrying covert ops information (see " Civil liberties groups sue feds to get info on laptop searches by border agents ").

Speed, pricing and the bottom line

The Survivor is available in 4GB through 32GB versions in two models: the plain old Survivor and the GT iteration that Corsair describes as providing "fast data transfer using performance IC-paired memory and controllers." In all honesty, it's relatively fast at 25.1MB/sec. burst and 23.6MB/sec. for average read (according to Hd Tach), but Corsair's older Voyager GT is noticeably faster.

Corsair Survivor's TrueCrypt software makes the drive only compatible with Windows Vista, XP, and 2000.

Pricing for the Corsair Survivor on PriceGrabber ranges from $30 for a 4GB model to $108 for a 16GB model .

While this drive's security features can be difficult to follow at times, is true to its name: Survivor. It's much larger than the other drives, but it's priced very reasonably by comparison and offers capacities well above the other drives tested. --Bill O'Brien

3. The Imation Pivot Plus Flash Drive

The Pivot Plus Flash Drive is not actually made by Imation; it's manufactured for the company by a firm that Imation won't disclose. But I really like several features about this simple drive.

For one, I like its form factor: It's small but not too small, and it opens on a pivoting arm from a sheath that protects the USB plug, so there's no cap to lose (I always lose my USB stick caps). I also like that everything you download to this drive is automatically encrypted -- period. There's only one partition for storage and it's secure, so human error can't be a factor in exposing data.

Because of the simple physical makeup of this drive, I expected my experience would be describable in a word: easy. Alas, it wasn't.

Immediately after plugging in the Pivot Plus Flash Drive, I was slapped with a rather inscrutable message stating "No Imation Pivot Plus Flash Drive found. Pivot Plus Login Application will now terminate." I called Imation and the company explained that the security feature on the drive requires two drive letters be assigned to the device. The first drive letter is automatically assigned to a read-only, preformatted partition of the drive that has no usable capacity assigned it; the second drive letter is assigned to the flash drive's main read/write partition.

My PC assigned the letter "E" to the security portion of the drive, but then it couldn't assign the next available drive letter ("F") to the device because it was already assigned as my network share. Imation called this a bug in Microsoft Windows XP, saying that it will occur with any drive that uses similar security features.

There are two ways to address this glitch. The work-around involves remapping your network drive to another letter to free up the F drive for the local volume, or assigning a new drive to the USB flash drive. The alternative is to download a patch from Microsoft, a description of which is in this Microsoft knowledge base article .

I tried the patch, which is inconveniently not in any monthly Microsoft updates. You'll have to submit a request to Microsoft Online Customer Services to obtain the hot fix. Mine arrived later that day. Unfortunately, the patch didn't work, so I switched to plan B and went into my PC's Disk Manager File and changed the drive assigned to the flash drive. Onward and upward.

Security features

The first thing the drive log-in application asks is for a password and password hint. There is a minimum of seven characters that must include both alpha and numeric characters. Once you've created a password, a separate box allows you to continue the start-up in standard mode or switch to corporate mode. Corporate mode allows users to create an Administrator override password that can be used to access the drive in case they forget their password.

The start-up menu then asks for a password to log onto the Imation Encryption Manager Plus application. Once you do that, you're in, and all but 455KB of space is available to you.

Like most of the other drives tested for this series of articles, Imation's Pivot Plug USB stick uses 256-bit AES, hardware-based encryption in ECB mode. It features a single password-protected partition that does not allow storage of unencrypted content. And, after seven failed password attempts, the flash drive requires reformatting for use, a feature to protect against brute force security attacks. The hardware-based encryption software also leaves no footprint on whatever host computer you're using.

One feature I liked about this drive is a physical write-protection switch on the outside of the case. It works in the same way that the switches on the old floppy disks did -- push them one way, and you can write onto the drive; push them the other, and you can't. As a result, you can change your drive to read-only mode so that the files can't be overwritten accidentally.

Speed, pricing and the bottom line

It took 5 minutes and 20 seconds to copy a 1GB folder with 303 photos and/or video to the drive. An I/O test using Hd Tach showed a 16.1MB/sec. average read speed and a burst rate of 16.7MB/sec. The random access speed was .9 milliseconds -- pretty middle of the road. All in all, I wasn't impressed with the drive's speed, but on the plus side, the CPU utilization was a frugal 8%.

The Pivot Plus Drive is compatible with Windows ME, 2000, XP, Vista and Apple Mac OS 9.0 and above. The Pivot Flash Drive is also compatible with Windows Vista ReadyBoost technology, which is supposed to allow you to add memory to a system through the flash drive in order to improve performance. Computerworld , however, saw little benefit from its use (see " Vista's ReadyBoost flash drives lack significant boost ").

Pricing for the Imation Pivot Plus on PriceGrabber ranged from $41 for a 1GB model to $191 for an 8GB model .

While the Pivot Plus doesn't offer the best security of the drives tested, it's a good drive with better than average security. I'd recommend this drive to the average user because of its handy ergonomic design and relative ease of use. -- Lucas Mearian

4. The IronKey Secure Flash Drive

IronKey compares its Secure Flash Drive to an iPod, saying it's a hardware, software and online service all rolled into one product. I don't know about the iPod comparison, but from a security standpoint, this flash drive is impressive. The IronKey Cryptochip uses government-approved AES, CBC-mode, 128-bit encryption at the hardware level.

I tested the 4GB model. The drive comes in a sleek, stainless-steel, waterproof case that feels sturdy and quite heavy compared to other USB drives we've tested. The case has been injected with an epoxy compound that blankets the inner workings and keeps them dry and shock-resistant. Security-wise, what we liked right off the bat about this model is that the case would be extremely difficult to pry open without destroying what's inside. There is only a single seam along the drive's tightly-fitted, metal backing.

Security features

1 2 3 Page 1
Page 1 of 3
The 10 most powerful companies in enterprise networking 2022