7 secure USB drives

1 2 3 Page 2
Page 2 of 3

The first thing the IronKey drive asked me for after I plugged it into my laptop's USB port was to set up a username and password and configure a secure Web browser, which takes about two minutes. (There is little about setting up this device that is fast, but keep in mind that you're sacrificing speed for security.) IronKey has a password generator that can create passwords up to 99 characters in length at either normal strength with alphanumeric characters or stronger strength, which includes all keyboard characters.

To use the IronKey flash drive, you need to activate an online account. This is a necessary step to enable certain services -- such as online password backup, device and software updates and to access IronKey's encrypted Web-surfing service, which uses Mozilla's Firefox.

Besides creating an online username and password, you'll be asked to supply answers to three supplemental authentication questions that will verify your identity in case you ever lose your username or password. Failing to answer the questions accurately will lock you out of your account permanently.

After filling out your supplemental authentication questionnaire, IronKey then asks you to choose a photo from a group of antiphishing/antipharming protection images so that every time you log into your online account, the images appear and you can be assured it's IronKey and not a counterfeit site. But you're not done yet. Now you must also create a security phrase consisting of letters and numbers, which will also be used to authenticate your identity when you log into the site. (Compare antispam products)

Finally (and believe us, I was happy to know this was the last step), the company e-mails you an activation code that you must enter in a window to complete your online setup. The company does allow you to change personal security information at any time by accessing account settings. IronKey states that no malware can disable the drive's security features as it employs two-factor authentication, requiring the key in addition to your password to access the content.

After the initial setup, each time you plug in your IronKey drive, a menu will appear offering you the option to back up and encrypt files, manage your passwords and online account, change settings or access a FAQ page. One feature that I like about this menu is an option to leave the USB drive in the port, but also to relock the device so that if you walk away from your computer, no one walking by will have access to the device and the data stored on it.

IronKey automatically backs up your online passwords as you use them and offers secure data backup both locally and remotely, so that if you lose the physical drive, you can buy another drive and download your data via the online backup service.

If someone does happen to gain access to your flash drive and they fail to type in the correct password more than 10 times, IronKey will self-destruct, permanently locking out users and wiping out all the data on the drive. (See white paper and data sheet on the IronKey drive .)


From a speed standpoint, IronKey is well above average for the drives tested. According to the company, its 4GB model is faster than the 1GB. The 4GB model that I tested is supposed to have a 18MB/sec. write and 25MB/sec. read rate. It took me 4 minutes and 15 seconds to back up 251 files in 29 folders that contained mostly photos and a half-dozen videos representing 1GB of data.

Hd Tach tests showed speeds well above IronKey's literature: 31MB/sec. burst speed, an average read rate of 29.6MB/sec., and a 6-millisecond random access rate. The CPU utilization rate was vastly higher than any other drive we tested, at 22%.

A 4GB IronKey Secure Flash Drive lists for $149. Prices on Pricegrabber.com ranged from $71.50 for the 1GB model to $149 for the 4GB drive.

IronKey states that the prices reflect the use of longer-lasting single-level cell (SLC) NAND memory, as opposed to multilevel cell (MLC) memory of other drives we tested. Although MLC memory increases data density by storing 2 bits per memory cell versus one in SLC, it also decreases the life expectancy of the device. SLC memory lasts about 100,000 write cycles and MLC memory lasts about 10,000 writes.

I became quite fond of the IronKey drive. The automated password feature was nice when Web browsing and I found the interface intuitive and easy to use. I'm not fond of IronKey's removable cap, as removable caps in general tend to go missing rather quickly, but otherwise, this is a fast, easy to use, very secure drive. -- Lucas Mearian

5. The Kingston DataTraveler Secure -- Privacy Edition

Kingston Technology's DataTraveler Secure -- Privacy Edition (DTSP) flash drive can hold up to 8GB securely using 256-bit AES hardware-based encryption. Kingston refused to say what encryption mode the device runs in, citing that it was proprietary information.

This device is chunkier than most tested, but if you like a more substantial feel to a USB flash drive, this may be the one for you. It comes without fancy colors, just a serious-looking, gray-colored casing.

I plugged the USB 2.0 device into my test laptop, and Windows XP recognized and added two drives: the "E" drive contained a preformatted 6MB read-only partition with the security software (DTSP Launcher, along with the DTSP system files) and an "F" drive with no space available.

I had to run the installation program for the security software manually (the user guide says that autolaunching sometimes fails).

Security features

Kingston has two flavors of the DataTraveler drive for the security-conscious: the DataTraveler Secure and DataTraveler Secure -- Privacy Edition. The difference between the two is that the DataTraveler Secure edition can contain a partition without password protection, and there is no minimum number of characters required for a password.

In contrast, the Privacy Edition requires all data on the drive be encrypted and a password must be from six to 16 characters long and contain at least one uppercase letter, one lowercase letter, and one digit or special character (though there is no list of what special characters are acceptable). The password will be used to access all the files on the F drive and can be easily changed later if you wish.

The password screen also asks for a "hint" to remind you of the password. I entered the same text as the password itself (Backup1), but the software protested, saying "The hint you entered is too similar to the password." It did not object, however, when I inserted a space before the digit (e.g., Backup 1).

After installation, the F drive appeared in Windows Explorer with the name KINGSTON and with 7.58GB available. An icon is also added to the System Tray for accessing the drive and utilities (described below).

On subsequent boot-ups of my test system, the password prompt window automatically appeared when I inserted the drive into a USB slot. If it doesn't, you can run a program on the read-only partition (our E drive) to launch it manually. I never had to do that.

When you're done using the drive, click the Kingston icon in the System Tray and choose the "Shut Down" option to safely prepare the drive for removal. As with any USB device, you can also simply remove it (we never experienced data loss), though it's not the recommended technique.

If your drive is lost or stolen, you're protected: The person trying to access your files will have to enter your password. After 10 unsuccessful attempts (the default), the drive can no longer be accessed without formatting the drive, which will destroy all your data. (From the System Tray icon, you can also format the drive on demand, though you'll need the password if you're using Windows XP/2000 as a non-administrative user or Windows Vista with any user rights to complete the format.) Note that there is no provision to add a separate password to individual files -- just to the drive partition as a whole.

Speed, pricing and the bottom line

The company says the drive can read at up to 24MB/sec. and write at up to 10MB/sec. Using the Hd Tach's 32MB block size test, the benchmark registered 20.2MB/sec. burst speed, an average read speed of 13.2MB/sec. and utilized 10% of the CPU.

Copying a 1GB MPEG video file from my hard drive to the DTSecure Privacy took 98 seconds. Playback takes a little longer to begin; when I launched a 1.2GB MPEG file from the hard drive, it started running in Windows Media Player 11 after 45 seconds. When I double-clicked on the same file I'd copied to the DTSecure Privacy drive, playback started after 62 seconds.

The device works with Windows 2000 (SP3 and above), XP (SP1 and above) and Vista. To avoid drive-letter assignment, users without admin rights should have two available drive letters between physical drives and network shares.

The 8GB DataTraveler Secure -- Privacy Edition retails for $327 direct from Kingston . Ie found lower-capacity models on PriceGrabber for anywhere from $60 for a 512MB model to $150 for an 4GB model .

If you need to work with data on the go and want to make sure it's protected, the security software's password prompt is as simple as it gets, so you don't have to jump through hoops to get to your data. For professional or consumer alike, Kingston's DTSecure Privacy is a smart choice. -- Rich Ericson

6. The Lexar JumpDrive Secure II Plus

When it comes to securing data on a flash drive, ease of use can be nearly as important as, say, encryption -- if the security features are too hard to use, you won't bother to use them. As a result, despite offering three different ways to protect your data, the Lexar JumpDrive Secure II Plus gets no stars because of its poor user interface.

The 1GB model I tested actually only comes with 922MB free, because it needs 80MB for its utility software -- not a huge factor when purchasing larger capacity models.

Security features

This memory stick uses 256-bit AES, software-based encryption in CBC mode. When I inserted the drive into my test laptop, I were immediately presented with the Dashboard -- a four-item menu of options (create a vault, encrypt files, shred files and change settings).

If you want to protect a large group of files, you'll want to create a "vault." Vaults are folders you define on the drive itself. You give the vault a name and specify a password (from eight to 32 characters using any combination of letters, numbers and characters).

As you enter your password, a graphic shows the strength of your password as it moves from red (weak) to green (strong); the longer your password, and the more varied the characters (uppercase, lowercase, numbers), the better.

After establishing your password, you enter a hint (the only restriction we found was that the hint can't be exactly the same as the password itself) and choose a drive letter to assign to your vault. The Secure II software creates a folder on the Lexar drive and assigns that folder the drive letter you selected (we chose "F" since the drive itself was "E").

The drive comes with a meter that fills with 10 black dots, one for each tenth of total space used. The meter is visible even after you remove the drive or power down your system. Vaults, however, throw the meter a curve ball; they immediately register the entire vault as used space, even if you haven't stored a single file in the vault.

There are other problems with vaults. For example, you can't resize them, and when it comes to deleting vaults, the help file tells you to simply delete the vault using a file manager. I suspect that many users will try to delete the drive letter to which they've assigned the vault, which won't work. (You must go to the original drive -- E in my case -- and find the Vaults folder, then find the name of your vault and delete it there.)

To protect data you no longer need, you can shred it. The Shred command from the Dashboard opens a small window in which you can choose to shred in the Recycle Bin or shred your free space or individual files (as long as they're not in a vault). The file shredding utility simply writes over a file after it's been deleted.

Encrypting individual files, the third protection option, is far more tedious. You open the Dashboard, choose File Encryption, click the Encrypt Files tab, either click the Add button to navigate to the file you want to encrypt or drag a file from a list (such as Windows Explorer), click the Encrypt button, enter the password you want to assign, then wait a few seconds for the file to be encrypted. Secure II adds an LRS extension to the file name, and your file manager changes the icon to help you recognize it as an encrypted file. Unencrypting the file the same process in reverse.

If you want double protection, you can individually encrypt a file in a vault.

Unfortunately, Secure II doesn't hitch itself to the operating system. If you want to quickly shred an individual file, for example, you can't simply right-click it from a file list in Windows Explorer or a Windows application and choose a Shred option.

It's also a hassle to decrypt a file from within an application. For instance, if you're working in Word, you can't use the File/Open command, right-click an .LRS file, decrypt it, then open the just-decrypted file and begin editing. Instead, you have to start at the Dashboard, choose the File Encryption option -- you get the idea. After doing this a few times, the process becomes frustratingly tedious.

Speed, pricing and the bottom line

The Lexar JumpDrive isn't particularly speedy. In our Hd Tach tests we measured an average read speed of 15.5MB/sec., average CPU usage at 7% and burst speed of 15.9MB/sec. I copied a 909MB AVI file to the drive itself (the unencrypted E drive) in three minutes, 55 seconds. When I created a vault of the same material (which took nearly five minutes), the copy took an additional 60 seconds (a 25% premium). That was faster than individually encrypting the file: After copying it to the E drive, encryption took one minute, 55 seconds.

1 2 3 Page 2
Page 2 of 3
The 10 most powerful companies in enterprise networking 2022