Portable storage for the paranoid: We test two secure USB drives on keypad vs. software security

ask321

Congratulations: You’ve decided your data is sensitive enough (or you’re paranoid enough) to store it on a secure USB drive. Basically encrypted storage on a stick, these portable flash drives come with FIPS 140-2 level three validation, meaning the cryptographic module will be rendered inoperable if tampering is detected. It costs quite a bit to acquire validation, which is part of the reason for premium pricing of these drives.

Most people administer and unlock secure USB drives using software apps, which run on the host machines to interact with the drive. That’s the approach taken by the Kingston Data Traveler 4000 G2 (second generation) USB 3.0 thumb drive that’s reviewed here.

The other method is to put a numeric keypad on the drive itself that lets the user to unlock it with a PIN. Apricorn’s Aegis Secure Key 3.0 USB 3.0 thumb drive is a popular implementation of this less common method, and we’ve tested this device as well.

The upside to software is that it’s cheaper to implement, and if done properly, extremely secure. But the vendor must also provide an app for every operating system the drive will encounter, and you’re pretty much limited to desktops or laptops.

A keypad drive is hardware-agnostic. That is, once unlocked, you can use it with anything that recognizes USB mass storage—car stereos, media players, and Smart TVs, for example, as well as PCs and tablets. Few people need to access their sensitive data on anything other than a computer, but if you do, a secure flash drive with a keypad is the way to go.

datatraveler 4000 gen 2 dt4000g2 64gb ac hr 22 01 2015 19 40

Kingston’s Data Traveler 4000 G2 needs to be unlocked from the computer it’s connected to. The key isn’t this long, that’s the cap attached on the back.

Design

If it weren’t for the label and a slightly heftier feel, you couldn’t tell the Data Traveler 4000 G2 from a non-secure USB thumb drive. The drive is divvied up into a 16MB portion that emulates a CD containing the installer for Windows, OS X, and Linux, and the data partition, which becomes available after you create and enter a password.

The software is simple, elegant and seems secure. However, I think it should have a secure virtual keyboard for entering data when you suspect or are worried that your keystrokes are being logged.

The Aegis Secure Key 3.0 is a bit larger than your normal flash thumb drive. That’s to accommodate a usably sized keypad, which in this case consists of two columns of number keys (0-9), a lock button, an unlock button, and three status lights (red, green and blue).

The keypad runs off of a rechargeable battery when the drive is out of the USB port. This is a must—accessing the keypad when the drive is inserted into a USB port can be awkward or worse.

By using a combination of the unlock/lock buttons and the keypad you can define admin and user passwords, reset the drive, and obviously—enter PIN codes (or 7 to 16 digits) to access the data partition. It’s fairly simple, but this time you do need to read the instructions first.

Note: There’s one downside to using long PINs: They can be hard to remember. The keyboard is alphanumeric, so you can spell rudimentary words—and you know, of course, not to use anything easily obtainable like your phone number or social security number. Also, it’s possible to spot wear and debris patterns on keys. The Aegis Secure Key minimizes these vulnerabilities, but they do exist.

Performance

The Aegis Secure Key 3.0 is a lot faster than its USB 2.0 ancestor, but the 4000 G2 proved faster still. CrystalDiskMark’s 4MB and my own 20GB large file copy tests saw upwards of 230MB/s with the 4000 G2 compared to the Aegis’s 122MB/s. The latter is a more common result, so props to the 4000 G2. I used the 32GB units for my reviews.

But CrystalDiskMark also rated the 4000 G2 as being ten times slower writing 4K files than the Aegis Secure Key 3.0 at a miniscule 3MB/s. I’m guessing oddities or a trade-off in the encryption algorithm. In my real-world 20GB file and folder test, the 4000 G2 was quite slow during the small text file portions, but when it hit slightly larger files it took off and still bested the Aegis Secure Key 3.0 170MB/s to 108MB/s reading, and 33.8MB/s to 32.8MB/s writing. Both drives were formatted with the NTFS file system.

The Kingston is available in smaller capacities starting at 4GB, while the Secure Key 3.0 starts at 30GB, so the Kingston is playing to a wider audience. However, while the 32GB version of the 4000 G2 is slightly cheaper than the 32GB Secure Key 3.0, at 64GB the 4000 G2 is far more expensive. Note that the Kingston drives are available at very steep discounts, while the Aegis Secure Key 3.0, available only from Apricorn, is not. See the price list below.

Capacity

Aegis Secure Key 3.0

Kingston 4000 G2

4GB

not available

$53

8GB

not available

$68

16GB

not available

$113

32GB

$199 (30GB)

$186

64GB

$229 (60GB)

$337

120GB

$269

not available

240GB

$369

not available

Conclusion

The Aegis Secure Key 3.0 is the more convenient, versatile product. You can use it with any device and once you’re used to using the keypad, it allows quicker access to your data than any app-accessed drive.

On the other hand, the Kingston Data Traveler 4000 G2 is far faster with large files. That can be a real time-saver depending on your usage. My biggest beef with the 4000 G2 is the retail price price of the 64GB model. But if you shop around, you can find it discounted online at roughly the same price as the 64GB Aegis Secure Key 3.0.

I rated both products with the same four stars, so this is a pick-‘em based on your preferred method of access. You will start more conversations with the keypad. 

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.