How can I make a flash drive more secure?
January 19, 2006 12:02 AM   Subscribe

How do I make a flash drive more secure?

My father recently bought himself a flash drive, and now uses it for transferring all sorts of work documents to and from home. He asked me if there was any way of putting a password on it, or securing it somehow to stop someone reading all his work documents in the event it was lost / stolen.

I had to admit I was stumped.

So the question is, is there some way of making a generic flash drive more secure? I would like something fairly simple, maybe something where you pop the flash drive into the USB port and it prompts you for a password. I don't even know if this is really possible.

I did a bit of googling but never managed to find quite what I was looking for.
posted by tomble to Computers & Internet (18 answers total)
posted by pompomtom at 12:10 AM on January 19, 2006

PGPi -- useful for more than just flash drives.
posted by krisjohn at 12:26 AM on January 19, 2006

If it's your dad, you probably want it to be dead simple.

Assuming we're talking PC here, I would suggest this solution. WinZip is also useful and pretty much foolproof for creating password protected folders.
posted by insomnia_lj at 12:48 AM on January 19, 2006
posted by raaka at 12:56 AM on January 19, 2006

If it's Windows XP you'll have encryption for NTFS volumes built in. I've not used it myself though.
posted by ed\26h at 1:17 AM on January 19, 2006

I second the WinZip solution.

It's not wise to use NTFS on a flash drive, because you might be in a situation where you have to connect it to a non-Windows 2000/XP computer and it will not be able to read it (some OS's have read support), and almost suredly will not be able to write to it.
posted by Mijo Bijo at 1:22 AM on January 19, 2006

To expand on that a little, my suggestion would not work on Windows 2000 either, as it requires an encrypting file system on top of NTFS - it's purely an XP solution.
posted by ed\26h at 2:45 AM on January 19, 2006

I also second the Winzip (or Winrar) solution. You can run winrar right off the flash drive, for that matter. And Winrar has an option to mask/encrypt the filenames in the compressed file as well, making it a little more secure than winzip.
posted by tiamat at 3:01 AM on January 19, 2006

Assuming your Father is running Mac OS X (you didn't specify so I get to assume whatever I want), then the easiest way is to use Disk Utility and create a password protected sparse disk image. The disk image is AES encrypted - which is good, and by using a sparse image the disk image wont take up any more room than it has to.
posted by schwa at 5:24 AM on January 19, 2006

Do not forget to zero out (or better yet, radomize) the data on the flash drive first! If you don't, the old, unencrypted documents will still be easy to access with the right tools. I believe the DOD standard is to wipe it seven times with a random pattern.
posted by shepd at 5:48 AM on January 19, 2006

Yes, 7. Gutmann recommends 35, though I think that was based on old hard drive technology.

Seconding TrueCrypt - it's surprisingly easy to use, once set up.
posted by blag at 6:09 AM on January 19, 2006

Secure Deletion of Data from Magnetic and Solid-State Memory

some people have treated the 35-pass overwrite technique as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data
posted by Sharcho at 7:40 AM on January 19, 2006

Thirding truecrypt if he's serious about the security. Amazingly easy to use and setup, much better than PGP in that regard. Windows built in encryption won't work unless his home machine is on the domain his work machine is on.

Note that the nature of TrueCrypt, or any truely secure encryption alogrithm, is there will be increased wear on his flash drive.
posted by Mitheral at 7:42 AM on January 19, 2006

Windows built in encryption won't work unless his home machine is on the domain his work machine is on.

You'd need to add the certificates to the logon you're using if you're transporting the files to a separate network, as I understand it.
posted by ed\26h at 8:42 AM on January 19, 2006

One note about Truecrypt - it needs to have a device driver installed on the destination computer in order to access the encrypted files. This might be an issue if you need to access the secured files from a system where you don't have administrator privileges (since non-administrators can't install device drivers). This is noted in the Truecrypt FAQ.
posted by gwenzel at 8:56 AM on January 19, 2006

You can buy flash drives that have security/encryption mechanisms built into the hardware. That's probably the simplest and most secure.
posted by winston at 10:29 AM on January 19, 2006

I wouldn't trust the built in encryption on a flash drive. Who knows what method they are using, how secure it is, or whether the implementation has a flaw.
posted by Mitheral at 11:41 AM on January 19, 2006

My vote goes to Keynesis Lockngo Pro. Simple interface, solid encryption -- this is an exceptional product.
posted by JudgeBork at 12:55 PM on January 19, 2006

« Older What is the best pool cue I can get for under 100...   |   Best way to carry condoms with you Newer »
This thread is closed to new comments.