Before we begin, it is important to know that there are 2 types of encryption for USB Flash Drive – hardware encryption and software encryption. The list in this article are portable software based encryption for your USB Flash Drive, if you are using Windows Vista and Windows 7: Enterprise and Ultimate editions, Windows 8 and 8.1: Pro and Enterprise editions, Windows 10: Pro, Enterprise, and Education editions, Windows Server 2008 and later, use BitLocker. BitLocker is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
Hardware Encryption VS. Software Encryption
Software encryption options are available on the market as a cheaper alternative to hardware encryption, but the disadvantages tend to outweigh the benefits. It often requires numerous updates to keep up with hacking techniques, could be quite slow, and may require complex driver and software installations. Software encryption also may not provide the full security that businesses are expecting, to keep sensitive information from falling into the wrong hands. Though software encryption is better than having no encryption at all, it may still be vulnerable to user error, leaving data to fall through the cracks and be susceptible to potential thieves. Since software encryption requires users to follow certain procedures in order to secure the data, users may forget – or choose to ignore certain aspects of the encryption process.
With hardware encryption on secure USB drives, the AES encryption process is handled automatically, built right in with a small chip inside the drive itself. Once original data is encrypted, it becomes undecipherable in the background and is locked away under encrypted storage within the drive. If a thief were to try to gain access to the data without the password, the attempt is by all practical means impossible. But once the user enters their private password, the data is decrypted instantly, and made fully available to the user.
- Uses a dedicated processor physically located on the encrypted drive
- Processor contains a random number generator to generate an encryption key, which the user’s password will unlock
- Increased performance by off-loading encryption from the host system
- Safeguard keys and critical security parameters within crypto-hardware
- Authentication takes place on the hardware
- Cost-effective in medium and larger application environments, easily scalable
- Encryption is tied to a specific device, so encryption is “always on”
- Does not require any type of driver installation or software installation on host PC
- Protects against the most common attacks, such as cold boot attacks, malicious code, brute force attack
- Shares computers resources to encrypt data with other programs on the computer – Only as safe as your computer
- Uses the user’s password as the encryption key that scrambles data
- Can require software updates
- Susceptible to brute force attack, computer tries to limit the number of decryption attempts but hackers can access the computer’s memory and reset the attempt counter
- Cost-effective in small application environments
- Can be implemented on all types of media
Hardware based encryption is always the better option, all the drives in this roundup use the 256-bit AES hardware encryption required to achieve FIPS 140-2 Level 2 certification. SanDisk SecureAccess did not make it to the list because it is a software based encryption. Below are 3 hardware based encryption available worldwide.
- Kingston DataTraveler and IronKey series
- Corsair Flash Padlock
- Verbatim Corporate Secure USB Flash Drive
↓ 01 – EncryptStick | USD13 | Encryption: Standard(128/256 Bit) | Pro(512/1024 Bit)
Transform Any USB Flash Drive into a Digital Privacy Manager. Keep your private files safe, Manage your passwords, Browse the web privately. Everyone has private digital files that need extra security. They’re the ones on your computer or other devices that could cause serious consequences if they fell into the wrong hands: photos, videos, financial records, identity passwords and sensitive documents. Lost or stolen devices, or violated files, put you at considerable risk of embarrassment, identity theft, financial loss and marital problems — even job loss. Why take a chance when you can take a few seconds to permanently secure your digital privacy?
- Strong & Fast Encryption – The EncryptStick encryption engine uses fast and strong AES algorithms. You have the option to encrypt your vaults with 128, 256, 512 or 1024-bit AES ciphers. Our encryption is registered and government approved, and is FIPS 140-2 compliant.
- Limited Login Attempts – Ten failed login attempts locks EncryptStick’s login screen for a full minute thereby significantly reducing susceptibility to brute force password attacks.
- Instant Lock – This feature Instantly locks the EncryptStick application, your vaults, and all functions, wipes all information from the program’s temporary files, clipboard, cache and secure memory.
↓ 02 – VeraCrypt Portable | Free | Encryption: 128 and 256 bit
VeraCrypt is a free disk encryption utility allowing you to both encrypt full physical drives and make encrypted logical volumes. VeraCrypt requires admin rights to operate. VeraCrypt is a free disk encryption software based on TrueCrypt 7.1a. It allows secure encryption of full disks as well as virtual volumes that can be mounted on the fly. VeraCrypt has support for various encryption algorithms (AES, Serpent, TwoFish), keyfiles, security tokens, hotkeys, and more.
Encryption Algorithms, VeraCrypt volumes can be encrypted using the following algorithms: AES, Camellia (Mitsubishi Electric and NTT of Japan), Kuznyechik (National Standard of Russian Federation), Serpent, Twofish, AES-Twofish, AES-Twofish-Serpent, Serprent-AES, Serpent-Twofish-AES, Twofish-Serpent.
↓ 03 – Rohos Disk Encryption | EUR 30 | AES 256-bit encryption
The Rohos Disk program creates hidden and protected partitions on a computer or USB flash drive and password protects/locks access to your internet applications. When there are megabytes of sensitive files and private data on your computer or USB drive, you cannot imagine life without the hidden partition created with this wonderful tool. Strong & On-the-fly disk encryption Rohos disk uses the NIST-approved AES encryption algorithm and 256-bit encryption key length. Encryption is automatic and on-the-fly.
↓ 04 – GiliSoft USB Encryption | USD50 | 256-bit AES Encryption
The USB flash disks of today are a very efficient and excellent solution files sharing, carrying around or even backup. But USB Flash Drive are designed to be small in terms of size, it is also easy to misplace or worst case, get stolen. GiliSoft USB Encryption enables you to encrypt USB flash drive, all these problem can be handled with ease.
GiliSoft USB Encryption is a comprehensive, easy-to-use solution for USB security that supports encrypting portable storage device (external drive) and can divide external drive into two parts after encryption: the secure area and public area. Converts a regular USB flash drive into a secured one in less than a minute, data on the protected area (Secure area) is encrypted by 256-bit AES on-the-fly encryption.
↓ 05 – LaCie Private-Public | Free | AES 256-bit encryption
LaCie Private-Public is the easiest way to protect your important and confidential files. LaCie Private-Public is a standalone application that uses state-of-the-art encryption technology. Sitting on your LaCie USB Key or any other mobile drive, it does’t need to be installed on a computer to run. Whether you’re away from home on a PC or Mac computer, simply plug in your key, launch LaCie Private-Public, and enter your password to gain access to all your files.
Protect your office documents, personal photos, passwords, and other confidential information. With one- click encrypt/decrypt capabilities, LaCie Private-Public is probably the easiest most usable and most secure encryption software you will find. LaCie Private-Public is the perfect companion to any LaCie mobile device or USB key.
↓ 06 – USB Security | USD35 | Standard Encryption
Kakasoft USB Security well protects your sensitive information in USB drives with the strongest encryption technique. This USB disk security program ensures comprehensive data security of your confidential data on your USB flash drives and protects them from unauthorized access with the adoption of marvelous cryptography and advanced encryption method.
Sensitive and valuable data needs urgent protection. With feature-rich USB Security you are able to secure the external drive as a whole and supports password protecting USB flash drive, HDD hard drive, thumb drive, pen drive, memory stick, memory card and all other portable storage devices in Windows system. You will never need to worry about leakage or breach of any valuable information even you lost the USB disk.
↓ 07 – USBCrypt | USD50 | 256-bit AES encryption
USBCrypt is a powerful software encryption utility for Windows 10, 8, 7, XP that protects your sensitive information from unauthorized access. It locks the bad guys out, and protects your personal, business, and financial data. Use USBCrypt to encrypt your USB and other removable and fixed drives with strong encryption. USBCrypt uses the industry standard AES encryption algorithm to protect your files, the strongest protection available.
↓ 08 – Kruptos 2 Go | USD20 | 256bit file encryption
Kruptos 2 Go is a password protection tool for your USB Drive which protects your privacy and important data from data theft, data loss or leaks. Just drag and drop your files and folders into Kruptos 2 Go’s encrypted ‘Vault’ and they will immediately be password protected which prevents your important data from being modified, read or even accessed without the correct password.