Security

With small, portable USB flash devices, security takes on paramount importance. How easy it is to lose such a small device, or even forget to unplug it from a computer at work, at school, or in a public library. You don't want your financial data, personal information, or even e-mail passwords to fall into the wrong hands. The following software, if used conscientiously, will help to reduce if not eliminate those risks.

KeePass Password Manager

A terrific free, easy-to-use open source password manager. Choose the zip file download for use on a USB device rather than the exe installer. Use a master password and/or key file to protect and encrypt the entire data file. You can organize password accounts into meaningful groups and subgroups, and you can choose to display or conceal passwords and users names.

This product is so good that I use KeePass not only on my USB devices but on all of my home computers as well.

PasswordSafe

A very good open source password manager that stores data in encrypted files. Not quite as robust as KeePass (no search feature, for example), but easy enough for my two young children to use. Multiple users can (and should!) each create their own data file. For the portable version suitable for usb flash drives, download the file ending with a "-bin.zip" construct; select files ending in .msi or .exe for the fully installable versions on a normal pc hard drive.

In the latter case, be aware that unless you install separate versions of the program for each user, it appears that multiple users must all share a common configuration file (pwsafe.cfg). To avoid annoying error messages when closing the program that has previously been opened by a different user, you might want to consider allowing all users to have write privileges to that configuration file. (Those of us still using XP Home edition can use the command utility called cacls to accomplish this.) [Added 8 September 2009]

FreeOTFE Explorer Disk Encryption

OTFE stands for on-the-fly encryption. This program comes in three flavors: FreeOTFE, FreeOTFE4PDA, and FreeOTFE Explorer. Each comes either as an installer or a zipped file. For a USB stick, I recommend FreeOTFE Explorer zipped version. It does not make any registry entries, it does not require any admin privileges, and it does not load any drivers (driverless). In short, it minimizes the dependence on the host machine.

Using a Windows Explorer-like interface, users create a password-protected "volume" that serves as a container for encrypted files; "mount" the volume that enables it to be used; and then select the files to be "stored" in the encrypted, password-protected volume just created. Volumes that contain the encrypted files can be recognized by the .vol file extension that FreeOTFE assigns by default. To use the encrypted files, users simply "extract" them from the volume. In the course of creating the volume, users can select from a wide variety of hashes and ciphers.

Remora USB Disk Guard

Remora USB File Guard

I have always avoided placing documents like my favorite address book onto my USB devices. That is because those documents often contain sensitive information like account numbers that I might need to have readily available when I call my bank, credit card company, gas or electric company, etc. If I were to somehow lose the USB device, I certainly do not want complete strangers who might find it to avail themselves of that sensitive data for nefarious purposes like draining my bank account.

As a result, I have been looking for a good USB encryption utility for a long time, but when I found these two programs, I stopped looking any further. Remora USB Disk Guard in particular is just what I want: unobtrusive, intuitive, and effective. Most important, it allows users to target selected files and folders unlike many USB security programs that create unwieldy "containers" or folders.

When you first install this program, it prompts you to establish two passwords: one to open the application itself and a second to actually encrypt/decrypt selected files and folders. After that, a small but cool-looking USB icon appears with five small buttons: "Encrypt selected files," "Decrypt selected files," "Encrypt selected folders," "Decrypt selected folders," and "Configuration." Each button does exactly what it tool tip name implies. The first four buttons produce an Explorer window for you to navigate to the file or folder you wish to encrypt or decrypt, and the fifth button presents a list of options to select or deselect. (As you might expect, the folder options encrypt or decrypt all files within the selected folder.)

After encrypting a file, Remora USB Disk Guard appends a file extension ".~s" as a visual cue that it is not an ordinary file, and it leaves the encrypted file in its original place. Decrypting a file reverses this process: it removes the ".~s" extension and returns the file to its original name.

This is in stark contrast to its worthy companion utility, Remora USB File Guard. This program presents a complete list of all encrypted files in a single Exploer window. Users then import (encrypt) and export (decrypt) files. Unless you avail yourself of the "Delete selected file(s) when copy to USB disk," the original file will remain in place in all of its unencrypted glory. On the other hand, if you do use that option, the file appears missing altogether with no visual prompt that the file is present somewhere else albeit in encrypted format.

I personally prefer the stark simplicity of the Disk Guard program because it is less taxing on my failing memory, but the File Guard utility is also excellent in its own way. I have read some critics who contend that these two products use a 128-bit Blowfish encryption algorithm that is not as secure as some other programs, but even that is still much better than nothing. Some encryption is an absolute must for anyone with sensitive data files on a USB device.

With the protection afforded by these two programs, I now feel comfortable enough to place my address book onto my USB thumbnail device.

One final note of caution: if you change the encrypt/decrypt password in Disk Guard, the new password will not apply to files already encrypted. To open files encrypted with an older password, you will need to remember the particular password used to encrypt that file or folder! [Added 20 July 2010]

Toucan Synchronization & Encryption

This program can synchronize the data in any two folders, but its greater value lies in encrypting files. When you select a file to encrypt, Toucan adds a .cpt extension to the original file name. If you select a folder, it simply encrypts all the files in the folder one by one and renames each file with the same .cpt extension. The program's Windows Explorer interface makes Toucan very easy to use. However, options are meager, and it is not at all apparent how strong an encryption algorithm Toucan uses. Even so, it is probably good enough to thwart the ordinary, casual miscreant.