Knowledge is power and keeping it secured from unauthorised eyes is important, be it inside of a computer, on external hard drive or on USB flash drive. Especially small external devices are easy to lose and can leave your data vulnerable if not encrypted. Fortunately there are solutions like iStorage datAshur Personal2 which is an USB flash drive with combination of hardware encryption, physical keypad and tamper-proofing. I got 8 GB version of Personal2 for testing (for free) and here’s a quick review how the device works.
iStorage datAshur Personal2 is an USB 3.0 flash drive designed to keep your data protected from unauthorised access even if it’s lost or stolen. It’s operating system and platform-independent and available up to 64 GB. The beef about the flash drive is that user needs to enter 7-15 digit PIN code onto the rechargeable battery powered on-board keypad before connecting the drive to the USB port and accessing the data. All data transferred to the datAshur Personal2 is encrypted in real-time with built-in XTS-AES 256-bit hardware encryption. The device automatically locks when unplugged from the computer or power to the USB port is turned off and it can be set to lock after a certain amount of time. And what’s good about hardware encryption is that it (in theory) shouldn’t slow the drive down when writing or reading files to or from the drive. The device has protection against brute forcing and it’s aluminium housing is dust- and water- resistant.
Personal2 differs from most flash drives in length, being a little longer to accommodate the keypad. Buttons are quite small so large fingers may have some difficulty finding the right key. Overall build quality looks good although the removable USB plug cover is cumbersome and easily lost. The keypad is powered with rechargeable battery and even if the battery goes dead you can just recharge it from the USB port. The keypad on the iStorage datAshur is critical for security as it means the device works independently from a computer and prevents a keylogger from recording a code entered via keyboard. It also makes it operating system and platform-independent and doesn’t require any specific software or drivers.
The datAshur Personal2 can be configured with two different PINs: user and admin PINs, making it perfect for corporate and government deployment. If the user forgets their PIN, the drive can be unlocked using the Admin PIN which will then clear the old User PIN and allow the User to set a new PIN. It also ensures that the corporate data can be retrieved from the device when an employee leaves the company.
The device also has a reset feature which clears both User and Admin PINs, deletes all data, creates a new randomly generated encryption key and allows the drive to be reused. To prevent brute-force attacks, if both admin and user PINs have been created and incorrect user PIN is entered ten consecutive times, the brute force mechanism will trigger and the user PIN will be deleted. If the admin PIN is entered incorrectly ten consecutive times, then both the user and admin PINs, the encryption key and all data will be deleted and lost forever. The device will revert back to factory default settings and needs to be formatted before it can be reused.
The device comes with quick start guide which tells you how to unlock the drive and how to change the user PIN. I tested the Personal2 with macOS Sierra and getting started with it was easy. The drive worked just like any other normal USB flash drive and after unlocking it was recognised as usual. I didn’t measure the read or write speeds but they seemed fine for that size of a drive. They say that it’s up to 116MB/s read and 43MB/s write which is typical for small USB 3 flash drives. Of course decent performance is required but transfer speeds are not the reason why you buy encrypted USB flash drives.
The datAshur Personal2 isn’t the first or last encrypted USB flash drive with hardware keypad but it seems to work nicely. It costs somewhat more than a normal USB flash drive (8GB is £39, 64GB is £79) but that’s what you pay for keeping sensitive data secured. And what comes to performance, it’s always a compromise between security and speed.