Encrypted flash drives use either software or hardware encryption (or sometimes both) to prevent other people from accessing your data.
While this is becoming increasingly important in day-to-day life due to the number of complex passwords and login details needed for online banking and other essential activities, it’s also important when the SHTF. Your encrypted flash drive should be one of the items you keep with you when disaster strikes.
Standard USB flash drives are inexpensive and can hold a lot of data. But they’re also easy to lose, and you don’t want your internet passwords or treasured family photos ending up in the wrong hands.
There are lots of companies making big claims about their products. This article looks past the marketing jargon to identify the most secure flash drives to keep your private data private.
Yes, there’s a lot of jargon when it comes to encrypted USB drives!
We’ve summarized the most important points in the table below. (We also go into deeper detail in the buyer’s guide below the reviews.)
|Jargon||What It Means||What to Look For|
|Encryption standard||The method used to scramble data on your flash drive so it can’t be read by unauthorized people.||AES encryption.|
|AES||Advanced Encryption Standard – the encryption standard used and recommended by the US government.||128-bit encryption is sufficient but 256-bit is the gold standard.|
|XTS||This describes the block cipher mode that’s part of AES specification. Other modes include ECB and BCB.||XTS provides top-level protection.|
|FIPS levels||FIPS standards are the US federal benchmarks for cryptographic security.||FIPS 140-2 Level 2 or higher gives maximum security.|
|IP ratings||A standard that assesses how resistant a device is to dust and/or water.||IP67 offers a good all-around level of protection. IPX8 is the best.|
Secure Flash Drive Reviews
Best Encrypted Flash Drive: Apricorn Aegis Secure Key 3Z
Capacity: 8GB–128GB | FIPS 140-2 Level 3 | 256-bit AES XTS encryption | USB 3.1
This award-winning USB flash drive has top levels of protection, fast transfer speeds, and is reasonably durable. It’s not the cheapest option, but a range of storage sizes is available from 8GB up to 128 GB.
The Secure Key 3Z incorporates the most sophisticated encryption readily available on the market – 256-bit AES XTS. It meets the FIPS 140-2 Level 3 standard, incorporating hardware encryption, tamper resistance, and identity authentication. A coating of hardened epoxy protects the internal components from physical tampering.
The drive is unlocked by entering a PIN on the keypad. You can set the pin to be between 7 and 16 digits in length (the longer it is, the more secure), and you’re able to specify the number of incorrect attempts that can be made before the brute-force defense mechanism activates, deleting the encryption key and destroying the ability to decrypt stored data.
Because the device is so compact, you may find the keypad fiddly to operate if you have large fingers, which could be a downside over other unlocking methods.
The 3Z offers fast data transfer with up to 190MB/s read and 80MB/s write. This is significantly faster than the Secure Key 3NX, which otherwise has a similar spec at a lower price (though it is not currently FIPS 140-2 Level 3 accredited).
- Top levels of security protection
- Fast data transfer
- IP67 rating (dust and water resistant)
- Crush-proof casing
- Ability to set attempts figure for brute-force mechanism
- Keypad can be fiddly
- Device can get hot
Most Durable: Kingston IronKey D300
Capacity: 4GB–128GB | FIPS 140-2 Level 3 | 256-bit AES XTS encryption | USB 3.0
IronKey is a well-respected brand when it comes to encrypted devices, and the D300 was a top contender for our best buy. It lost out to the Aegis Secure Key by being more expensive and incompatible for Mac users.
The D300 is FIPS 140-2 Level 3 certified with top-level 256-bit AES XTS encryption. It also uses digitally signed firmware, making it immune to BadUSB.
The IronKey beats the Aegis Secure Key hands down in durability. There’s no keypad and, therefore, no battery to run down. The zinc casing is rugged, secure, and waterproof down to four feet. You can freeze it, stand on it, heat it up, and chuck it around to your heart’s content, and it’ll still work.
Unfortunately, there is a price to pay for this rugged security. It’s a lot more expensive per gigabyte than other devices, and it’s not plug-and-play – you need to go through a setup procedure on your computer.
- Top-level security
- Excellent durability
- Waterproof (IPX8)
- Not plug and play
Best for Storage: iStorage diskAshur PRO2
Capacity: 500GB–5TB | FIPS 140-2 Level 2 | 256-bit AES XTS encryption | USB 3.1
Technically, the diskAshur Pro 2 is a portable hard drive, not a flash drive, but it’s compact and lightweight, so if you’re looking for a high-storage, mobile, encrypted device, this is the one we’d recommend.
It has top-level AES XTS encryption and a Level 2 FIPS 140-2 validation. This means it’s protected from physical tampering and brute force attacks. However, the brute-force hack defense system is designed to activate after 15 incorrect attempts, which you may feel is too high a threshold.
The device is unlocked using a pin of between 7 and 15 digits. The epoxy-coated keypad is designed to hide key usage and help avoid worn keys.
It works across all operating systems, and data transfer is reasonably fast. On the downside, it’s bulkier than a USB flash drive and expensive. But if you want a secure way to store large files, that’s the price you pay.
- High storage capacity
- Works on all operating systems
- FIPS 140-2 Level 2 certified
- Fast data transfer
- Bulkier than other USB flash drives
Best for Photos and Videos: SanDisk Extreme Pro
Capacity: 128GB–256GB | 128-bit AES encryption | USB 3.1
The SanDisk Extreme Pro doesn’t offer the same level of security as the other flash drives we’ve reviewed, but its setup and competitive price make it the best option for certain users.
It’s designed primarily with fast data transfer in mind. The read speed of up to 420MB/s and write speed of up to 380MB/s is more than twice that of the other devices we’ve looked at. It also has a much larger capacity. This makes it ideal for storing photos and videos.
The reason it’s so much faster is because, unlike the other flash drives, the whole device isn’t encrypted. Instead, you use the SanDisk Secure Access software to create a specific folder for the files you want to keep secure. The software has 128-bit AES encryption, giving additional security beyond password-protecting individual files.
This offers a cost-effective compromise if you want a flash drive to store family photos and some personal data. It just won’t be as resistant to hackers as more expensive options.
- Very fast transfer speeds
- Large capacity
- Ability to separate encrypted data
- Very affordable
- Lifetime limited warranty
- Not as secure as other models
- Software download required for Mac
Best Fingerprint Encryption: Verbatim Fingerprint Secure
Capacity: 32GB–128GB | 256-bit AES encryption | USB 3.0
This tiny device uses 256-bit AES encryption and fingerprint recognition to secure your data. It isn’t as secure as FIPS-validated devices (for example, it doesn’t have physical tamper protection), but it offers a method of protecting your data that doesn’t require you to remember a password.
You can register up to six authorized users and grant them administrator or access-only rights. This makes it an excellent option for families as it allows you to securely store emergency information that adults and older children can easily access.
The flash drive is compatible with both Windows and Mac and offers more storage space for your money than higher security devices.
- Doesn’t require a password to access
- Good option for multiple users
- 256-bit AES encryption
- Not as secure as other flash drives
- Slow data transfer speeds
What You Need to Know About Encrypted Flash Drives
Levels of Protection
An encrypted flash drive is much more secure than keeping personal data on your laptop or desktop. But not all secure flash drives offer the same level of protection.
FIPS 140-2 (Federal Information Processing Standard) provides a benchmark for assessing the level of protection for cryptographic hardware. If a product carries a FIPS 140-2 standard, you know it’s been tested and approved by the US and Canadian governments.
There are four levels of protection, with each level building on the previous one:
- Level 1 – some form of encryption
- Level 2 – encryption plus tamper-proof technology
- Level 3 – additional physical tamper-resistance and identity-based authentication
- Level 4 – more stringent physical security requirements, including the automatic erasure of data if environmental attack is detected
An encryption algorithm transforms raw data into encrypted text that can’t be deciphered using the same machine. Of course, it’s a bit more complicated than that, but the details can get a bit mind-boggling.
What you need to know is what to look out for. “AES” stands for “Advanced Encryption Standard” and is the most common encryption methodology you’ll see. 256-bit AES is the gold standard, though 128-bit is also effective – a hacker would need a lot of computer power to crack the cipher.
You may see additional letters that refer to the block cipher mode used in the AES specification. ECB (Electronic Code Block) is the most basic, CBC (Cipher Block Chaining) is the next level up, and XTS is the latest and most secure mode.
As well as paying for the level of protection offered, the drive’s capacity will affect how much it costs. Small USB flash drives typically have a capacity of between 8GB and 128GB, but encrypted hard drives allow you to store up to several terabytes of data.
Durability and Resilience
It’s not just protection from data thieves that you need to consider when buying a flash drive. They may be small and light, but that also makes them easy to drop.
A tough, waterproof casing will help protect your data from accidental damage, floods, or that time it falls out of your pocket and into the toilet bowl.
IP ratings assess how resistant a device is to dust and water ingress. If there are two numbers (e.g., IP67), the device has been assessed for BOTH dust and water ingress. If there’s an “X” before the number (e.g., IPX8), this means it has only been tested for water resistance (but in practice, it is likely to also be dust resistant). Read more about waterproof ratings.
While most encrypted flash drives currently on the market fit Type-A USB ports, it’s worth bearing in mind that many new, ultra-thin laptops are moving to USB Type-C ports only.
Currently, encrypted flash drives compatible with Type-C ports aren’t readily available, perhaps because the market isn’t big enough. This should change in the future, but it’s worth bearing in mind if you’re shopping for a new computer.
What to Store
As encrypted drives are more expensive than standard USB drives, you’ll need to prioritize what you save. Transferring thousands of unedited photos from your phone is not the best use of your limited storage.
So what do you need on your flash drive?
- Details on accessing essential online sites, for example, banking, government and health services, and pension and investment platforms.
- Financial information on your savings and investments.
- Emergency contact details.
- Scanned copies of identification documents such as passports, birth certificates, and marriage certificates.
- Copies of life insurance documents and wills.
- Important information about your pets, such as vet details and microchip numbers.
To keep all this information organized and ensure you haven’t forgotten everything, download our handy emergency binder template.
You may also want to keep digital copies of photos or videos that are particularly precious.
Also read our guide to EDC flash drives.