USB Memory Sticks: Password Protection or Encryption
If you’re a company and you’re buying promotional USB memory sticks that you plan to load data on then you need to think before you hand them out whether you should protect access to the data you load onto the sticks.
If all that’s being loaded onto the USB sticks is a digital version of a sales brochure, media files or links to a web sites then protection is rarely needed but if you are including price lists, embargoed press release information or perhaps sensitive corporate presentation slides then you might, at the very least, want to add a simple password to protect access to the data.
There tends to be a lot of mystery and/or confusion about what protection techniques can be used to protect data on a USB memory stick but in reality it’s pretty simple. There are typically only two different solutions; password protection or password protection with data encryption. Here’s our take on these two different solutions:
Password Protection Only - this just prevents access to the data on the USB stick. Think of it a bit like a simple combination lock. It will provide basic security and act as a deterrent but a determined thief will be able to breach the security. Typical password software allows the user to define a password of between 4 – 6 characters so it would be relatively easy to undertake what the industry calls a “brute force” attack to breach the password and access the data on the USB stick.
It will take time and patience but once cracked the data on the USB stick can be read. There is no further security on the stick to prevent access to the data. The data is stored “in the clear”. Password protection is designed to make it difficult to get to the data but no impossible.
Passwords with Encryption – in this scenario the length of the password tends to be longer (mandated) and it is used with on-board software to encrypt ALL of the data stored onto the USB stick (Some sticks have an encrypted area so that you can just encrypt some of the data). Encryption is just the “scrambling” of the information using a range of different techniques most of which include large prime numbers!
Additionally (depending on the encrypted USB sticks used) you only get a small number of attempts to enter the password – get it wrong say more than 6 times and the stick will automatically wipe all the data stored on it!
The fact that the data stored is encrypted also means that if the USB stick was taken apart and the flash memory was probed directly the files stored on it would be encrypted and useless to any thief.
You can’t perform a “brute force” attack on these sticks (in other words just sit there and enter in loads and loads of password attempts) because they are designed to erase the data after “x” number of failed attempts.
Most government departments, police forces, armed forces etc. now mandate the use of Encrypted USB sticks.
Remember that if you are buying promotional USB memory sticks and you a password or encryption solution then you need to specify this when you place your order.