How to secure password protect your files and drives

Many professionals, including doctors, lawyers, and businesspeople, use password protection to send .pdf and .xls files via email and believe that they are sufficiently protected. However, regular password protection is not as complete as one might think. There are better ways to securely password protect your files and drives.

At a fundamental level, password protection without physical data encryption is meaningless, as it is an easily bypassed security method. When security experts talk about password protection, they usually only refer to data access methods. Data is typically physically protected against hacking through software or hardware encryption.

This article describes the difference between password protection based on software encryption and password protection based on hardware-based encryption, such as hardware-encrypted USB or external drives.

There is a big difference between software encryption-based password protection and hardware encryption. Encryption is an essential tool for protecting user data with unique passwords. Are hardware-encrypted drives more secure for your personal data than software-encrypted files and drives? For example, when tax filing time approaches, what’s the most effective way to protect your personal books from theft, loss, or hacking?

Password protected file

Many applications (MS Word, Excel, Adobe Acrobat, etc.) provide an option to create “password protected” files. The application implements some kind of software encryption on the files to physically protect the data. In some cases, the level of encryption is unspecified, so the user cannot see what has been done to the data itself, other than the fact that password protection has been added. Windows also has BitLocker software encryption that can encrypt drives or files on your computer drive. The latest version of BitLocker supports state-of-the-art AES (Advanced Encryption Standard) 256-bit in XTS mode. Please adhere to this standard. BitLocker is an example of a software tool that provides software encryption by encrypting data and locking it with a password gate. Encrypted file data is scrambled by an algorithm (AES is one example) when it is written to the drive. If the user enters the correct password, the data will be unscrambled as it is read from the drive.

Developers prefer software encryption because it is cheap to implement, does not require specialized hardware, and it is easy to license the encryption software if needed. However, along with these advantages, there are also disadvantages, such as: The benefits of encryption disappear if a hacker steals your password, encryption key, or drive recovery key from your computer’s memory and compromises your password. Another problem is that software encryption places a computational burden on computers. When users open and close encrypted large files like images and videos, system performance can be affected.

Software encryption is suitable for users who forgot about data security when building their systems, or for users who don’t care about security. In such cases, the software encryption tools available to password protect your files should be sufficient for your computer, email, and cloud accounts.

However, software encryption cannot limit password guessing, also known as brute force or dictionary attacks. In this attack, hackers use elimination techniques and automated tools to crack passwords. The Internet is full of tools to remove passwords and decrypt data on many types of files. Currently, most passwords are about 8 characters long, so a powerful computer can help him guess more than 1 billion passwords in one second. Experts recommend moving to passwords of at least 12 characters to slow down hackers who attack software encryption .

Hardware Encryption

Hardware encryption differs from software encryption in that it includes a separate, secure microprocessor dedicated to user authentication and data encryption. Because its processes are isolated from the rest of the computer, it is significantly more difficult to intercept or attack and is considered more secure. This separation of processors also means that the encryption process is much faster, as the hardware encryption device handles all data processing.

Hardware encrypted drives are more expensive than software encrypted options (as opposed to non-encrypted devices) because they have advanced components and advanced technology and are designed from the ground up as data protection devices. A typical USB device is a simple storage device with no security measures in place, whereas a hardware-encrypted drive is specifically designed to protect your data, providing insurance against theft or loss of the drive. Masu.

For companies that comply with privacy laws and regulations (such as HIPAA, GDPR, and CCPA), the legal costs of data loss due to loss or theft of a standard USB drive can outweigh the cost of hardware-encrypted drives. You will find that it is much more expensive. The increasing impact of data breaches around the world is driving up costs and requiring stronger data protection.

Ultimately, it comes down to how much value is your most sensitive personal data worth?

Benefits of hardware-based encryption

There are multiple reasons why hardware-based encryption is recommended.

• Hard to attack: Drives like the Kingston IronKey series are designed to be resistant to hacker attacks, unlike software encryption options. These have added protection against methods like brute force password attacks. Hardware-based encryption counts the number of password attempts and eventually cryptographically erases the drive after a certain number of attempts. Cybercriminals tend to prioritize hacking software-based solutions.
• Physically and digitally resilient: With military-grade security defined by the NIST FIPS 140-3 Level 3 standard for the U.S. government, hardware-encrypted drives include protection against physical tampering. Features have been added. Epoxy resin is used to hermetically protect the drive’s internal components, making them more resistant to physical attack. The best-in-class IronKey D500S and IronKey Keypad 200 series, FIPS 140-3 Level 3 (pending) certified, feature an epoxy-filled casing that incorporates a variety of defenses against attacks. These defense mechanisms, which include shutdowns when excessive temperatures or voltages are reached, power-on self-tests that detect anomalies and shut down if positive, and other penetration testing protections, are certified by the FIPS 140-3 Level 3 standard. Mandatory.For a drive to be FIPS 140-3 Level 3 certified, it must go through thorough review and testing by a NIST-certified lab and the highest third-party validation in the computer industry. NIST is responsible for AES 256-bit encryption used by U.S. government agencies. Achieving FIPS 140-3 Level 3 certification can take several years, but it is a seal of trust for customers, indicating that the product is highly attack-resistant and helps with regulatory compliance.
• Portable: You can’t always take your desktop or laptop with you, but a hardware-encrypted USB or external SSD makes it easy to take it anywhere. There’s no need to risk emailing financial documents to your accountant or lawyer or storing sensitive data in the cloud. You can safely store your private data offline. With an external drive like the IronKey Vault Privacy 80ES, you can back up as much as 8TB of data to a location you control, away from the Internet.
• Regulatory compliance: Data encryption is required in many situations. Examples include HIPAA in healthcare in the US and GDPR in the European Union. Kingston IronKey drives help with compliance because the data on the drive is always encrypted. Complex password/passphrase authentication restricts access to the drive (Kingston IronKey drives support passphrases of up to 64 characters, D500S supports 128 characters). Brute force attack protection counters intrusion attacks, and if password hacking is attempted, the drive can be wiped and factory reset.

Data Recovery

Data recovery is another point that differentiates hardware-based from software-based encryption techniques. Microsoft BitLocker has a recovery key that you can print or save for later use. Kingston IronKey drives have a multi-password option that allows you to access the drive even if one or more passwords are lost.

With ransomware attacks on the rise, regular backups are essential for data recovery. For all encryption choices, the best solution is a 3-2-1 backup strategy  . Make three copies of your data , have two types of media or drives in case one drive fails or gets damaged, and store one drive in another location . For backup, the IronKey VP80ES with capacities from 1TB to 8TB is a good solution. Most IronKey USB drives are up to 512GB.

Although cloud-based backups are used by some, there are risks of exposure to breaches and other security issues associated with cloud storage. Cloud data storage is basically storing data on someone else’s computer. Not being able to access cloud backups when needed can delay data recovery and business operations. Cloud providers have also been reported to be under ransomware attacks, which can delay access to users’ data.

Hardware-encrypted solutions provide more robust and comprehensive data protection than software-based options, providing true “password protection” for important files. Ultimately, it comes down to what value you place on your documents and how much protection you require.