Hi Folks,
This is probably one of those issues where my requirements seem
obvious and common-sensical to me but not to the people who make
hardware or software. However, in the interest of developing a
complete understanding of my options:
I am looking for recommendations for the simplest possible way to
encrypt USB thumb drives. "Simplest possible" means in reference to
the end user.
The sole purpose of the thumb drive is to provide offsite backup for
important files.
The sole purpose of encrypting the thumb drive is to prevent access
by unauthorized people to the contents of the drive if the user loses it.
Here are my requirements:
1. Must be usable by a "standard user" account: No administrative
access required.
2. Must not require software to be installed on the computer
(installed on the removable drive is okay).
3. Access should be available, ideally, simply by right-clicking the
drive in Windows Explorer and entering the password for the drive
(like with BitLocker). Less desirable would be for the user to have
to manually execute software residing on the drive before being given
an interface in which to enter the password. Anything more
complicated than that, such as requiring users to copy files to/from
the drive, or carry out multiple steps to get to the point where the
password can be entered, is not acceptable.
3. The drive should work on any Windows computer of recent vintage,
no matter where it was initially set up.
4. Users cannot permanently turn the encryption off.
5. Ideally, the entire drive should be encrypted.
I am prepared to accept that my staff will have to set up these
drives initially for the users. That's okay as long as, once that
work's been done, the drive functions as described above. And, of
course, I can only set up computers under my control, which is why I
can't use a system that requires software to be installed on every
machine where the drive will be used.
Here is what I've looked at:
BitLocker
Problems: only available on Windows 7 Ultimate, or later. Most of our
workstations are Windows 7 Ultimate, but some are Pro. Also, there
are a couple of points I'm not sure about with BitLocker:
A. When an internal drive is encrypted on a computer, the user can
check a box to essentially turn off the encryption (that is, the
drive will be automatically decrypted when the computer is booted). I
do not want the user to be able to turn off the encryption on a thumb
drive such that, if the drive is inserted into another computer it is
automatically decrypted. Does BitLocker allow that?
B. I am not sure that a drive encrypted with BitLocker on a Win 7
machine will be accessible on a Win 10 machine, or vice versa. Does
anyone have a definitive answer on that point?
LaCie Private - Public
Problems: Does not work for "standard users", period. Also, requires
the drive to be formatted NTFS in order to encrypt more than 4 GB of space.
Rohos
Problems: Requires multiple steps for standard users to access;
cannot encrypt more than 4 GB under any circumstances.
VeraCrypt
Problems: Requires software to be installed on the machine.
Hardware Encryption
I took a visual look at the Corsair Flash Padlock drive. It's got
dinky little flashing lights and tiny little buttons. I can just
imagine what will happen when a user has to get into the drive by
poking and punching tiny little buttons with their fingernails while
the drive is inserted into the typical fragile USB slot. Not a
winner... But are there other hardware encryption options that don't
suffer from this or other flaws?
Of course, I am also looking for solutions that are free as in beer.
But I am willing to pay a reasonable one-time cost. No way would I
pay a recurring cost for a license to access a thumb drive.
Any thoughts are welcome.
Thanks!
Ken Dibble
www.stic-cil.org
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/3A.1D.03423.BC8D8985@cdptpa-omsmta01
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
