General discussion

How can I secure my external hard drive?

How can I secure my external hard drive?

What I'd like to do is secure my external hard drive from prying eyes and
if it's lost while I'm traveling, no one will be able to access the data on
it. I've tried several security programs, but none of them seems to
work. My requirements are straightforward: it needs to be securely
password-protected and the data on the drive must be accessible using any PC
computer whether it is mine or another person's, regardless of which Windows
OS. Does anyone know of such a program that works, is secure and reliable,
and won't break the bank? I don't need all the bells and whistles, just a
secure external drive to protect my data. Thanks in advance for any

- Submitted by Bob S.

Discussion is locked

Reply to: How can I secure my external hard drive?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: How can I secure my external hard drive?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
TrueCrypt in Portable Mode

One thing you could try is TrueCrypt. It's open source (free) and can do exactly what you described if you use it in Portable Mode.

Basically, you would need to create a TrueCrypt container on your external drive and put your sensitive data into this container when it is mounted. The container can only be opened with TrueCrypt and your password.

For portability, in an unencrypted portion of your external drive you have TrueCrypt create a Traveler Disk. When the external hard drive is plugged in, the traveler disk will launch the TrueCrypt program (without installing it on the host computer). You can then open up the container file and access your data, or you can set it to automount the container.

The one downside is that you must have administrative rights on any computer that you plug the drive into in order for the portable version of TrueCrypt to launch.

I've used this program for USB thumb drives. It should work the same for an external hard drive.

- Collapse -
I Agree with You on This

My Laptop uses Truecrypt. I'm not encrypting the entire drive (the first partition is just a Windows XP SP2 install area that will return the PC to original state) but the main partition is encrypted. Effort? The enctyption takes time but you can start using the drive right away. You MUST make a recovery CD. Not a big deal but need to have a CD drive and blank CD available, etc. (No data on the CD, just a set of keys, and stuff to recover your drive). Unfortunately, I have no experience with the portable part of this.

- Collapse -

And of course, with TrueCrypt, you can include a "hidden drive".

For those who don't know, that's a drive within a drive i.e. you make a 200gig container with a password and then you can make a, say, 50Gig container within that container with another password.

Dependent on which password you use you will access that information.

The point is, if you are forced to open one container there is nothing to indicate there is also a hidden container so it looks like they have access to all the information but don't.

You're right, I don't think there's any method of doing this without admin access to the PC as it requires temporary installation of a programme.

I could be wrong though as I've seen USB encrytpion that doesn't require Admin rights. But I haven't seen it for an external HD.

- Collapse -
You didn't read all of what he said...

Your suggestion is a great one--except for one thing: You didn't read all that he said.

He said, <<the data on the drive must be accessible using any PC
computer whether it is mine or another person's>>.

Now that blows up your idea of using TrueCrypt, or programs like it, because not everyone has it installed on their computer. I, for one, have never heard of it until now, but I'm familiar of other such programs.

The problem with those programs (including TrueCrypt) is that it will only work if the program is installed on the computer that he wants to use. However, as he has clearly stated, he isn't using it on just his own computers, but on others as well.

That leads to another problem: The only way he can use it on a computer that doesn't have it installed is to install it himself. However, not too many people are keen on you borrowing their computer and then installing something on it, and most public places block you from installing things on their computer.

He's asking if there is a better solution than TrueCrypt--or another program like it.

- Collapse -
It's the other way around...

I'm afraid it's the other way around: You didn't read carefully. Read it again.

TrueCrypt does NOT have to be installed to the host computer to run from a portable drive. It's called a Traveler Disk. The program runs off the portable drive. No installation necessary, but you must have admin privileges.

- Collapse -
Sorry, didn't know that...

I've never used TrueCrypt, so when I read what "luhng" said, in his post directly above mine, about needing "a temporary installation of a programme", I assumed he meant that one needs to install it, use it, and then uninstall it from that computer.

I tried the one what was embedded into Trend Micro Internet Security when I Beta tested it a couple years ago. I remember I didn't like it because I think it only made the security file on the C: drive--and in a place where they thought it should be, and I wanted to make it on the E: drive, where I have my "My Documents" folder.

Then I think I uninstalled the program and re-installed it--and it wouldn't open the encrypted file. I guess I mistakenly assumed that they're all the same. In addition, I'm not really interested in those programs because if you forget the password, not only does it not work, but you lose all your important data.

Thanks for filling me in on that!

- Collapse -

Most government and private industry computers do not give the user Admin rights. My home computer only gives admin rights to me everyone else is a guest user. Therefore TrueCrypt will not work as stated in request.

- Collapse -
need to move data into new folder?

I have about 200gb of data on a 350gb EXT Esata drive. It makes perfect backups. In order to use TC, I would have to create a new TC container, and then move the data into that container? So my backup software would then have to know the drive/directory of this new location to make future backups, eh?

- Collapse -
Aegis Padlock - USB 3.0
- Collapse -
Thanks all for your help!

I decided the Aegis Padlock is the one for me. It is the one most mentioned and will keep private my records and media. I especially like the "self destruct" feature. And yes I will pull the external HDD out monthly and back up the Aegis data. Then store the drive in a fireproof safe I have. Suspenders and belt! Bob

- Collapse -
Securing external drive

Have you thought about locking the drive?
Aluratek (I'm sure there are others) has the Hurricane + that uses an RFID sensor to lock the drive. You get two keys, so the other person who should access the drive, can.

Just a thought, as they are about 30.00 (USD).

- Collapse -
Things to Consider in General

I very much realize the need for privacy and security. For the most part, I don't keep secure data unless absolutely necessary. If the data did not need to be secure, I'd suggest using online clouds to store the data such as Google Docs or Dropbox, but, since the data must be secure, I would not suggest the use of public clouds as employees there read your stuff, according to their websites. If this was medical data (HIPPA-controlled) or criminal justice data (CJIS) or credit card info, I'd definately use a fully encrypted drive! Do NOT use anything that is only password protected as many devices can still read the data! Make sure the data is encrypted with something that is military standard. Normally, I'd say you can just look around the web and use whatever appeals to you but I don't know how critical the data is to you or to some government agency that regulates the data on your drive.

As someone else mentioned, I use Truecrypt.

- Collapse -
Data Recovery

Sorry for the bad news, but it is impossible to prevent data from being accessed from any HDD. Even if you delete or format the drive data can still be recovered. There are very expensive programs used by professional hackers, but even a basic free one such as Pandora will be able to find them all. The only way is to destroy the drive, which defeats your wish to save and access your files.

- Collapse -
What About Travel?

These sound interesting but can you take one on an airline and through the TSA with a self-destruct feature? How destructive can it get?

- Collapse -

The Aegis Padlock uses a three pronged approach to protect against a Brute Force attack. The first step is to deny access to the drive until the drive can verify the user PIN. After several incorrect attempts the drive will lock itself, requiring the drive to be plugged in again to input a PIN. This feature blocks automated attempts to enter PIN numbers. Lastly, after a predetermined number of failed PIN entries, the Padlock assumes it is being attacked and will destroy the encryption key and lock itself, rendering the data useless and requiring a total reset to redeploy the Padlock.

In addition to encrypting all of the PINs, data and the encryption key itself, the Aegis Padlock adds another barrier between a between your data and a hacker. The encryption chip and circuitry of the Aegis Padlock are completely protected by a super tough epoxy compound, which is virtually impossible to remove without causing permanent damage to the electronics. This barrier prevents a potential hacker from accessing the encryption circuitry and launching a variety of potential attacks.

- Collapse -
What does it cost?

He said he doesn't want to break the bank - he probably already bought one drive.

- Collapse -
A Paradigm Shift?

Maybe it's a good time to catch up with us in the 2nd decade of the 21st century? Not meaning to be impolite, but consider this.

Just yesterday I was talking with a friend of mine in Sydney. He's a very advanced thinker, software developer and entrepreneur in web services, email marketing and 'contacts' development, and more, utilizing commercially available servers (you don't need to own one to offer the service..)

I used to work with him back in 2002, so we're quite friendly. In those days we were selling high quality business cards. We had the design work done in India and the printing done in Perth, 2,500 miles away. We used to mail out the proofs and subsequently the finished product from our Sydney office. Pretty cumbersome eh?

I raised the very subject you mention, whereupon he informed me that he now has no backups stored on his own computers. He has it all stored on 'the cloud'. Moreover they no longer mail out proofs, they put them onto their servers; on 'the cloud'; where customers go to view them.

I also have utilized 'the cloud', indeed much more lately since travelling for three months in India. I found Internet services so spotty I was frequently 'reduced' to using Internet cafes. And in many ways I gained a minor education by doing so.

I found that all my Contacts (over 1,000) are on 'the cloud', in Google in fact. It's not as though I haven't had them there for several years but I never thought of it that way. Then I realized that all my emails are of course, on 'the cloud'! AND my schedules or personal appointments or wake-up calls, whatever you want to call them. I also have around 500 'Notes'; I've been agonizing how to have them available to my smartphone for quite some time: But, they are in Evernote. They are already on 'the cloud'!

You see, what I have been doing is worrying myself as to how I was going to sync these records etc to MS-Outlook, and indeed I have been partly successful. But recently I came to the realization that I needn't bother! Why bother? They are all stored, quite effectively and reliably, on 'the cloud'. WHY was I bothering?

So I looked at my personal accounting system. It was NOT on the cloud: I told 'them' about it, they ignored me, so I changed to software that IS on 'the cloud' (Clear CheckBook.) Microsoft have embraced 'the cloud' with their MS-Office365 although it needs a monthly payment and I'm not sure it's usable by private individuals yet. Google have had their copy of Word and Excel for some time, on 'the cloud', but with some shortcomings.

So now I am using 'the cloud' for all my backups. Although I am still backing up locally I attach far less importance to it, indeed I might even curtail it soon. I think I've almost caught up with this 2nd decade of the 21st century.

How about you?

- Collapse -
Trust the CLOUD, Luke...

....brave little toaster....

I REALLY wish you luck with that endeavour.

BUT, here in America, the rest of the world AND the government all think they need into your business.

I would NOT trust a 'cloud' to save my Aunt Emma's cookie recipe...too many dirty fingers in the mix.


- Collapse -

and you think your info is 'safe' on an external hard drive? Sorry, you're dreaming, all your info is already 'up' there (on the web.) Good luck.

- Collapse -

IF you use that info online...cut the cord!

- Collapse -
This is What I Always Rant About

The issue we have is that we have NO idea what exactly the data is that the poster is protecting. The cloud is NEVER secure in that employees of the clouyd can see your stuff. Period. That isn't a guess. Most cloud providers, such as Google Docs, tell you up front that they read your stuff and they have the right to publicly display your stuff and even give it to third-party affiliates. There is some data you can't put on the cloud as it may be illegal. Period.

- Collapse -
I know of one cloud storage provider...

that does not allow any access to customers blobs. They don't have any of the keys. However, the guy did ask not to break the bank, and the name of this service escapes me at the moment, so I can't check on prices.

- Collapse -
Protection idea

You did not mention if your travels were US or international. If US only, contact your bank and see if they still offer registered locking bank bags. If so, then you could overnight the bag with the drive inside, and the key for the bag separately to your next location, or travel with the key. No lost passwords, and no additional programs required to use alternate computers.

This could also work for international, but creates logistic issues as well as not neccessarily being as traceable as in the US if lost.

The other unanswered qestion is whether the external drive is used in lieu of carrying your own laptop...which could have the drive replaced and re-partitioned with a pass-protected section id'd by an unusual drive name, or even disguised as one normally reserved for something else (i.e. "A").

I am sure plenty of 'technoids' will Pooh-Pooh my ideas, but I firmly believe in the KISS method: Keep It Simple, Stoopid! ];-}


- Collapse -
Try a Hardware Based Solution

Hi Bob

Based upon your comments I deduced the following:

You've tried software based security programs and found them to be ineffective for your needs.
I would not suggest investing in those types of solutions again - free or paid. But, if you're still inclined to consider them here's a link with reviews of several programs. One of them or a suggestion by another contributor may be the ticket (consider only those that have a "portable" option):

You're concerned about "Prying" Eyes
I'll address this in my recommendations

You're concerned about losing your drive.
Suggests that a garden variety two (2) inch flash drive is not your best choice even though they may be had in 128GB capacity. However, SanDisk makes a Cruzer Fit USB Drive (with built in security software) that can remain in your Laptop even when stored. It's the size of a nano USB transmitter. The limitation for you may be capacity at 32GB. Check it out here:

1. Judging from your comments (previous experience) software encryption programs don't appear to be a viable solution regardless of the physical size of the drive (i.e. pocket size or Thumb drive).

2. Thumb drives are definitely not an option given their small size making them more prone to be lost not to mention their meager capacity.

3. Cloud based storage might be an option but requires a WiFi or paid cellular connection. Even assuming you are never away from a good WiFI signal - free Cloud based storage usually tops out at 2GB-10GB, so you would probably incur more expense with Cloud storage. Then there are other Cloud based security issues...not that they are common...but have you read about the recent Dropbox breach?

So, having said all the above what's a viable solution? Consider the following:

1. Portable HD that's big enough (physical size) not to go unnoticed when you are done using it.
2. Security encryption software built-in
3. High enough price point so that you will think twice before leaving it behind Cool

My personal recommendation would be the Aegis Padlock by Apricorn:

1. Military Grade Encryption
2. Software free design
3. Requires PIN to gain access - entered directly on the drive itself
4. Timed lockdown after inactivity
5. Secure Lockdown after repeated incorrect PIN entries requiring reset
6. Works with Windows, Mac and Linux
7. MSRP $169 - $249 (depending upon 128 or 256 bit Encryption and/or 250GB -1TB capacity)

Bob, I didn't forget your comment about- "Prying Eyes'
1. If this is a screen issue I suggest you invest in a "screen privacy filter" similar to these. Click the link:
2. If you leave your laptop unattended in what you perceive to be a secure area then I suggest you set your password lock or log-off before you leave the room.

We all should remember that security begins with the user. Theft of a laptop or portable HD from a secured location may occur - bad things sometimes happen to good people. Treating our precious gear like a pair of "sunglasses" no matter what security software or Kensington Lock like device is installed - is just plain foolish.

Good luck Bob...I hope you find the right solution!

Together Everyone Achieves More

- Collapse -
Good post ajtrek...

I suppose he tried bitlocker already. That and a switchable external drive that would change it to ROM only would be nice, but I suppose not everyone would have bitlocker on their Home Microsoft versions, so it doesn't fit his requirements anyway.

- Collapse -
Data Security

Securing data can often lead to more problems and hassles then it is worth. You did not mention why you want to encrypt your data nor the size or type of data files you have and need to transport on a USB drive, so it makes recommending a solution a little more difficult.

There are many different ways to secure data and the best choice usually depends on several factors:

Why you want Encryption? - There are many different reasons for wanting to encrypt your data that can range from simply just not wanting someone to get hold of your personal information should you lose your computer or hard drive to being required by your employer or by the law. If you are carrying other peoples personal data, you may be liable in some states if that data gets into the wrong hands.

How much data you have? - Protecting a few word documents vs. several hundred gigabytes of data in hundreds of files could be approached in totally different ways. For Example: If you had a half dozen Word or Excel files that you were worried about then using the built-in password protect feature in Word and Excel may just fit the bill. Note: Password Protection on Versions of Word and Excel prior to 2007 are NOT very secure.

How often you need to access it? - The amount of time or number of steps you need to perform to access your data can really end up being a real burden if you need to access your data many times per day on many different computers. On the other hand if you only have to get to your data once a week or once a month then it may not be a big issue at all.

The number of computers or the number of different types of computers that you need to be able use to access the data? - If you are accessing your data on only 1 or 2 different computers then installing the encrypting software may not be a big deal, but on the other hand if you are accessing the data on many different computers some with administrative rights and others without, it could end up being a real pain in the neck. Example: Most encrypting software requires that you install a small application on every computer that needs access to the data, this can be a real pain and not work at all on computers without administrative rights. Also I have had many issues when trying to use these techniques on old computers running Windows ME, Windows 2000 or Windows 98/95, Linux or even older Mac's.

How much effort you are willing to go through to access the files? - If security is more important to you then your time, then using whole drive encryption techniques like TruCrypt or BitLocker may be the way to go.

Who needs access to the files? - If you are the only one dealing with the secure files then the additional steps to access data may not be an issue but if the files need to be accessed by many individuals this could present a problem.

The level of Security you need? -There are many different levels of security ranging from simple password protected files to whole drive military grade encryption and many levels in between. If you are just trying to protect documents from your kids or babysitter opening them by mistake, then simple password protection may fit the bill, but if you have sensitive data that you do not want anyone to be able to access should you lose your hard drive or computer then that is a different story and you will need to look into full encryption in some form or another. Some states such as Massachusetts require that anyone that has personal information stored on their computer about anyone else that resides in that state must encrypt the data. Most all healthcare companies, hospitals and such now require that all laptops have encrypted hard drives if they are being used to access company email or other information.


Simple Single File Password Protection
- Older Versions of Microsoft Word and Excel offer simple password protection that can be applied when saving files. With the right tools, these files can be accessed with relative ease.

Single File Encrypted Password Protection - Starting in with the 2007 version of Office, Word and Excel now offer password protected Encryption that is applied when saving files. Again if you are only concerned about a few files then this might be the best option. Keep in mind that when setting a password, the security is based on the quality of your password. So avoid using "1234" or "Password" as your password.

Partition Encryption - Most encryption software offer the ability to encrypt just a partition of your hard drive or the entire hard drive. TrueCrypt or BitLocker in Windows Pro offer this type of encryption.

Whole Drive Encryption - TrueCrypt offers both partition and whole drive encryption. Professional version of Windows such as Windows XP Professional, Vista Professional and Windows 7 Professional also offer BitLocker Encryption. There are also many other 3rd party security companies that offer encryption software such as McAfee and others.

Drives with Built-in Encryption - Apricorn has a really neat line or Hard drives and USB Flash drives called AEGIS Padlock and Secure Key that have a built-in Keyboard where you simply enter a secret code into the keypad before you plug the drive into the USB port. This saves you from having to install any software on any computers. and

Online Storage - Don't forget about online storage of data too. There are many online storage systems that offer encryption and may be much more convenient for you but again it depends on all the factors I mentioned above. For Example: If the files sizes are very large, then online storage would take a lot longer to access vs. a USB drive or maybe the computers that you need to access the data from are not connected to the internet of have a really slow Internet connection which could rule out this kind of storage.

Create your own Cloud storage - If you are not comfortable with Online storage then you could also purchase your own NAS(Network Attached Storage) that offers access from the internet. Then you can access the data from any computer that needs it without having to carry around any hard drives that could fall into the wrong hands or get lost or dropped. There are many NAS devices out there from all the manufacturers but I really like the products from Synology.

WARNING: Encrypting a hard drive can make it much more difficult if not impossible to recover data if something goes wrong with the hard drive. So, if you must encrypt, make sure you are covered with multiple backups of your data.

WARNING 2: Backup your data prior to implementing any encryption scheme. It is not uncommon for something to go wrong, especially when encrypting an entire drive or a computer for the first time.

WARNING 3: Encryption can slow down drive access which can be especially noticeable on older computers.

Personally, I prefer to not carry around data on external hard drives because they are so easily damaged, dropped, lost or stolen. Sometimes, all it takes is placing the hard drive down on a hard surface a little too hard and suddenly all your data is gone.

Wayland Computer

- Collapse -
Wow, Great Information

You've covered all of the bases here. I may disagree with "online Storage" since employees of the public storage firms, world-wide, are allowed to view the data (not fit for HIPAA/CJIS/FACT), but a lot depends on exactly what kind of data the user is dealing with. I especially agree with the need to make sure the data is backed up somewhere for the very reasons you mentioned. "Portable" storage is too easily lost, stolen or damaged. While encryption does slow down retrieval of the information, I personally think that it is really the only way to go depending on how secure the data really needs to be. Another thing you can do is pre-encrypt the data yourself using YOUR encryption keys and then you can use online storage. Even though online storage may encrypt data as well, the terms of service make it unusable for many items where government regulation is involved.

- Collapse -
There are ways to over come this

Thank you for your comments. Actually, many online storage systems allow you to hold the encryption key instead of them (the default is for them to manage the encryption key). If you chose this option, you can create your own encryption key and even their employees can not access your data. However, if you happen to loose the key, your data is hopelessly lost forever.

- Collapse -

The problem is that too many people are using the "popular" cloud services without knowing (or caring?) about the security aspects. My goal is not to disuade people from using these services but to be aware of what the services say that they can do and even what they say that they do. The Los Angeles Police Department (yes, LAPD) were going to have a major project put up on Google but they found out that Google is not CJIS-compatible and that was the end of the project/contract). People need to know what security their data requires personally, thically and legally. Can you imagine that the original poster was dealing with her company's customer accounts including credit card information for them, etc. and the disk was not fully encryped or lost or, if she put the information online, some employee in a foreign country decided to sell the information for 10x his salary? Or information was given to "third-party" affiliates? Maybe even her company's compeditors? I don't know if this has or will happen but Google says they have the right to do that. "Security" has been the one reason that "The Cloud" hasn't been universally adopted.

- Collapse -
I Agree, BUT

I agree that the there are and should be many, many concerns about storing data in the cloud, but when it comes to theory vs. reality, I still think, at this time, for the general public, their data is probably safer and more secure being stored in the cloud. Again, I am talking about the average user who does not have top secret documents but rather many thousands of photos, videos and music. They are probably far more likely to lose this data due to anyone of the following:
Computer failure
Forgetting to Backup
Incorrect backup settings or Failed Backup System
USB or flash drive corruption or Failure
Losing laptop, tablet or phone
Lightening strike, Fire or Flood
Improper computer or hard drive disposal
Theft of laptop, tablet or Phone
Dishonest Computer Repairman

I agree that everyone needs to be educated as to what the risks really are and that they should take extra steps with sensitive documents or spreadsheets that contain things such as account information and passwords and they certainly need to understand the difference between a good password that is difficult to guess and one that can be compromised with little effort. Personally, until something better comes alone, I think that for many, cloud storage can be the best alternative as long as you take extra care to:

1. Protect the sensitive information using either your own encryption or keeping possession of the key.
2. Password protect (Word and Excel 2007 and later) sensitive documents and spreadsheets.
3. Always make at least one or two additional backups on different media.


CNET Forums

Forum Info