Portable storage for the paranoid: We test two secure USB drives on keypad vs. software security

Encrypted storage on a stick is expensive, so consider security method as well before you buy. We test examples of each approach.

Kingston’s Data Traveler 4000 G2

Kingston’s Data Traveler 4000 G2

Congratulations: You've decided your data is sensitive enough (or you're paranoid enough) to store it on a secure USB drive. Basically encrypted storage on a stick, these portable flash drives come with FIPS 140-2 level three validation, meaning the cryptographic module will be rendered inoperable if tampering is detected. It costs quite a bit to acquire validation, which is part of the reason for premium pricing of these drives.

Most people administer and unlock secure USB drives using software apps, which run on the host machines to interact with the drive. That's the approach taken by the KingstonData Traveler 4000 G2 (second generation) USB 3.0 thumb drive that's reviewed here.

The other method is to put a numeric keypad on the drive itself that lets the user to unlock it with a PIN. Apricorn's Aegis Secure Key 3.0 USB 3.0 thumb drive is a popular implementation of this less common method, and we've tested this device as well.

The upside to software is that it's cheaper to implement, and if done properly, extremely secure. But the vendor must also provide an app for every operating system the drive will encounter, and you're pretty much limited to desktops or laptops.

A keypad drive is hardware-agnostic. That is, once unlocked, you can use it with anything that recognizes USB mass storage--car stereos, media players, and Smart TVs, for example, as well as PCs and tablets. Few people need to access their sensitive data on anything other than a computer, but if you do, a secure flash drive with a keypad is the way to go.


If it weren't for the label and a slightly heftier feel, you couldn't tell the Data Traveler 4000 G2 from a non-secure USB thumb drive. The drive is divvied up into a 16MB portion that emulates a CD containing the installer for Windows, OS X, and Linux, and the data partition, which becomes available after you create and enter a password.

The software is simple, elegant and seems secure. However, I think it should have a secure virtual keyboard for entering data when you suspect or are worried that your keystrokes are being logged.

The Aegis Secure Key 3.0 is a bit larger than your normal flash thumb drive. That's to accommodate a usably sized keypad, which in this case consists of two columns of number keys (0-9), a lock button, an unlock button, and three status lights (red, green and blue).

The keypad runs off of a rechargeable battery when the drive is out of the USB port. This is a must--accessing the keypad when the drive is inserted into a USB port can be awkward or worse.

By using a combination of the unlock/lock buttons and the keypad you can define admin and user passwords, reset the drive, and obviously--enter PIN codes (or 7 to 16 digits) to access the data partition. It's fairly simple, but this time you do need to read the instructions first.

Note: There's one downside to using long PINs: They can be hard to remember. The keyboard is alphanumeric, so you can spell rudimentary words--and you know, of course, not to use anything easily obtainable like your phone number or social security number. Also, it's possible to spot wear and debris patterns on keys. The Aegis Secure Key minimizes these vulnerabilities, but they do exist.


The Aegis Secure Key 3.0 is a lot faster than its USB 2.0 ancestor, but the 4000 G2 proved faster still. CrystalDiskMark's 4MB and my own 20GB large file copy tests saw upwards of 230MB/s with the 4000 G2 compared to the Aegis's 122MB/s. The latter is a more common result, so props to the 4000 G2. I used the 32GB units for my reviews.

But CrystalDiskMark also rated the 4000 G2 as being ten times slower writing 4K files than the Aegis Secure Key 3.0 at a miniscule 3MB/s. I'm guessing oddities or a trade-off in the encryption algorithm. In my real-world 20GB file and folder test, the 4000 G2 was quite slow during the small text file portions, but when it hit slightly larger files it took off and still bested the Aegis Secure Key 3.0 170MB/s to 108MB/s reading, and 33.8MB/s to 32.8MB/s writing. Both drives were formatted with the NTFS file system.

The Kingston is available in smaller capacities starting at 4GB, while the Secure Key 3.0 starts at 30GB, so the Kingston is playing to a wider audience. However, while the 32GB version of the 4000 G2 is slightly cheaper than the 32GB Secure Key 3.0, at 64GB the 4000 G2 is far more expensive. Note that the Kingston drives are available at very steep discounts, while the Aegis Secure Key 3.0, available only from Apricorn, is not. See the price list below.


Aegis Secure Key 3.0

Kingston 4000 G2


not available



not available



not available



$199 (30GB)



$229 (60GB)




not available



not available


The Aegis Secure Key 3.0 is the more convenient, versatile product. You can use it with any device and once you're used to using the keypad, it allows quicker access to your data than any app-accessed drive.

On the other hand, the Kingston Data Traveler 4000 G2 is far faster with large files. That can be a real time-saver depending on your usage. My biggest beef with the 4000 G2 is the retail price price of the 64GB model. But if you shop around, you can find it discounted online at roughly the same price as the 64GB Aegis Secure Key 3.0.

I rated both products with the same four stars, so this is a pick-'em based on your preferred method of access. You will start more conversations with the keypad.

Join the CSO newsletter!

Error: Please check your email address.

Tags KingstoragesecurityUSBApricornencryption

More about ApricornKingstonLinuxSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon L. Jacobi

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place