Hands typing password on keyboard. Text on screen: Password with hidden asterisks

How to securely password protect files and drives

Feb 2024

Blog Home

Many professionals, from doctors to solicitors to businesspeople, use password protection for .pdf or .xls files that they email to others, assuming the files are sufficiently protected from intruding eyes. However, standard password protection is less comprehensive than people think. There are better methods of securely password protecting files and drives.

At a basic level, password protection without encryption of the physical data is useless, as it’s an easily bypassed security method. When security professionals discuss password protection, it’s typically as the method for accessing the data only. The data will usually have its own physical protection against hacking: either software or hardware encryption. We will explore the difference between password protection based on software encryption and hardware-based encryption, such as on a hardware-encrypted USB or external drive. There are significant differences between software encryption-based password protection and hardware-based encryption. Encryption is an essential tool for protecting user data with a unique password, but are hardware-encrypted drives better at protecting your private data than software-encrypted files or drives? What’s the most effective way to protect, for example, your personal accounts from theft, loss or hacking in the run-up to tax season?

Password-protected files

Kingston IronKey USBs laying flat on a dark backdrop.

Many applications (such as MS Word, Excel and Adobe Acrobat) provide the option to create “password-protected” files. Applications will implement some form of software encryption on the files to physically protect the data. On occasion, the level of encryption is not specified, so users are unaware what mechanism is used on the actual data itself, beyond the added password protection. Windows also offers BitLocker software encryption, which is capable of encrypting either drives or files on computer drives. The latest BitLocker versions support state-of-the-art Advanced Encryption Standard (AES) 256-bit in XTS mode, which is the standard you should insist upon.

BitLocker is one example of a software tool that provides software encryption by encrypting data and locking it behind a password gate. With the encryption in place, file data is scrambled by an algorithm (AES is one example) as it’s written to the drive. When a user inputs the right password, the data is unscrambled as it’s read from the drive. Developers like software encryption because it’s inexpensive to implement, needs no specialist hardware and has encryption software, which is easily licensable if needed. With these benefits, though, comes the downside: If a user’s password is compromised by hackers who can sniff a computer’s memory for the password or encryption and drive recovery keys, the encryption’s benefit is negated. Another issue is that software encryption requires your computer’s processing power to operate. If a user opens or closes large, encrypted files like images or videos, it can influence system performance.

Software encryption can be suitable for users for whom data security is an afterthought, or a ‘nice-to-have’. In those cases, the software encryption tools available to password-protect files should be good enough for your computer, emails or cloud account.

However, software encryption does not limit password guessing, also known as brute force or dictionary attacks, where a hacker uses a process of elimination and automated tools to break passwords. The internet has many tools to remove passwords on many kinds of files and decrypt their data. With most passwords today being about 8 characters long, high-performance computers can guess over a billion passwords per second, meaning many software-encrypted files can quickly be unlocked and their data compromised. Experts recommend that people move to passwords at least 12 characters long, to slow down hackers who attack software encryption.

The solution is to use hardware-encrypted USB and external SSDs to secure your data. They protect against brute force attacks with the best AES 256-bit encryption in XTS mode. You can also make brute force attacks less effective with complex passwords longer than 12–16 characters, or passphrases of multiple words with a total length exceeding 12 characters.

Hardware encryption

A laptop with a USB drive inserted. The screen shows a password entry window.

Hardware encryption is powered by a separate secure microprocessor dedicated to user authentication and data encryption, unlike software encryption. People consider it more secure because its processes are separate from the rest of the computer, and therefore exponentially harder to intercept or attack. This degree of separation for the processor means the encryption processes are also much faster, as a hardware-encrypted device handles all data processing.

Hardware-encrypted drives are more expensive than software encryption options, as they contain advanced components, more sophisticated technology and are designed from the ground up as data protection devices (unlike unencrypted alternatives). Typical USB devices are simple storage devices with no security measures, while hardware-encrypted drives are built solely to protect data, like an insurance policy against drive theft or loss.

Companies in compliance with privacy laws and regulations (HIPAA, GDPR and CCPA, amongst others) can find the legal costs of a breach caused by a standard USB drive loss or theft to be many orders of magnitude more expensive than the costs of a hardware-encrypted drive. The impact of increasing data breaches worldwide is driving up costs and requires stronger data protection.

It ultimately comes down to what price you put on your most sensitive personal data.

Benefits of hardware-based encryption

A lock and key on a laptop, the symbol of a closed lock and circuit board connections superimposed.

There are multiple reasons to recommend hardware-based encryption:

Harder to attack: Drives like those in the Kingston IronKey line are designed to be resistant to hacker attacks, unlike software encryption options. They have additional protections against methods like brute force password attacks. Hardware-based encryption can count total password attempts, ultimately crypto-erasing the drive after a certain number. Cybercriminals tend to prioritise the hacking of software-based solutions, as they represent lower-hanging fruit.
Physically and digitally resilient: Hardware-encrypted drives with military-grade security as defined by the NIST FIPS 140-3 Level 3 standard for the United States government have added protections against physical tampering. They use epoxy to form a protective seal around a drive’s internal components, making them more resilient against physical attacks. The best-in-class IronKey D500S and IronKey Keypad 200 Series with FIPS 140-3 Level 3 (pending) certification are epoxy-filled inside the casing, incorporating various defences against attacks. These defence mechanisms, including shutting down when excessive temperatures or voltages are reached, power-on self-testing to detect anomalies and shut down if positive, and other penetration-testing defences, are mandated by the FIPS 140-3 Level 3 standard.

For a drive to receive FIPS 140-3 Level 3 certification, it must undergo the best third-party validation in the computer industry: being thoroughly reviewed and tested by a NIST-certified lab. NIST is responsible for the AES 256-bit encryption used by US government agencies. FIPS 140-3 Level 3 certification can take years to achieve and represents a trustworthy stamp of approval for customers, signalling a product that’s extremely resilient to attacks and that can help with regulatory compliance.
Portable: While you might not always be able to transport a desktop or laptop computer, hardware-encrypted USBs or external SSDs are easy to carry everywhere. No need to risk emailing financial documents to an accountant or solicitor or storing sensitive data in the cloud – you can keep private data off the grid, securely in your possession. An external drive like the IronKey Vault Privacy 80ES gives you the option of backing up as much as 8TB of data away from the Internet in a location you control.
Compliance with laws and regulations: Data encryption is a requirement in many contexts. For example, HIPAA in US healthcare, GDPR in the European Union and more besides. Kingston IronKey drives can help with compliance since data on them is always encrypted. Complex password/passphrase authentication secures access to the drive (Kingston IronKey drives support passphrases of up to 64 characters, and 128 for the D500S). Brute force attack protection counters penetration attacks, and if password hacking is attempted, the drive can wipe its data and reset to factory state.

Recovering data

Someone types on a laptop. File structure graphics are superimposed.

Data recovery is another point of distinction for hardware- and software-based encryption tech. Microsoft BitLocker has a Recovery Key to be printed or saved for later use. Kingston IronKey drives offer a multi-password option so that the drive can be accessed if one or more passwords are lost.

With ransomware attacks rising, regular backups are critical to data recovery. For all encryption choices, the best solution is a 3-2-1 backup strategy. Make 3 copies of the data, use 2 different media or drives in case of single drive failure or corruption, store 1 drive in a different location. For backups, the IronKey VP80ES is a good solution, ranging from 1TB to 8TB in capacity. Most IronKey USB drives go up to 512GB.

Cloud-based backups are used by some, but risk exposure to breaches associated with cloud storage, and other security issues. Cloud data storage is essentially storing your data on someone else’s computer. If the cloud backup isn’t accessible when needed, your data recovery and resumption of business activity could be delayed. Cloud providers have been reported to be hit by ransomware attacks too, which can delay a user’s access to their data.

Hardware-encrypted solutions offer more robust and comprehensive data protection than software-based options, for true “password protection” of essential files. Ultimately, it comes down to the value you place on your documents and how much protection you require.

#KingstonIsWithYou #KingstonIronKey

Was this helpful?

Kingston IronKey Vault Privacy 80 External SSD
XTS-AES 256-bit encryption

USB 3.2 Gen 1

960GB, 1920GB, 3840GB, 7680GB

Up to 250MB/s read, 250MB/s write
Learn more Buy
Kingston IronKey D500S hardware-encrypted USB flash drive
Military-grade FIPS 140-3 Level 3 (Pending) security

XTS-AES 256-bit hardware encryption

USB 3.2 Gen 1

8GB, 16GB, 32GB, 64GB, 128GB, 256GB, 512GB

Up to 310MB/s read, 250MB/s write
Learn more Buy
Kingston IronKey Keypad 200 Series USB Flash Drive
Military-grade FIPS 140-3 Level 3 (Pending) security

XTS-AES 256-bit hardware encryption

Available in Type-A and Type-C USB

Device/OS independent

8GB, 16GB, 32GB, 64GB, 128GB, 256GB, 512GB

Up to 280MB/s read, 200MB/s write
Learn more Buy
Kingston IronKey Vault Privacy 50 Series
Enterprise-grade security

XTS-AES 256-bit hardware encryption

Available in Type-A and Type-C USB

USB 3.2 Gen 1

16GB, 32GB, 64GB, 128GB, 256GB, 512GB

Up to 310MB/s read, 250MB/s write
Learn more Buy
Kingston IronKey S1000 Encrypted USB Flash Drive
On-device cryptochip

USB 3.1 Gen 1 (USB 3.0)

4GB, 8GB, 16GB, 32GB, 64GB, 128GB

Up to 230MB/s read, 240MB/s write

Complex password or passphrase security
Learn more Buy

- Encrypted USB
- Data Security
What is encryption and how does it work?

Looking for improved data security & need to know what is encryption? Kingston covers the basics.
How does hardware-based SSD encryption work? Software vs hardware, AES 256-bit and TCG Opal 2.0

Secure important personal and private information on a PC with a hardware-encrypted SSD.
How to choose the right drive for your data

Here is a list of USB security features to consider for data protection.
The 3-2-1 data backup method: your best defence against ransomware attacks

Learn what the 3-2-1 data backup method is and why it is your best defence against ransomware.
Expert best practices for safeguarding your information

Learn data security best practices with Dr. Vynckier, and the importance of offline backups.
Defense in Depth: Expert insights on building a multi-layered cybersecurity strategy

David Clarke covers encryption, super user safeguards, vulnerability management, and training.
How EgoMind secured hybrid work data with Kingston IronKey

Learn how Kingston IronKey's solutions helped EgoMind enhance their data security hygiene.
Enterprise versus client SSD

Built for disparate purposes, client SSDs and enterprise SSDs have different properties.
NIS2, DORA and the significant role of encrypted storage – Expert insights

We discuss NIS2 and DORA, and how organisations can turn compliance into an opportunity.
Changing behaviours towards encrypted storage – Expert insights

We discuss the shifts in how organisations are storing and encrypting sensitive data.
Emailed password-protected documents: the new and silent breach

Kingston examines how to secure sensitive files with the increasing vulnerability of email.
The NIS2 directive: Strengthening cybersecurity against cybercrime

Learn how Kingston IronKey hardware-encrypted solutions supports NIS2 Directive compliance.
Enhance small business cybersecurity with Kingston Ironkey

Kingston IronKey has hardware options to protect small and medium businesses against cybercrime.
Why you need to upgrade to FIPS 140-3 Level 3, military-grade mobile data protection

FIPS 140-3 Level 3 is certified by the world-leading agency NIST as the apex of encryption.
Find the best SSD for your data center

Questions to ask when seeking the right SSD for your organisation’s data center.
- Data Security
- Encrypted USB
What is the difference between software and hardware-based encryption?

Our infographic showcases the differences between software and hardware-based encryption.
2024: Technology experts’ predictions

2023 has been a year full of challenges and innovations. But what will 2024 bring?
- Data Security
- Encrypted USB
How to protect your SMB from ransomware

Learn about two methods that give SMBs superior resilience vs ransomware: encryption and backups.
How to allow USB drive access without compromising endpoint security

In this whitepaper, we explain how to enforce a DLP strategy, while allowing USB drive use.
Enterprise-grade versus military-grade security: what’s the difference?

Enterprise-grade and military-grade digital security: two high standards with different requirements.
A secure cloud in your pocket: hardware-encrypted drives for travelling lawyers

Learn how hardware encryption can protect a travelling lawyer’s confidentiality with secure file storage.
The benefits of penetration testing for hardware encrypted drives

How is pen testing ensuring Kingston IronKey USB drives lead the way in trusted data security?
25% rise in lost devices reveals data security threat for Londoners

Hardware encrypted Kingston IronKey drives protects organisations’ data on the move.
Bring your own device: security measures for personal devices in the workplace

Bring your own device (BYOD) policy is tricky for employers. How to balance security & convenience?
Encrypted drives in finance – a must for cybersecurity and compliance

How do encrypted drives improve cybersecurity and compliance for finance companies? Kingston explains.
What is data loss prevention (DLP)?

DLP offers tools for network admins to protect sensitive data from cybercrime and negligence.
The hard truth of proper security for healthcare data

A look at how the requirement for data encryption can be key to any organisation's security strategy.
- Encrypted USB
- Data Security
Staying secure when remote or travelling

How can we bolster network security with remote working and international travel so common now?
Encrypted USB flash drives: Cheaper than legal fees

Invest in encrypted drives so you do not incur expensive legal fees if they are lost or stolen.
Why is Kingston IronKey trusted by national cybersecurity organisations?

Discover why national security agencies trust Kingston IronKey to protect their data.
Hybrid working environments will mean increased data vulnerability

A company’s IT specialists should be expected to add data security to the PCs of remote workers.
What you need to know when building your data loss prevention strategy

Kingston’s three key practices for robust DLP for businesses that handle sensitive data.
Using an encrypted USB flash drive with an iPhone or iPad

You can read and write to an encrypted USB flash drive with an iPad or iPhone with the right adaptor. Here’s how.
Safeguard your law firm’s sensitive data with hardware-encrypted drives, not software

Learn why hardware encryption beats software encryption for law firm data protection.
- Data Security
- Encrypted USB
What is data security software?

A brief explaining the purpose and types of data security software available.
- Encrypted USB
- Data Security
The benefits of passphrases

Passphrases are superior to complex passwords for keeping data secure, with many powerful benefits.
- Data Security
- Encrypted USB
Secure data in transit

HIPAA requires healthcare organisations to keep patient data safe at all times, including in transit.
NYDFS 23 NYCRR 500 Cybersecurity Requirements

This requires encryption of sensitive data, appointing a Security Officer, cyber security programmes and policy adoption.
Security for all sizes – Proactive protection from SME to enterprise!

Kingston IronKey encrypted USBs are a security consideration for organisations of all sizes.
USB storage: Does hardware encryption prevent risks?

We compare unencrypted and encrypted USB drives and explain how to keep data secure!
How an energy specialist protected their partner's IP with Kingston IronKey

Learn how Kingston IronKey is protecting the intellectual property with customisation.
How does Kingston IronKey protect global financial services?

Discover why Kingston IronKey is the go-to solution for protecting financial services data.
Why does the military rely on Kingston IronKey?

Learn how Kingston IronKey is securing the military operations’ data.
Using and promoting encrypted USB flash drives in your organisation

How can you get your organisation to use encrypted drives and make them part of your security policy? Here are some tips.
Prevent telecoms data leaks in the field with Kingston IronKey

Learn how Kingston IronKey is protecting telecoms industry's data using encryption.
Encrypted storage for creatives

Encryption is an incredibly helpful option for creatives to protect their clients’ important files.
How Kingston IronKey can be a strategic performer

Kingston IronKey encrypted USBs: a small but important part of any organisation’s security strategy.
Post pandemic commuters are 22% more likely to lose their devices

Kingston IronKey can help mitigate data loss due to the rise in lost electronic devices.
Why are USB drives still relevant today?

In this eBook, we explore how Encrypted USB drives have become a key tool in keeping data secure.
Setting Up Kingston IronKey^™ Vault Privacy 80 External SSD

How to use your IronKey Vault Privacy 80 External SSD: set password, connecting to a PC and more.
Protect Private Mobile Data in Healthcare

Organisations are considering data security options to protect against private mobile data breaches.
Finance industry: Keeping sensitive data safe with Kingston IronKey

Discover how Kingston IronKey is protecting the sensitive data of the finance sector.
Protecting critical data in the energy sector with Kingston IronKey encrypted drives

Here is how Kingston IronKey helped protect the sensitive data of the Energy industry.
Cybersecurity – How to stay ahead in 2022

We explore our KingstonCognate experts’ thoughts on cyberthreats and cybersecurity challenges.
Transporting and protecting data outside your firewall

Protecting data on the move with superior hardware-based Advanced Encryption Standard (AES) 256.
Software encryption and regulatory compliance: Less expensive solution with major security risks

Users can disable software-based encryption, which can lead to legal fees if the drive is lost.
How to stay secure in a digitised world

We explore Tomasz Surdyk's thoughts on how all entities can stay secure in the digitised world.
FBI warns that hackers are mailing malware on USB drives to their targets

Don’t plug any USB drives into your computer if you don’t know exactly where they came from.
- Data Security
- Work From Home
- Client
- Cloud
- SSD
- Encrypted USB
What businesses need in their work-from-home enablement

What we learned from Kingston’s experts and tech influencers on work-from-home enablement Twitter chat.
Is encrypted storage needed if you use the cloud?

There are benefits to using both cloud storage and hardware-based encryption.
Top 12 tips SMEs can take to enhance cybersecurity

We explore the top 12 tips small and medium size enterprises can take to enhance cybersecurity.
Kingston’s 3 predictions for the data center and enterprise IT in 2022

We’ve examined several factors using unique research to identify what may impact markets globally in 2022.
2022: Technology expert predictions

2021 has been a year full of challenges and innovations. But what will 2022 bring?
How to close the security gap for small and medium size enterprises

Prof Sally Eaves shares her thoughts on the SME cybersecurity landscape and the need for education & support.
Sustained commitment required for cybersecurity

Bill Mew shares his thoughts how the largest security challenges need commitment from the boardroom.
Are you close to the edge? Why edge computing needs security

Rob May shares his thoughts on how close we are to edge computing and the security it requires.
The critical roles of data centers during COVID-19

The pandemic has increased internet traffic, which has placed importance on the role of data centers.
Data loss prevention in our remote working world

The use of DLP software, VPNs, Encrypted SSDs and USBs, will help mitigate some risks of remote working.
Should I Make the Switch to NVMe?

Cameron Crandall of Kingston helps you decide if you should move to your server storage to NVMe SSDs.
What is the difference between hardware vs software-based encryption for encrypted USB flash drives? - Kingston Technology

There are many advantages to using a dedicated hardware encryption processor in USB flash drives.
Influencers Tech insights for 2021

What will 2021 bring in Tech and trends? What do our KingstonCognate members and industry experts predicting for the future?
Who is responsible for cyber security and privacy?

Cyber security and data privacy are everyone’s responsibility. What are the key considerations?
Kingston SSDs are the best hardware choice for Software Defined Storage solutions

Learn why the future of business depends on SSD-enabled SDS, and how SSD fits into a Software Defined Storage Solutions.
Optimal Endpoint Security Explained and Explored in Partnership with Matrix42

Kingston & Matrix42 partnered to give optimal endpoint security solution in multiple sectors to mitigate risks.
C-Suites need to stop taking unnecessary risks

The importance of organisations to consider Revenue, Profit & Risk as equal in organisations to ensure they mitigate data security & cyber security risks. Read this article from Industry Expert, Bill Mew & he will provide you with an insight on this topic.
Twitter Chat: Security Experts and Privacy Discuss GDPR in 2020

What do industry experts think has changed since the introduction of GDPR?
Rip and Replace vs Predictability: Why SSDs with Predictable Latency Matters

Data centres should be using server SSDs. There are many benefits over client drives and costs have come down.
The benefits of NVMe in enterprise

NVMe is now the standard protocol for SSDs to empower data centres and enterprise environments.
Four things data centre managers can learn from the fastest supercomputers

Cloud and on-premise data centre managers can learn a lot from supercomputing.
Case Study: Accelerating virtual machines with Kingston DC500M SSDs

Find out how Hardwareluxx were able to manage the growth of their web traffic using Kingston's DC500M SSD.
Is Now the Time for SDS (Software Defined Storage)?

SDS hasn’t lived up to its hype but now that NVMe is more affordable, the commodity hardware is ready to deliver.
The Right Solid-State Drive (SSD) Matters

Choosing the right SSD for your server is important since server SSDs are optimized to perform at a predictable latency level while client (desktop/laptop) SSDs are not. These difference result in better uptime and less lag for critical apps and services.
Work From Home Tips and Tricks

To work from home you need a good workspace for your PC, the right conferencing gear, and a secure connection.
Data Protection and Cyber Security in a Post-GDPR Landscape - Kingston Technology

What strategies can organisations use to best secure customers data in a post-GDPR world with the ever-evolving nature of cyber security threats? Kingston pooled the knowledge of some of the UK’s most experienced commentators in cyber security to discuss how data protection has changed since the introduction of GDPR.
Improve SQL Server Performance with DC500M Enterprise SSDs

This whitepaper demonstrates how using Kingston Technology’s Data Centre DC500 SSDs can reduce your overall capital and licence costs by 39%.
Mobile Workforce Security eBook - challenges of mobile workforce security

You already know that remote working is a business enabler. But the challenges posed to your network security and compliance with GDPR are too big to ignore.
- Data Security
Enabling and Disabling BitLocker with eDrive to Utilise Hardware Encryption

How to enable and disable Microsoft’s BitLocker eDrive feature to leverage hardware encryption on your Kingston SSD.
- Data Security
Encrypted USB Flash Drive Industry Alliances

Some of Kingston and IronKey's Secure USB Flash drives are powered by partners, licensed technology, or services.
- Data Security
- Data Security
AES-XTS Block Cipher Mode is used in Kingston's best secure USB Flash Drives

256-bit AES hardware-based XTS block cipher mode encryption is used in DT 4000G2 and DTVP 3.0.
A Closer Look At SSD Power Loss Protection

Firmware/hardware PFAIL protection is an highly effective method for preventing data loss in enterprise SSD.
SSDs for Online Transaction Processing (OLTP)

Kingston datacenter SSDs provide excellent resiliency to protect sensitive data in OLTP workloads.
SSDs for High-Performance Computing (HPC)

HPC can require massive amounts of data. SSDs consume a fraction of the power of their spinning disk.
ECC and Spare Blocks help to keep Kingston SSD data protected from errors

End-to-End Data Protection protects customer’s data as soon as it is transferred by the host system to the SSD, and then from the SSD to the host computer. All Kingston SSDs incorporate this protection.
- Data Security
Secure Customisation Programme

This program offers the options most frequently requested by customers, including serial numbering, dual password and custom logos. With a minimum order of 50 pieces, the programme delivers precisely what your organisation needs.
- Data Security
- Article
Risk of Data Breaches, How To Prevent Them in Compliance with EU GDPR

Everyday working life has changed radically and so have traditional ways of working: thanks to mobile storage media, we can access our data practically at any time from any location, and can work on our data wherever we are.
- Data Security
Kingston's FIPS Compliance for Encrypted Storage

Most IronKey and Kingston secure USB flash drives are FIPS 140-2 Certified.
Major recent example of an unencrypted USB breach

Heathrow Airport in London (30 October 2017) uses unencrypted USB drives for its non-cloud storage. Unfortunately, it was not standardized on encrypted USB drives.
SSDs for Virtual Desktop Infrastructure

Storage can be the most challenging component for VDI performance.
Solid-State Drive Testing 101

Testing is a cornerstone of our commitment to deliver the most reliable products on the market. We perform rigorous tests on all of our products during each stage of production. These tests ensure quality control throughout the entire manufacturing process.