Gadgets

REVIEW: KINGSTON IRONKEY VAULT PRIVACY 80

REVIEW: KINGSTON IRONKEY VAULT PRIVACY 80

An Encrypted USB Drive With A Touchscreen Interface
By Rashmi Goel

About

Kingston introduces its first hardware-encrypted external SSD with a touch screen for data protection, the IronKeyTM Vault Privacy 80 External SSD. With digitally-signed firmware, VP80ES protects against Brute Force attacks as well as BadUSB attacks. The brute force attack protection system encrypts the drive if both the Admin and User passwords are entered incorrectly 15 times in a row. Drives are FIPS 197 certified and are secured with XTS-AES 256-bit encryption through a Common Criteria EAL5+ (CC EAL5+) certified secure microprocessor and are TAA compliant. VP80ES is an intuitive file transfer solution that protects data while being user-friendly, just as unlocking a smartphone is. Vault Privacy 80ES has an intuitive color touch screen and multi-password (Admin and User) option as well as passphrase or numeric PIN modes that make it an excellent alternative to using the internet and cloud services to secure data.

Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection - CriticReviewer.com
https://www.kingston.com
This drive is ideal for small-to-medium businesses (SMBs) to content creators who need to store important company information, client documents, or high-resolution images and videos. The device comes with two USB 3.2 Gen 1 adaptor cables, USB Type-C®2 to Type-A and Type-C to Type-C, which facilitate the simple connection to computers and other devices. For those of you who need secured data and content out in the field or on the go, the VP80ES is the ideal companion for providing portable productivity and convenience. Password security can be configured by the administrator by configuring a maximum number of shared attempts, a minimum password length of 6 to 64 characters, and alphanumeric password regex rules. The 'space' character can also be used for making it easier to remember a passphrase such as a collection of words, a memorable quotation, or lyrics from a favorite song. Alternately, you can use the PIN pad to unlock just as you would on a mobile device, and reduce frustration and failed login attempts by tapping the "eye" button to view the entered password.

Design
IronKey Vault Privacy 80 External SSD with Hardware Encryption - Kingston Technology
https://www.kingston.com
The best part about this product is that Kingston did not attempt to overdo the aesthetics. Kingston includes two USB cables for USB-A and USB-C, as well as a soft neoprene carry pouch with the USB-C external drive, which has a touch display on top. An opening on the front of the pouch appears to be intended for carrying cables, but it is not large enough to accommodate even one. It would have been better if the pouch had been divided inside. Besides the 'Quick Start Guide,' there is a user guide available on the Kingston website which provides extensive instructions in ten different languages. The metal blue finish of the VP80ES makes it appear that it is made of metal, but in fact, it is plastic. This helps keep the overall weight at 262g, including the cable. Upon plugging the VP80ES for the first time, the software on board prompts the owner to enter an admin password via the touch screen. It is approximately 60 x 45mm in size, although it is not flush with the case, and the recess limits the area available for touch interactions.

Features


Setting Up Kingston IronKey Vault Privacy 80 External SSD - Kingston Technology
https://www.kingston.com
An intuitive interface can be operated with either a stylus (not included) or a finger. It is far easier to use a stylus because of the relatively small screen size combined with adult fingers. We are puzzled as to why a cheap stylus was not included, given the device's price. With FIPS 197 certified XTS-AES 256-bit encryption, you are protected. A secure microprocessor certified by Common Criteria EAL5+ protects against BadUSB and Brute Force attacks. A touchscreen interface that is unique and intuitive. Thanks to the intuitive, easy-to-use color touch screen, protecting your data is easy. Multi-Password (Admin/User) Option coupled with PIN/Passphrase modes.


Kingston IronKey external SSD features a color touchscreen, built-in protection against brute-force attacks | TechSpot
https://www.kingston.com


There is a multi-password option for data recovery with administrative access. Customizable password rules are available. Control the number of password attempts, the minimum length of the password between 6 and 64 characters, and numeric or alphabetical rules for passwords. Advanced security options are available. Lock the drive with an adjustable auto-timeout, randomize the layout of the touch screen, and securely erase the drive to erase any passwords and encryption keys. Configuration of read-only (write-protection) mode. Using two levels of Read-only protection, you will stay protected against cybersecurity threats. These products have all of the clever features hidden on the inside, but the designers have created something that should not intimidate the average user.

In Use

Setting Up Kingston IronKey Vault Privacy 80 External SSD - Kingston Technology
https://www.kingston.com

It is never easy for security storage to strike the perfect balance between providing the best possible protection and remaining practical. VP80ES offers two levels of secure ownership, enabling administrators to control user accounts. It is very logical, since invariably this device will be turned over to a user who forgets their password, and the administrator can then retrieve the situation. The IT department should never hand the device directly to the user since they will set the admin password and may then be unable to retrieve it. The administrator's password can only be configured to be six characters in length, comprised of entirely numbers or letters, and without special characters. Given that the administrator can enforce the use of more characters (up to 64) and mix letters and numbers, shouldn't strong password rules be applied to the administrator at the very beginning?
A drive partition can be formatted in any file structure considered appropriate once the drive has been unlocked. This device is pre-formatted with ExFAT but can be easily converted to NTFS or EXT4 before files are copied to it. By adjusting the administrator settings, it is possible to configure how long the drive should remain unlocked while connected, and it is also possible to quickly lock the drive for those who need to leave the room. This solution is advantageous because it is essentially OS-independent and does not require locally installed drivers or software. There are, however, some drawbacks.

Kingston Ironkey – Super Secure External SSD with Touchscreen
https://www.kingston.com
It appears that those responsible for the design of the Kingston IronKey VP80ES got carried away with their secure processor and intrusion protection and lost sight of the user experience. Due to the significant delay following each letter or number selected, you cannot easily key in an unlock code into the unit quickly. The problem was later determined to be due to the size of our fingers, as the process worked much more smoothly with a stylus. Nevertheless, this was not the only concern we noted. The device also has a problem with the user account mode. Whenever a user account is created, and there can be only one, a password is assigned to the user that they can use to log into the device.
In this mode, the device will ask if you want the password to be ‘admin or user’ when it is powered on, and the user password will not give the user access to all the menu functions that the admin has. The only disadvantage of the user mode is that a limit is set as to how many incorrect passwords may be entered before the device automatically deletes the contents to prevent brute force attacks. A user may make a maximum of 30 unsuccessful attempts, while a minimum of 10 is allowed, but alarmingly this number is shared between them and the administrator. Consequently, the user can exhaust all of their attempts before the administrator is able to restore the situation. A scenario where a user refuses to or is unable to contact the administrator can go horribly wrong with little imagination. Upon irretrievably erasing their data, the user goes to the administrator.

Performance
Kingston introduced IronKey Vault Privacy 80 External SSD with Touch Screen and Cryptographic Protection - Game News 24
https://www.kingston.com
SSDs are great, but the VP80ES isn't going to break any speed records. It is fair to assume that the SSD technology within the VP80ES is based on SATA, and that would theoretically yield a maximum speed of 500 MB/s. Cryptography and decryption may reduce this performance, but a loss of half that speed is excessive. Several have argued that secure storage performance isn't essential, but if you are trying to catch a flight or train, being able to write at a maximum speed of 245MB/s might become of greater importance. Based on these results, the VP80ES is much slower than most USB SSDs we've seen recently and about the same speed as the DataLocker DL4FE, another poor performer.

Conclusion
IronKey Vault Privacy 80 External SSD Review - GLOBAL TECHNOLOGY
https://www.kingston.com

A key feature of the Kingston IronKey VP80ES is that the information stored on it should remain secure, just as the passwords assigned to it should remain safe. Those who stick sticky notes with passwords to their monitors will not find this useful. With the exception of one point, the technology used in this drive provides a high level of security that is likely to be of interest to some. A few issues with this design, however, need to be considered by potential purchasers. In terms of speed, this is not a very fast drive, so we have used conventional hard drives that provide faster reading and writing speeds. If the USB interface supported USB 3.2 Gen 2, it might have been mitigated, but only half of the bandwidth is available to Gen 1 devices. Touch panels pose another problem. A stylus is the best tool for using this interface, but a large finger may have difficulties. Invest a small amount in a stylus with a rubber-tipped end and you will experience fewer password entry errors.
In some cases, this could be critical, as the errors in password input can wipe out the drive if the administrator or user exceeds the number of attempts. The security approach assumes that the contents are more valuable than those files, which makes it a poor place to store the only copy of any data. However, if keeping the data under control is important rather than having the data, then this may not be necessary. Furthermore, it is important to discuss the costs associated with secure storage, which are often much higher than would be expected for an SSD of the same capacity. This product is priced very close to the DataLocker DL4FE at the same capacities, a unit that offers the same touchscreen input but includes a remote control feature. In terms of security, the DataLocker DL4FE is classified as a Level 3 device with FIPS 140-2 security rating, however, the VP80SE is classified as FIPS 197, the next level of security. There is, however, a much wider range of capacities available with DataLocker, which can reach up to 16TB if you are willing to spend a lot. The Kingston VP80SE is an excellent choice unless you specifically wish to remotely destroy the contents of a drive. In spite of that, we recommend training for individuals who use it about how to remember passwords and when to contact the administrator before data loss occurs.