Seagate Maxtor BlackArmor
The Seagate Maxtor BlackArmor ($135 for 320GB) is a marvel of simplicity. It's the first external model with full-disk encryption--the encryption chip resides on the hard drive's circuitry. According to Seagate, all of the data is encrypted on the drive, so even if someone removes the drive from the housing and takes away the chip set, the data is inaccessible. When you first attach the BlackArmor to a Windows PC, the drive loads a read-only partition with the setup software. Initializing the drive and setting a password takes only a minute, after which the drive loads the encrypted partition and Windows shows it as a drive letter. Thereafter, every time you plug in the drive, the autorun settings will ask you to enter the password.
The BlackArmor also features a Secure Erase option (which overwrites data areas of the drive with zeroes), as well as a backup utility.
This model is our Best Buy for its value--it offers one of the best cost-per-gigabyte rates we've seen--as well as for its simplicity and its full-disk-encryption security.
Apricorn Aegis Bio
The Apricorn Aegis Bio ($300 for 500GB) not only has hardware encryption but also is one of the few drives with a built-in biometric fingerprint reader. The reader lets you bypass creating a password for accessing the drive; instead, you register your fingerprint and then swipe your finger across the reader. Using such a drive is a lot easier, since you have no password to memorize (or forget, which would render the data useless). Apricorn takes the biometric security up a notch, too: The bundled software (licensed from reader-manufacturer Upek) lets you scan your fingerprint to log in to Windows. Another tool automatically enters saved passwords (and other data) into forms when you swipe your finger. All of that added functionality makes the Aegis Bio one of the handiest hardware security tools I've encountered.
LaCie d2 Safe
The hefty LaCie d2 Safe ($350 for 1TB) external drive features a fingerprint reader and can connect to your computer over FireWire 400 and 800 in addition to USB 2.0. I found LaCie's software setup more time-consuming than some others, but it has an obvious benefit: LaCie's built-in fingerprint software allows you to plug the drive into either a Mac OS system or a Windows box and to work in the encrypted partition. The drive also features the sturdiest housing I've seen, plus a Kensington lock port so you can secure it to a desk.
Apricorn Aegis Vault
Take the Aegis Bio and remove its fingerprint reader, and you have the Aegis Vault ($260 for 500GB). The two models are virtually identical, but in this case you must submit a password to unlock the drive. In many respects the Aegis Vault is a decent, slightly pricier duplicate of the BlackArmor and its basic features, but with a built-in USB cable.
Sandisk Cruzer Contour
The Cruzer Contour ($100 for 16GB) isn't so much a security tool as it is a speedy flash-memory thumb drive with a nifty mechanism to retract the USB connector: The piece recesses inside a sliding cover that you can manipulate with just your thumb. Inside, it's a high-performance U3 drive with all the benefits: the ability to run programs from the drive itself, a feature that stores your documents on the drive automatically, and the U3 Launchpad, a clone of the Start menu for the drive's installed applications.
In the Launchpad menu is the check box to "lock" the AES-encrypted user-writable portion of the drive with a password. While the protection isn't enabled by default, it can put a password between anyone who finds your lost drive and your files. As long as the NSA isn't after your data, this setup will probably provide enough security for casual use.
Data Locker Pro AES Edition
If you want to use a drive on several computers with different OSs, you need a way to enter a password through something other than Windows software. That's where the Data Locker Pro AES ($340 for 320GB) and its touch-screen LCD come in: The Data Locker gives you a numeric keypad for entering a six-digit passcode that lets the drive mount in an operating system. You can also use the LCD screen to change the passcode, dismount the drive, toggle the encryption on or off, or wipe the drive clean. One annoyance, however, is the loud beeping that it emits when you press the screen (and you can't turn the sound off).
The Data Locker's relatively high price factors in the cost of the additional hardware, but the touch screen is definitely slick, and this drive is worth considering if you need to move sensitive data between machines.
Lenovo ThinkPad USB Secure Hard Drive
In the same vein as the Data Locker, Lenovo's cryptodrive ($220 for 320GB) takes advantage of a numeric keypad on the drive housing. Interestingly, this drive's housing more closely resembles a burglar-alarm panel. Pressing and holding numerical combinations allows you to change the password or modify other settings, without having to run software. This model produces no sound when you press a key, which is better than the obnoxiously loud Data Locker--but unlike that competing product, it offers no visual feedback that you have pressed a key, either.
The drive demands a lot of power to do its thing, so the box includes a second cable that you're supposed to plug into a second, free USB port and then feed into the drive's power port.
Kingston DataTraveler Vault--Privacy Edition
Kingston's DataTraveler Vault--Privacy Edition ($173 for 4GB) is a good but pricey option for anyone who needs an encrypted drive small enough to wear around the neck. A blue, metallic tube with a cap on one end, it's among the bulkier USB models we’ve seen. But what's inside is what counts: This drive's embedded encryption engine scrambles data with a 256-bit AES encryption key--a key that's twice as long as what other products offer. The longer key means thieves must take that much more time to try to crack the encryption.
Like the BlackArmor drive, the DataTraveler opens its utilities in a read-only partition that Windows interprets as a CD-ROM drive. Once you have created your password, the drive mounts the encrypted partition.