If budget constraints prevent you from getting a new laptop with full drive encryption, you can still add a strong protection layer to your data when traveling or when at your desk. Enter Aegis Bio, (Aegis, I am reminded, is the name of Zeus’ shield ), a new line of USB drives from Apricorn offering out-of-the-box 128-bit hardware-based AES encryption and biometric authentication with a fingerprint reader.
After using the Aegis Bio for some time, I found the drive to be a fine alternative to having full-drive encryption on your laptop, or a secure backup device if your laptop data is already encrypted. The fingerprint reader, however, had me puzzled at first, and the unit’s administrative tools are a bit slim for corporate deployments.
For my evaluation I received from Apricorn an 80GB Aegis Bio (capacities range from 80GB to 250GB) in its standard commercial packaging, including a CD with the fingerprint management applications and some ancillary software.
The drive has a built-in USB cable that folds neatly in a groove when at rest. In addition to a padded pouch, I also found in the box a Y-cable, one female to two males — useful if not enough juice flows from just one USB port on your machine.
Measuring about 5 by 3.25 inches and weighing about 6 ounces, the drive may not be something you want to carry in your front shirt pocket; finding a place in your laptop bag shouldn’t be a problem, though.
On top of the unit a double indentation — think of two inclines converging at the lower side — guides you to the built-in TouchStrip Fingerprint Sensor from Upek.
I was prepared for some frustrating attempts to make not-quite-ripe fingerprint-reading technology work, but I was wrong. After installing the Aegis Bio Protector Suite on my Windows XP laptop and following a short tutorial, I found that scanning a fingerprint was easy and reliable.
Keeping a steady hand is essential to taking a good sweep of your fingerprint. If your hands are shaking — which could happen after pumping iron, for example — trying to use the reader could be frustrating. There’s a workaround, however: using the old-fashioned password.
In fact, the installation script will direct you to choose a backup password, an alternative to fingerprint authentication that you can use if there is a reader malfunction or when scanning a fingerprint is not possible or practical.
The fingerprint enrollment is the final step of the installation, during which you’ll take three consistent readings of one, two, or up to all 10 of your fingers.
It didn’t take me long to store the pattern of my two index fingers, but I was puzzled to discover that scanning different fingers didn’t always trigger a mismatch during the enrollment.
After a quick exchange with Apricorn technical support, I learned that the enrollment script will be satisfied with two good fingerprints out of three, which explains why a third spurious reading was not always rejected. I also learned that those conditions don’t mean the sensor isn’t working properly, nor that false positives are possible. In fact, I didn’t experience any false positives during my testing.
When fingerprint enrollment was complete, the installation script asked permission to format the drive. After a few seconds, my Aegis Bio was ready to use, but a little LED on the device was lit red to show that data access was still locked. I swiped my finger on the sensor and the LED immediately turned green. Fast and easy.
Interestingly, before authentication, Windows Explorer didn’t even see a drive where Aegis Bio was mounted. It actually asked me to insert one. After authenticating, Explorer was able to see the drive and display its content.
An unexpected boon of the Apricorn software is that it installs add-ons for Internet Explorer and Firefox, opening the opportunity to use your fingers to log in to Web sites. In fact, those add-ons can intercept and store your user IDs and passwords and automatically insert them in a Web form when you scan your fingerprint.
It works, but certainly is not the main reason to install Aegis Bio. I did not try this, but according to Apricorn, the Aegis fingerprint authentication can be used to switch users on a Windows XP box.
Testing the drive with SiSoftware Sandra’s File System benchmark didn’t reveal any significant speed differences between the Aegis and similar drives. Encryption obviously doesn’t slow down the unit much, if at all.
I also liked that fingerprint authentication works on any machine, so there’s no need to install the management software on each one. In fact, I was able to use the drive on Linux Ubuntu and on Windows XP Home machines. This means that you can, regardless of the OS available, take your work home or elsewhere in absolute privacy.
However, to unlock the drive using a password instead of fingerprints, you need to use the management software, which also gives the opportunity to enroll a new password or new fingerprints.
Aegis Bio doesn’t come with centralized administrative software. To manage multiple users, Apricorn suggests setting a password before assigning the drive to each user. Users will still be able to scan their fingerprints independently, but you, as an admin, maintain the ability to unlock the content using the password and to reassign the drive to a different user when needed.
Appropriately, the password authentication screen automatically displays the serial number to make it easier to identify a device out of a large group. Not perfect, but it works, as long as your users don’t know the password. However, it won’t scale well to serve many users.
I enjoyed my evaluation of the Aegis Bio, but it’s a pity that the drive doesn’t come with a more sophisticated centralized management system. That shortcoming could hamper deployment in large corporate environments.
If this doesn’t deter you, the Aegis Bio, with capacities ranging from 80GB to 250GB and a price starting around $180, could become your best ally in keeping corporate data safe on the road. But be warned that using the fingerprint reader can be addicting; your users may never want to go back to the old way after they try it.