One of my biggest fears as a professional photographer is that someday, somehow, for some…
Originally published by USA Today.
By Rob Pegaro
When it’s time to donate or ditch an old flash-memory drive that stored sensitive information, deleting those files isn’t enough. The safest way to wipe the slate clean is actually to encrypt it — and that’s not as hard as it sounds.
The computer industry’s migration from hard drives to flash drives has mostly brought good things. Flash drives work faster and, since they store data in solid-state memory instead of on spinning magnetic platters, they also work longer.
And they’re a lot smaller. If you’re not sure if your external drive is flash or not, seeing if it fits cleanly into a shirt pocket should is your easiest cue, followed by its complete absence of noise.
But when it’s time to wipe a drive so you can sell or donate it to somebody else, flash drives impose complications that hard drives don’t: Because they automatically move bits of data to less-used areas of the drive to extend longevity, the traditional secure-erase technique of overwriting files with random data may not clear out all of it.
That’s why Apple removed the “Secure Empty Trash” command from the macOS Finder in 2015’s El Capitan version. It didn’t want people thinking they could scrub a file from a drive when the attempt might not succeed on a flash drive.
You can still use the method of dumping random data three times in a row on an entire flash drive, although tools to do that are less than obvious in both Windows 10 and macOS High Sierra.
On a PC, open the command prompt from the Start Menu and type “format e: /p:3,” (if “e” isn’t the letter for the flash drive, change that accordingly). On a Mac, open the Disk Utility app, select the drive, click “Erase,” then click “Security Options…” and move the slider control to the third, “3-pass secure erase” option.
Mike Cobb, director of engineering at the data-recovery firm DriveSavers, noted that your flash drive’s vendor may provide an app with simpler secure-erase tools, pointing to ones from Intel, SanDisk and Samsung.
The other reason to avoid this method is that it can be painfully slow on large drives–a 2017-vintage Windows laptop needed 22 minutes to do a triple overwrite of a 4 GB flash drive.
Encrypting the entire drive to make its contents unreadable without a key–then erasing it and encrypting it again–takes much less time to make your data disappear. Both Cobb and Joseph Lorenzo Hall, chief technologist for the Center for Democracy & Technology, endorsed that strategy.
On a Mac, right-click the drive you want to wipe and select “Encrypt” and then follow its prompts. If you don’t see that prompt, it may be because the drive was formatted for use with Windows systems; open Disk Utility, select that drive, click “erase” and go with the default settings. Either way, you’d then use Disk Utility to erase the drive, then repeat the encryption step. Finally, erase it in Disk Utility again to leave it free for the next user.
Things are a little more complicated in Windows, thanks to Microsoft not supporting disk encryption in the Home editions of Windows. (Dear Microsoft: Home users care about privacy too.) If you run a home version of Windows, you’ll have to use the open-source VeraCrypt app for this task.
Install and run it, then click “Create Volume” and then “Encrypt a non-system partition/drive.” Choose “Standard VeraCrypt volume,” click “Select Device” and then “Removable Disk”–where you should only see one drive selected, assuming you unplugged other external drives first.
After encrypting the drive, reformat it (right-click it on the Windows desktop and choose “Format…”), then repeat the encryption step. Reformat it a second time so the next user doesn’t get a prompt to decrypt it.
This is a bit more work than taking a crowbar to a dead hard drive. But learning how to encrypt drives–a must if there’s any risk of somebody stealing your computer–is worth going to that trouble.
Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, e-mail Rob at [email protected] Follow him on Twitter at twitter.com/robpegoraro.
Read more: https://www.usatoday.com/story/tech/news/2018/07/05/erasing-flash-drive-how-delete-your-data-safely-and-securely/755150002/