Review: A-Key 4000 Token

For: Small USB key with strong encryption, good ease of use and reasonable price.
Against: Not suitable for large enterprises.
Verdict: Great little encrypted USB drive for smaller enterprises that might not implement more sophisticated removable media data protection. Inexpensive enough to replace all non-encrypted USB thumb drives.

However, forensic analysis of the tool failed to reveal any useful information, such as passwords or keys. Likewise, when we attempted to extract data forensically without logging on to the A-Key properly, our efforts failed. Encryption is AES, which is adequate for most commercial applications.

The user volume contains a folder called My Documents where all data being saved on the key is stored. It is, however, possible to save data outside of the My Documents folder. All login files are on the token, which means that you can use it on any computer without having to install special software.

We found that updates to files stored on the token take a while — a problem Authenex acknowledges — but the implication is that this is an MS Windows failure. The A-Key recognises when the host computer is going to sleep (standby or hibernation) and logs the user off automatically.

Authenex A-Key 4000 comes with an administration program that the user or the administrator installs on the computer to be used to administer the key.

We do not recommend the A-Key for large enterprises because it cannot be centrally administered over the network.

The only way to administer the key in an enterprise is to prepare the key, at the help desk perhaps, and then distribute it to the user. The user can then change the password, leaving the administrator password for the administrator to manage. For small enterprises, this is acceptable, but for large ones it is awkward.

Therefore, if there is encrypted critical data on the key and the employee leaves the organisation, you can retrieve the encrypted data if you have the administrator password. Since there is no centralized administration, you must access the key physically. Again, for small enterprises, this is acceptable.

Support is good in the context of the A-Key and, although you must register, support comes with the product. However, all support is via the website. The A-Key carries a one-year warranty and Authenex will replace it if it is defective.

securityusb