Apricorn Aegis Fortress L3 2TB External SSD Review – Top Level Data Security Hands Down

If you have been following us for awhile, you might remember our review of the Apricorn Aegis Secure Key 3 flash drive that we did back in August of 2016.  Back then, any flash drive at 480GB was something to get your hands on, much less one that would also qualify as one of the most secure flash drives worldwide.  If I were to speak to the quality of the Secure Key 3, it has been in my pocket and in use on a daily basis for the last 2 years and 8 months.  It definitely qualifies as the longest  single tech product I have ever held on to this long…and it is still going strong.

So today, we are upping the game with our report of the Apricorn Aegis Fortress L3 2TB external SSD and I have to say right off, this feels as comfortable in my hands as the Secure Key 3 does.  To start right at the basic build of this device, it is constructed of a single CNC machined chunk of 6061 aircraft grade aluminum alloy cut into two pieces that are fastened together with four snap-off uni-directional security fasteners, and those fasteners then covered with a hardened epoxy thread lock.

In simple terms, there is no physical access to the components within the Fortress L3 by even the company themselves.  It is that secure. The keypad of the L3 is constructed of a durable polymer rendering the device water and dust resistant.  

The Apricorn Aegis Fortress L3 is now available in hard drive capacities of 500GB to 5TB while SSD versions are available in 512GB to 4TB capacities with the possibility of increased 8 and 16TB capacities in the future.  The L3 contains the SanDisk X600 2TB SSD inside, this SSD being built on SanDisks own 64-layer 3D NAND flash memory.  While the SSD itself has AES 256-bit XTS encryption, the Fortress L3 meets NIST FIPS 140-2 Level 3 requirements, making it one of the most secure hand held data devices in the world. Check Amazon pricing.

Inside the Fortress L3 packaging, we find the Fortress L3 itself, a travel pouch, feature sheet, Quick Start Guide and two USB 3.1 cables, the first being USB3.1 to USB 3.1 and the second being USB 3.1 to USB Type-C.  Security is paramount in this device and there is no software setup whatsoever, the unit is set up directly from the keypad as an admin or user.  The first requirement in starting it for the first time is a ‘Forced Enrollment’ where the user is required to create an admin and/or user pin that must be a minimum of 7 letters.  You can increase this to a higher number for added security, however, there is no factory pre-set pin to rely on.

Once you have set up your password and the L3 is unlocked, information can be stored or retrieved and all data is encrypted on-the-fly.  Other features include making the drive read only, activating auto-lock for 5, 10 or 20 minutes, creating a one time user pin, as well as having a lock override that enables the Fortress L3 to stay open during a system reboot or when passing the drive through a virtual machine.  The Fortress L3 is compatible with any Windows, Mac, Linux, Symbian or Android based system and also enables up to 4 single use data recovery pins where data can be restored should the user forget their pin.

Perhaps one of the most interesting, and comforting, features of the Apricorn Aegis Fortress L3 is its ability to shut down brute force attacks.  After three unsuccessful attempts of the pin, the device changes the time between subsequent attempts until the 10th attempt when the keypad locks down.  The admin has the ability on setup prior to this scenario to allow up to 10 subsequent attempts, but after that, all is lost.  All data on the device is crypto-erased and the devices encryption key erased, rendering it useless.  If that isn’t enough, there is also a ‘Last Resort Mode’ that allows the device owner to set a pin in the admin menu where input of that pin causes the device to delete all data, as well as erasing and creating a new encryption key.  True James Bond stuff.

4 comments

  1. One thing it lacks is physical security.

    Page 18 of the User Manual says:

    Performing a Complete Reset
    NOTE: A complete reset will erase encryption keys and PINs and leave the Aegis Fortress
    in an unformatted condition.
    There may be circumstances (forgotten PIN, redeployment, return to factory default
    settings) when you need to completely reset the drive. The complete reset feature will
    perform a crypto-erase on the drive, generate a new encryption key, delete all users, and
    return all of the settings to factory default.
    To perform a complete reset of the drive, perform the following:
    1. Press and hold ? + ? + 2 together for several seconds. The RED and BLUE LEDs
    will blink alternately.
    2. Release all buttons when the GREEN and RED LEDs glow steadily which will
    continue for several seconds, followed by the GREEN LED glowing steadily for
    several seconds, and then will be followed finally by the GREEN and BLUE LEDs
    glowing steadily, indicating that the reset is complete.
    3. A new Admin PIN will need to be entered and the drive will need to be reformatted.

    So you can steal it, erase it, reset it, and use it as if you had purchased it yourself (minus the Warranty).

    • we actually talk about this now and then. and yeah that’s true. and it’s true for most other manufacturers who don’t have a device management console or a software component. we thought about it a lot and opted to stick with a non managed system to allow us to lock down the firmware and eliminate update opportunities because that’s a malware vulnerability occurs and also, it’s hackable. the real concern that we focus on is the security of your data on the drive. when the average data breach cost gets up over 3 million in damages and fines, we figure you’d rather be out a few hundred bucks in the loss of the drive itself and get another one.

      • Thank you for jumping in Apricorn.

      • Couldn’t the first key entered be the ‘user lock’ for the drive, unneeded until next time a complete reset is performed?

        After a complete reset one would have to enter the first key ever used, otherwise it would be a brick.

        Another method would be a peel-off sticker unrelated to the serial number which contains the key to use.

        Some of the drives are more than a few hundred dollars and while some might steal it thinking it had value those in the know would understand that the only “value” would be to cause concern and deprive the user of the data (which could cost thousands of dollars).

        It’s like leaving your vehicle unlocked so the thief doesn’t confront you in the parking lot and take your keys – instead all vehicles have locks (some encrypted) and most people lock their cars, car jackings are infrequent (plus there’s OnStar and LoJack, no suggestion that you add it).

        Thanks for answering, all the same.

Leave a Reply

Your email address will not be published. Required fields are marked *