A few months ago, Joshua reviewed the iTwin — an interesting device ($99) which when plugged into a computer, automatically creates an unlimited and secure file sharing network. Now, the iTwin has been updated to include SecureBox, an encryption feature which utilises Dropbox.
We’ll take you through iTwin SecureBox and show you exactly how it works. We’re also giving away 5 iTwins at the end of this review! So if you’re into file security and encryption, or if you’re someone who values privacy, you won’t want to miss this giveaway.
What is an iTwin?
Although my colleague Joshua Lockhart published an extensive review on the iTwin, I’ll briefly go over its features again, just to help you understand what it actually does. Basically, the iTwin [NO LONGER AVAILABLE] is a coupled USB hardware key — it’s made up of two halves, joined together in the middle. No data is stored on the iTwin, it merely helps to create an instant, configuration-free, secure file sharing or remote access connection between the two halves of the device when connected to two different computers. So the idea is to plug one end of the iTwin into one PC, load it up, then break off the second half and plug that into another computer and instantly share files between the two computers.
The file sharing connection/network created by the iTwin is virtually unlimited, so you can share as many files necessary without having to worry about storage limits. Shared files remain on the host computer and nothing is stored on third-party servers. In addition to that, the iTwin encrypts all data before performing any transfers. In theory, using an iTwin is more secure than utilising any cloud storage or file sharing service available online because both halves of the iTwin are required to initiate the file sharing connection. But is it perfect? Short answer: No, and I shall explain the caveats towards the end of this review.
SecureBox is a new feature implemented by the iTwin developers which utilises Dropbox in order to provide seamless file encryption, using either half of the iTwin as the access key. So the function of SecureBox is not file sharing per se, but rather securing online/cloud storage via Dropbox. If you’re thinking that the iTwin SecureBox can encrypt every existing file in your Dropbox folder, I’m afraid I’m going to have to disappoint you. Instead, SecureBox merely utilises Dropbox as a form of syncing, the encryption/decryption process is handled by the iTwin device and client, which you’ll have to download and install before the iTwin can be used. We’ll go through the process now.
Very simply, think of SecureBox as a virtual briefcase in conjunction with Dropbox, and the iTwin device is the key.
The first step is to initialise the iTwin device and install the client, and this is done by plugging either end of the iTwin (both halves must be connected) into any USB port on a Windows or Mac computer. On a Windows PC, the auto-installer will automatically run. On a Mac however, it needs to be manually launched in Finder. The installer requires an Internet connection in order to download the necessary files from the iTwin server.
Once the client is installed, the setup process begins. You will be prompted to name the iTwin device and set a password. Once this process is complete, the iTwin will be fully initiated and can then be used to securely access and share files between 2 computers using both halves of the device. However, this review will focus on the new SecureBox feature. If you’re interested to learn more about iTwin’s file sharing features, please read Joshua’s review.
As mentioned earlier, in order to use SecureBox, you will need a Dropbox account. During the setup, you will be asked to associate your Dropbox account with the iTwin device in order to allow it to upload encrypted files to your Dropbox.
Once the setup is complete, a new folder entitled “iTwin Securebox (name of device)” will be created within your Dropbox folder. Be warned, you should not edit this folder directly. SecureBox uses this folder to store and sync encrypted files. Any direct manipulation will cause SecureBox to function improperly. To make life easier, it’s better to entirely forget that this folder exists (and don’t use it!).
Instead, you should really be more interested with the SecureBox drive that has just been created (bottom window in the screenshot below). It appears as a mounted drive, and every file that needs to be encrypted should be copied to the SecureBox. Drag and drop any file over the SecureBox window and it will automatically be copied, encrypted, and synced with Dropbox. Files which have been successfully encrypted are indicated by the lock icon. Subsequently, the encrypted version is copied to Dropbox (top window).
As I said, it’s better to forget that the companion folder in Dropbox even exists. However, I’d like to illustrate what happens in the background. When a file is added to the SecureBox, it is encrypted with an AES 256-bit encryption key stored in the iTwin device (hardware encryption), then the encrypted file is copied to the folder in Dropbox, which will sync with Dropbox’s servers. Your file is now encrypted and in the cloud. If anyone somehow manages to gain access to your Dropbox folder and tries to view the encrypted file, all they’ll see is gibberish.
So in essence, iTwin SecureBox combines the security of its 256-bit AES hardware encryption with the flexibility and accessibility of Dropbox. Not a bad combination altogether. And since it utilises Dropbox, it only makes sense that the encrypted files have to be completely uploaded before they can be accessed anywhere else. Otherwise, you’ll be prompted with this error message:
How secure is the iTwin SecureBox?
If you think about it, the iTwin uses a combination of security practises to protect your data. In order to access your files, first and foremost, you will need to physically be in possession of the iTwin (or one half of it). To use it though, you will also need to know the password created during the setup process before the client can be accessed. So even if your iTwin is stolen, your data will still be protected until your password is cracked. Rest assured, each iTwin device can be remotely disabled, so in the event of theft, simple disable the iTwin and your files remain secure.
Complete security, however, comes at a price — and the price in this case is convenience. Since the iTwin utilises hardware encryption, you will never be able to access your files on a mobile device e.g. tablet, smartphone because the iTwin client needs to run in order to decrypt your files.
I’ve also found the iTwin’s device to be lacklustre. The amount of exposed components is slightly worrying. Plus, there’s just no easy solution for transporting the iTwin. It doesn’t come with a case, nor does it provide a way to attach it to a keychain. I fear it will be quite easy to lose simply because it’s such a small device.
Should you buy the iTwin?
What I like about the iTwin is the fact that no data is stored on the device. So even if it gets lost or stolen, my data remains relatively safe. The iTwin provides a simple way to securely share sensitive files between 2 or more people, with zero configuration. Requiring a hardware key (the iTwin) makes the entire file sharing system more secure. SecureBox is a lovely addition to the iTwin and will be really handy if and when the device is redesigned. Otherwise, it’s just a hassle to carry around. The $99 price may be slightly too high for consumers, even after taking its features into consideration.
The iTwin is great in terms of functionality but is let down by poor design and a high price point.