Why a USB stick isn't for important data
USB sticks use the same NAND flash as SSDs, but with several critical differences that make them unreliable as primary storage:
- Very basic controller: no robust wear-leveling, no advanced error correction, no protection against power loss mid-write.
- Low-quality NAND: consumer USBs typically use discarded QLC or TLC — chips that didn't pass SSD quality control but work fine for USB. Far fewer write cycles.
- No safe-eject protection: pulling without "ejecting" mid-write can corrupt the entire file table. Happens daily.
- Frequent physical damage: dropped, soaked, left in pockets going through the wash, broken connectors. A USB is a pocket device, exposed.
- Data loss from inactivity: like any flash, cells lose charge over time. A USB stored in a drawer can lose data in 1-2 years of inactivity.
- Heat: left in the sun or car, high temperatures accelerate cell deterioration.
- Massive counterfeits: the market is flooded with USBs claiming 128/256/512 GB but with only 8 or 16 GB real — first 8 GB write fine, the rest "save" but don't read back.
This doesn't mean they're bad — it means they're designed to transfer information, not to store it.
The most common bad practices I see
1. "Everything's on the boss's USB"
Accounting, contracts, client photos, product database — all on a single stick that goes back and forth in a pocket. The day it's lost or breaks (matter of time), the business loses months or years of data with no backup.
2. "I back up to the USB"
Calling "backup" to a single copy on a USB plugged into the same PC is a misnomer. If ransomware hits, it encrypts both. If the USB fails, there's ONE less copy. Real backup needs 3-2-1 — see Backups, ransomware and business continuity.
3. "I take office files home on USB"
Dangerous for two reasons: device loss (company data on the street) and bidirectional infection vector. The USB you plug at home can carry malware that enters the office network the next morning.
4. "I install client software from my USB"
When a technician goes client-to-client with the same USB, that USB passes through every PC in the neighborhood. Ideal malware propagation vector. Solution: write-only USB or burn image every time.
5. "I keep WiFi and Office passwords on the USB"
Sensitive information unencrypted. Lose the USB, anyone reads plain text. For credentials, use a password manager — see IT security best practices.
6. "I bought a 1 TB USB for $10 on a marketplace"
If it sounds too cheap, it's fake. Real 1 TB chips cost more than that in components alone. How to detect them: below.
What USBs ARE good for
- Occasional transfer between offline PCs (install drivers, move a file, carry a presentation).
- Boot media for OS installation (Ventoy, Rufus) or diagnostic tools (Hiren's Boot, MemTest, Clonezilla).
- Recovery media for Windows or BIOS updates.
- Physical software distribution to clients who can't download (signed installers).
- In-transit storage with a backup elsewhere — never as sole copy.
- License/authentication key (YubiKey, FIDO2 keys, software dongles).
How to use a USB right when you must
- Never as the only copy. What's on the USB is also somewhere else (PC, NAS, cloud).
- Eject before removing. Windows: right-click "Eject". macOS/Linux: drag to ejector.
- Encrypt if it carries sensitive data. BitLocker To Go (Windows Pro), VeraCrypt (free cross-platform) or Apple FileVault for Mac.
- Physically label what's inside and whose it is. Anonymous USBs get lost or end up in wrong USBs.
- Scan with antivirus before opening content from a USB that isn't yours.
- Replace every 2-3 years of intensive use. Don't wait for it to fail.
- Technical use: Ventoy with multiple ISOs on a quality USB, not the first cheap one you find.
Which USB to buy — brands and models
USB quality varies enormously by price. Paying US$ 5 extra for a serious brand is the difference between 5 years of use and 6 months.
| Category | Recommended brands | For what |
|---|---|---|
| General quality use | SanDisk Ultra, Kingston DataTraveler, Samsung Bar Plus, Lexar JumpDrive | Daily transfer, presentations, typical files |
| High performance | SanDisk Extreme Pro, Samsung Bar Plus 400 MB/s, Kingston DataTraveler Max | Video editing, heavy files, fast boot |
| Industrial / rugged | Corsair Survivor, SanDisk Cruzer Glide IP67, Kingston IronKey | Field, industrial work, shock and water |
| Hardware encrypted | Kingston IronKey D300/D500, Apricorn Aegis Secure Key | Sensitive data, compliance, regulated sectors |
| Boot / OS install | SanDisk Ultra Fit (tiny), Samsung Fit Plus | Discreet, stays permanently in port |
| FIDO2 / 2FA keys | YubiKey 5, Google Titan, Token2 | Secure auth, not for data |
What I avoid: unknown brands, promo/giveaway USBs, USBs with suspiciously high capacity at low prices, USBs without original packaging.
How to detect counterfeit USBs
USB fraud is industrial. China produces millions of USBs with small chips programmed to report huge capacities. When you fill the USB, data overwrites in a loop over the real space — you lose everything past the actual limit without warning.
Signs before buying
- Price: a legitimate 256 GB USB runs US$ 25-50. If you see it at US$ 8, it's guaranteed fake.
- Seller: known physical store, authorized distributor, Amazon "Sold by X and shipped by Amazon" — avoid marketplaces without verifiable reputation.
- Original packaging: sealed blister, printed serial, QR code from manufacturer for verification. If it comes in generic plastic bag, suspect.
- Logo and typography: fakes often have small errors in the logo, text alignment or model spelling.
- Weight and finish: legitimate USBs have consistent weight, clean soldering and firmly nickeled USB connector tabs.
How to verify real capacity after purchase
Before trusting important data to a new USB, validate real capacity with one of these tools:
- H2testw (Windows, free) — writes data across all reported space and verifies it reads back. If the USB is fake, the report details where it failed.
- F3 (Fight Flash Fraud) (Linux, macOS) — open source H2testw equivalent. Command:
f3write /media/usb && f3read /media/usb. - FakeFlashTest (Windows) — fast version, writes samples at different points of reported space.
- ValiDrive (Windows) — free GRC tool, quick validation without writing everything.
Takes 1-2 hours with a 64 GB USB, but it's the only way to know with certainty you got what you paid for. Do this always with new USBs — especially promo and cheap ones.
If you copy files and it "finishes" fast, but opening some files shows them corrupt or empty, it's almost certainly fake. If formatting "leaves" the USB with less capacity than advertised, fake. If Windows reports write errors past a certain amount, suspect.
If you already have important data on a USB
To avoid that being the only place it exists:
- Copy to another medium immediately. NAS, external disk, cloud (Nextcloud, Google Drive, OneDrive, Backblaze).
- Validate the USB with H2testw or F3 — before continuing to trust it.
- If it has symptoms: read errors, files appearing/disappearing, extreme delay opening folders — get the data out NOW before it dies completely.
- Encrypt content if it will keep traveling with sensitive data.
- Replace it with a known-brand unit and treat the replacement as "passing-through memory", not final destination.
Better alternatives than USB for different scenarios
| Scenario | Best option |
|---|---|
| Transfer between office PCs | Shared network folder on NAS or server |
| Working from home | VPN to office, personal Nextcloud or serious cloud service |
| Critical data backup | NAS + offsite cloud (3-2-1 rule) |
| Carry work between places | Portable SSD (Samsung T7, SanDisk Extreme) or external USB disk |
| Share large file with client | WeTransfer, Filemail, Nextcloud Talk, Send Anywhere |
| Permanent historical archive | Disconnected HDD vaulted in safe place + cloud copy |
| Boot and OS install | Brand-name USB dedicated to that role |
The mental rule I use
"If losing the information on this USB tomorrow would hurt, it shouldn't be ONLY on this USB."
If the answer is "yes it would hurt", the data goes to at least two places — one not being the USB. If the answer is "I don't care", the USB is the right tool.
Need storage or backup advice?
If you handle important data on USBs, spreadsheets lost in old emails, or have no clear backup plan, tell me what you have and I'll build a storage and backup plan that fits your volume and budget.