John Dalesandro

Security through Obsolescence: Are Old Floppy Disks Secure?

AI generated picture of floppy disks.
Even AI doesn’t quite know what 3½-inch floppy disks look like.

In an episode of White Collar called “Uncontrolled Variables”, a company uses 8-inch floppy disks to store sensitive information. The idea is that these disks and their file formats are so outdated that no one could access the data. While it makes for an entertaining episode, I wouldn’t rely on this method for security.

Back in the real world, I found a box of 3½-inch floppy disks that had been untouched for nearly 30 years. Their labels had been crossed out and rewritten multiple times. Did I really want to dig into a disk labeled “MS-DOS 6.0 Backup 7 of 16”? I couldn’t trust the labels, and I worried that some files might still contain sensitive information.

Photo of a pile of 3½-inch floppy disks.
Real stack of 3½-inch floppy disks.

No problem, right? I’d just pop the disks into my computer — except I hadn’t installed a floppy drive. My laptop didn’t have one either. Hmm… Maybe I could use the disks to play dominoes? (I tried. They wouldn’t stand up.) Fortunately, external 3½-inch floppy drives are still available online at a reasonable price. I ordered one and got to work.

The first problem was solved, but another emerged. Most files were over 30 years old (unsurprising, given how long the disks sat untouched). Also, I was amazed by how much data fit on a single 1.44MB disk. Luckily, many files were in a version of WordPerfect that Microsoft Word could still read. Others required inspecting the binary data to identify their format — especially since some lacked file extensions or had nonsensical ones. Fortunately, I found tools online to convert them to modern formats. Surprisingly, most disks were still readable, with only a few containing inaccessible files.

After this experience, I definitely wouldn’t use 3½-inch disks as a security measure like in White Collar. They’re still too accessible. Maybe 8-inch disks offer more obscurity, but I’ll stick to physically secured, offline encrypted drives.