Abstract: A device (100;120;140) and method (600) for storing encryption keys are provided. The device comprises: a first connector for connection to a computer, an internal memory (104); an input module (101); and an authentication module (103) for receiving user identification information, via the input module, from a user. The authentication module is configured to check received user identification information against stored user identification information stored on the internal memory to determine if a user is a valid user. A first data encryption key, DEK, is stored in encrypted form on the internal memory and is associated with the stored user identification information of a first plurality of user identities, and a second DEK is stored in encrypted form on the internal memory and is associated with the stored user identification information of a second, different, plurality of user identities.