You’ve probably heard that you need to overwrite a drive multiple times to make the data unrecoverable. Many disk-wiping utilities offer multiple-pass wipes. This is an urban legend – you only need to wipe a drive once.
Wiping refers to overwriting a drive with all 0’s, all 1’s, or random data. It’s important to wipe a drive once before disposing of it to make your data unrecoverable, but additional wipes offer a false sense of security.
How to Geek explains why you only have to wipe a drive once to erase it.
To understand why the Gutmann method isn’t necessary for all drives, it’s important to note that the paper and method were designed in 1996, when older hard drive technology was in use. The 35-pass Gutmann method was designed to wipe data from any type of drive, no matter what type of drive it was – everything from current hard disk technology in 1996 to ancient hard disk technology.
As a Mac Genius, one of the things that used to bother me most, was customers who insisted the defective hard drives on their computers be wiped multiple times before being returned to Apple. What a waste of time watching a bunch of machines wipe their data 35 times when a single pass would do the job. Today the answer is clear, either protect your data with whole disk encryption like FileVault 2, or destroy the drive.1
Do to the consumable nature of flash storage, no SSD should ever be subjected to multiple wipes. In fact the very wear leveling techniques designed to protect SSDs can render the destruction of data by overwriting zeros useless if sensitive data has been written on a block that has already been retired. The only way to protect an SSD is to encrypt it prior to saving your sensitive data.