Published on October 16th, 2019 📆 | 6972 Views ⚑0
NordLocker Review & Rating | PCMag.com
Imagine this. A thief steals your unlocked laptop while her partner distracts you. She whisks it away to a secure location, making sure not to let it sleep or lock. She digs into your sensitive files…and hits a wall, because you’ve protected them with powerful encryption. When your files are encrypted, even physical theft of the computer can’t expose them. NordLocker adeptly handles encrypting your files on your Windows or macOS devices. It’s slick and easy to use, but lacks a few features that would make it even better.
If the name seems familiar, it’s because this product comes from the same folks who make NordVPN, an Editors’ Choice among VPNs. NordLocker protects your files while they reside on your computer (or your cloud storage) while NordVPN keeps your data safe as you traverse the internet.
NordLocker costs $8 per month or $59.88 per year. That subscription model, typical for antivirus and security suite products, is a little uncommon in the encryption world. Cryptainer, Cypherix SecureIT, Folder Lock, CryptoForge, and others go for a one-time fee, and they all cost less than a year of NordLocker. You pay for CertainSafe by subscription, but that’s because it maintains an army of secure servers for its cloud storage. So why is NordLocker subscription-based? My contact at the company declined to explain, saying, “I’m very sorry, but we consider pricing as our commercial secret and I cannot provide you with more details on the topic.” Intriguing!
You can get NordLocker for free, if you’re willing to accept a 5GB limit on your encrypted files. That’s important, because if you want to share your encrypted files, the recipient must set up a free account. Free users have access to all features of the program, subject to that limit on the amount of encrypted data.
What Is Encryption?
Since communication has existed, people have wanted to communicate in secret. Simple substitution ciphers go back to the days of the Romans, and before. Such ciphers are easy to crack using techniques like checking letter frequency and looking for common patterns. More recent, but also historical, is the one-time pad, an encryption system that’s totally uncrackable. No, really!
The concept is simple. You and your associate both have access to a random, unique key that’s at least the length of the message to be encrypted. You use a simple, reversible https:/www.pcmag.com/encyclopedia/term/55074/xor” target=”_blank”>XOR algorithm to combine the message with the key, then send the encrypted message. Your associate applies the key again to decrypt the message. And then—this is important—you both destroy the key. Picture tearing the top sheet from a pad of keys and burning it. For the next message, you use the next key.
With each key unique and at least the length of the plaintext, there’s no analysis that could discern letter frequency, or find common patterns. It’s truly uncrackable. And it’s a pain in the neck to implement.
In the modern world, we need encryption that can be applied rapidly and efficiently. It doesn’t have to be impossible to crack; it just has to be so difficult that it can’t be done in a reasonable time. That describes the official encryption algorithm of the US Government, Advanced Encryption Standard (AES). Bruce Schneier’s Blowfish algorithm is another much-used and hard-to-crack method.
Getting Started With NordLocker
You can rest assured that NordLocker uses top-notch encryption, specifically AES256, supported by a whole alphabet soup of technology to smooth and secure the process. You don’t have to know what Argon2, XChaCha20, or ECC are, fortunately. NordLocker is super easy to use.
Most of the products we’ve reviewed either rely strictly on AES256 or offer it as an option. Intercrypto’s Advanced Encryption Package lets you choose from AES or 16 other encryption algorithms, which may leave your head spinning. AxCrypt relies on AES for encryption, and uses public key cryptography for secure sharing.
To start, you create a NordLocker account and then separately create a master password to protect your encrypted files. To continue, you must check a box that says you realize forgetting the password will lock you out of all your files. Unlike AxCrypt Premium, Folder Lock, and several others I’ve reviewed, NordLocker doesn’t rate the strength of the password you choose.
Just when you’re shaking in your boots with fear that you’ll forget the master, NordLocker comes through with a backup plan. It creates a 25-character recovery key, composed of numbers and capital letters, and advises you to store it in a safe place. I’d suggest printing it out and putting it in your fireproof lockbox. You do have a fireproof lockbox, don’t you? The FAQ says this feature isn’t available yet, but I used it successfully. Note that if you simply want to change your master password, perhaps to make it more secure, you use this same recovery process.
Next you choose your locker’s location, which defaults to the Documents folder. You can also try to disguise the file with an innocuous name like “Grocery List” or such, but the file extension “.locker” gives it away. That’s it. Your locker is ready to use.
Based on my experience, I thought that NordLocker could just create a single main locker. A promised screen with a Create New button never appeared for me. I did eventually learn that creating additional lockers is as easy as right-clicking in a folder, choosing New, and choosing NordLocker container. When I looked at NordLocker on macOS, I found the elusive Create New button.
By contrast, CertainSafe Digital Safety Deposit Box does create a single secure container for your files. However, CertainSafe always stores your data in the cloud, separating it into many parts that live on different servers. A hacker who totally pwned one of those servers wouldn’t get your data, just disjointed parts of it.
Folder Lock, Steganos Safe, Cryptainer, and CryptoExpert also can create encrypted storage folders. Folder Lock, Steganos, and CryptoExpert create multiple containers that look like drives or folders when open. Cryptainer treats the first volume you create as primary, requiring you to remember the filenames for secondary volumes.
NordLocker does have a kind of container hierarchy like Cypherix Cryptainer PE. You can create your primary containers locally, and share whole containers, but you can also export specific files and folders into separate secondary containers. You can transmit a shared exported locker using any means available, from email to strapping a USB drive on your homing pigeon. More about sharing below.
Files in the Locker
With most of the tools that create encrypted containers, an open container behaves precisely like any other drive or folder. You can move files into and out of the container, edit them in place, create new files, and do pretty much anything you’d do with any other folder.
NordLocker works differently. You can drag files or folders into the locker, but even if you right-drag, it always makes a copy; you can’t move a file into the locker. There’s a button to add files or folders; this, too, makes a copy. At least that’s true on Windows; NordLocker on the Mac gives you a choice of move or copy.
In truth, copying your data into encrypted storage is generally a good thing. Why? Because you can follow up that action by applying secure deletion to the unprotected original. That ensures that even a forensic recovery expert can’t see what you don’t want seen. AxCrypt, Folder Lock, InterCrypto Advanced Encryption Package, CryptoForge, Steganos, and SecureIT all have a built-in secure deletion tool.
Secure deletion is a feature I’d really like to see in NordLocker, but I’m not sure it will happen. Company representatives stated they feel it isn’t necessary. I’m guessing this comes from a macOS-centric view
With most encrypted container systems, taking a file out of the locker is a simple matter of moving or copying it to another folder. Not so NordLocker. If you want a plaintext version of an encrypted file, you right-click it and choose Export decrypted. It’s a bit different, but it’s easy to get used to.
There are two ways to share your NordLocker secret files. The first is to give another user full access to one of your lockers. You do so by clicking Manage Access in the main window and supplying the recipient’s email address. If the person you’re adding doesn’t already have a NordLocker account, the utility sends an email with an invitation to create a free account. Naturally this full-sharing mode requires that you both have access to the location where the locker resides, such as a folder synced to cloud storage.
You can also select one or more files or folders and share just those items. After making your selection, you click the Create Locker to Share button and save the resulting exported locker using whatever filename you like. After creating the locker, you identify the recipient; as before the recipient needs a NordLocker account. At this point, you transmit the file using whatever means you prefer.
With many competing encryption products, you share an encrypted container and send the decryption password via some other route, perhaps emailing the container and texting the password. That does mean that anybody who intercepts both can access your secrets. With NordLocker, there’s no password to share. Because you gave access, the recipient simply logs into NordLocker and opens the locker. For the authorized person, it’s a breeze, but a data thief can’t get a toehold.
What’s Not Here
It’s not very likely that a malefactor could steal your encrypted data and somehow also capture your master password, but it’s conceivable. Some competing products ramp up security using two-factor authentication. That means that in addition to the password (something you know), they require either something you have, such as an authenticator app, or something you are, such as a fingerprint.
With Steganos Safe, you use Google Authenticator or any compatible Time-based One-time Password (TOTP) app for the second factor. With CryptoExpert, you configure any USB drive to act as the second factor.
CertainSafe uses a kind of two-way handshake when you log in to your encrypted cloud storage. First you authenticate yourself to the site, and then the site authenticates itself to you by displaying a preselected image and quote. NordLocker doesn’t offer two-factor authentication at this time, so you’d better make sure you use a strong master password (and you might want to use a password manager to remember it for you). As noted, if you want to upgrade to a stronger master password, you use the recovery key to initiate the change.
The point of encrypting files is to prevent unauthorized access, but locking up encrypted copies is pointless if you leave the unsecured originals lying around. Just deleting them isn’t enough, since they go to the Recycle Bin. And even if you bypass the recycle bin, forensic software can often recover the data. The only safe solution is to overwrite the data before deletion. Many competing products, among them AxCrypt, Folder Lock, and Ranquel Technologies CryptoForge, offer a secure deletion tool for this purpose; NordLocker does not.
An Impressive Debut
NordVPN is a PCMag Editors’ Choice in the VPN realm, which lends a certain brilliance to NordLocker. NordLocker offers a straightforward way to protect your most sensitive files using encryption, yet easily share them when necessary. Its subscription is expensive, though, especially in a field where many competitors charge a one-time fee. And it lacks some important features, notably secure deletion and two-factor authentication. But this is a brand-new product; there’s plenty of time for new features to evolve.
For now, we’ve identified three Editors’ Choice encryption products. AxCrypt Premium, like NordLocker, is extremely easy to use, and it uses public key cryptography for its secure sharing. CertainSafe Digital Safety Deposit Box relies on patented technology that scatters your data across multiple encrypted servers. And Folder Lock offers a broad selection of encryption modes and features, among them self-decrypting files, encrypted cloud storage, and an encrypted wallet for your credit cards.