FutureFive New Zealand - Consumer technology news & reviews from the future
Story image
Review: Locker Password Security
Fri, 18th Oct 2013
FYI, this story is more than a year old

There’s a million password security and token systems out there, what makes Locker an RSA killer?

In the last week both my Twitter and Pinterest profiles have been hacked. I’m one of the users who’s info appears to have been obtained via the recent attack on Adobe.

I’m a geek and my passwords are 13 characters, but I fell foul of the single password problem. It doesn’t matter how long your password is, if you use the same one or a variation on the same password, you are easy prey to spammers.

When companies get hacked and data is obtained, they’re not after your credit card details, they’re after your email and password. You are your brand and you’re worth a lot to them.

According to Forbes, the average value of a social media user is approximately US$100. If a hacker gains access to multiple user’s social media accounts, the value of using them as a marketing tool is massive. Luckily, social media accounts are hacked by spammers who post rubbish that’s easily spotted.

Your brand is massively important. What if someone had access to your account and posted links to a related product? You’d be pushing your users to their product and you may not even know. This could be catastrophic for your brand.

As a company, who has the keys to your social media accounts? Is it one person or many?Is it someone who updates it from home? Imagine a disgruntled ex employee who still has access to your social media page. Anyone remember HMV? Protecting your employee’s passwords to their social media page is as important as yours if you use social media.

Locker is a product by innovative Kiwi company Optimizer that aims to solve the problem for personal users and companies.

It’s a true two factor secure locker that stores not just passwords, but any data you want kept from prying eyes. It creates long massively secure passwords (not just letters, but numbers and symbols).

There’s a lot of companies that do password security, but they’re not proper two factor and someone with a little bit of skill could easily hack.

Locker Personal is a set of two solid metal USB ‘keys’ that you setup, lock one away and put the other on your keychain. That way it’s always with you. You download the Locker application, install the browser extension and you’re ready to go.

So what’s the difference? Well Locker requires not just the key plugged in, but also the passphrase that you create. A lot of password managers use a passphrase, but that’s only one point of security. With Locker, you require the physical key as well. True two-factor security!

Don’t worry if you lose it or it gets stolen, no one can access your information without your passphrase. Lots of other systems (inc Google) recommend SMS as the second factor, but that’s pretty easy to get around ;) As Locker securely stores your passwords (they can’t even access them), you can recover your passwords with the backup key.

But as a business, what use is that for you? Locker offer an Enterprise version. This is a physical server stored in your data center providing you your own encrypted private cloud. You provide a key to each of your users. It works with your existing permissions to give access to users on your terms. If they leave, you can kill the key remotely.

Gone are the days of RSA keys, USB security tokens are where it is heading. But here’s where they have their flaw just as much as RSA keys. They require an application running on a VM in your data center. If they’ve got access to your network, they’ll have the skills to access your VMs. If major Universities can be hacked, why would your business be any different?

Locker takes a different approach. With a 1U physical server in your data center, if someone wants to access it, they’ll need to have the physical master key and plug it into the server. That’s some James Bond or Ethan Hunt stuff right there!

Pros:

  • Personal version securely stores passwords, credit card details etc
  • Enterprise version stores passwords, documents and data in your company’s server
  • Remote recovery and killswitch
Cons:
  • Physical access to server required, but is that a con?
Summary:

Locker stores your important documents and data in your own encrypted cloud and can back it up to a secure private cloud here in NZ.

As a business in today’s security conscious environment, it’s a no brainer. If you’ve got data you want securely kept away from prying eyes then you seriously need to consider Locker.

If you’re C-Level or above, ask yourself this question. How much do you value your IP or brand? Locker provides an answer that’s ideal for NZ businesses. You get to keep your IP secure and for backup, where would you rather it be, USA or NZ?

Score: 4.5 / 5