Story image

Review: Locker Password Security

18 Oct 2013

There’s a million password security and token systems out there, what makes Locker an RSA killer?

In the last week both my Twitter and Pinterest profiles have been hacked. I’m one of the users who’s info appears to have been obtained via the recent attack on Adobe.

I’m a geek and my passwords are 13 characters, but I fell foul of the single password problem. It doesn’t matter how long your password is, if you use the same one or a variation on the same password, you are easy prey to spammers.

When companies get hacked and data is obtained, they’re not after your credit card details, they’re after your email and password. You are your brand and you’re worth a lot to them.

According to Forbes, the average value of a social media user is approximately US$100. If a hacker gains access to multiple user’s social media accounts, the value of using them as a marketing tool is massive. Luckily, social media accounts are hacked by spammers who post rubbish that’s easily spotted.

Your brand is massively important. What if someone had access to your account and posted links to a related product? You’d be pushing your users to their product and you may not even know. This could be catastrophic for your brand.

As a company, who has the keys to your social media accounts? Is it one person or many?Is it someone who updates it from home? Imagine a disgruntled ex employee who still has access to your social media page. Anyone remember HMV? Protecting your employee’s passwords to their social media page is as important as yours if you use social media.

Locker is a product by innovative Kiwi company Optimizer that aims to solve the problem for personal users and companies.

It’s a true two factor secure locker that stores not just passwords, but any data you want kept from prying eyes. It creates long massively secure passwords (not just letters, but numbers and symbols).

There’s a lot of companies that do password security, but they’re not proper two factor and someone with a little bit of skill could easily hack.

Locker Personal is a set of two solid metal USB ‘keys’ that you setup, lock one away and put the other on your keychain. That way it’s always with you. You download the Locker application, install the browser extension and you’re ready to go.

So what’s the difference? Well Locker requires not just the key plugged in, but also the passphrase that you create. A lot of password managers use a passphrase, but that’s only one point of security. With Locker, you require the physical key as well. True two-factor security!

Don’t worry if you lose it or it gets stolen, no one can access your information without your passphrase. Lots of other systems (inc Google) recommend SMS as the second factor, but that’s pretty easy to get around ;) As Locker securely stores your passwords (they can’t even access them), you can recover your passwords with the backup key.

But as a business, what use is that for you? Locker offer an Enterprise version. This is a physical server stored in your data centre providing you your own encrypted private cloud. You provide a key to each of your users. It works with your existing permissions to give access to users on your terms. If they leave, you can kill the key remotely.

Gone are the days of RSA keys, USB security tokens are where it is heading. But here’s where they have their flaw just as much as RSA keys. They require an application running on a VM in your data centre. If they’ve got access to your network, they’ll have the skills to access your VMs. If major Universities can be hacked, why would your business be any different?

Locker takes a different approach. With a 1U physical server in your data centre, if someone wants to access it, they’ll need to have the physical master key and plug it into the server. That’s some James Bond or Ethan Hunt stuff right there!

Pros:

  • Personal version securely stores passwords, credit card details etc
  • Enterprise version stores passwords, documents and data in your company’s server
  • Remote recovery and killswitch
Cons:
  • Physical access to server required, but is that a con?
Summary:

Locker stores your important documents and data in your own encrypted cloud and can back it up to a secure private cloud here in NZ.

As a business in today’s security conscious environment, it’s a no brainer. If you’ve got data you want securely kept away from prying eyes then you seriously need to consider Locker.

If you’re C-Level or above, ask yourself this question. How much do you value your IP or brand? Locker provides an answer that’s ideal for NZ businesses. You get to keep your IP secure and for backup, where would you rather it be, USA or NZ?

Score: 4.5 / 5

Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Apple launches revamped iPad Air & iPad mini
Apple loves tinkering with its existing product lines and coming up with new ways to make things more powerful – and both the iPad Air and iPad mini seem to be no exception.
Epson innovations and Mercedes-AMG Petronas Motorsport
The world’s greatest motorsport event, the Formula One Grand Prix World Championship, descended on Melbourne’s Albert Park over the weekend for the first race of the 2019 season.
Tesla unveils the Model Y SUV
After much anticipation, Tesla unveiled the Model Y last week – a vehicle that is described as an all-electric, mid-size SUV that can seat seven adults – and the vehicle has a glass roof.
Preparation for Tokyo 2020 Olympics begins - with robots
The Tokyo 2020 Olympic Games are quickly approaching, but it won’t just be a sea of athletes and sports fans – now robots will make up a significant part of the fan experience.
Updated: NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
How AI could warn civilians before a volcanic eruption
Advance monitoring could lead to better disaster planning and evacuation warnings in the event of an eruption.
Facebook launches dedicated home for its Gaming
"All of our work on the Facebook Gaming team adds up to helping build the world's gaming community."