Picture this. You’re sitting at a coffee shop, working remotely, at a safe distance from your fellow patrons. Behind you, another patron shrieks, having spilled a hot, hot coffee in her lap. You turn around, and when you turn back, your laptop is gone. The thief carefully keeps it slightly open, so it doesn’t shut down. Once well out of sight, she starts checking your sensitive files. And her reward is…nothing. Because you encrypted everything important. Hey, some stories have happy-ish endings. NordLocker makes encrypting your important files on your Windows or macOS devices simple. The new version 2.0 boasts an improved user interface and enhanced ease of use, but it still lacks a few features found in the competition.
If the name seems familiar, it’s because this product comes from the same company that makes NordVPN, a well-regarded VPN. NordLocker protects your files while they reside on your computer (or your cloud storage) while NordVPN keeps your data safe as it moves about the internet.
At $1.49 per month or $12 per year, NordLocker is far from expensive. Even so, an antivirus-style subscription model is uncommon in the world of encryption products. Cryptainer, Cypherix SecureIT, Folder Lock, CryptoForge, and others go for a one-time fee ranging from around $30 to around $60. The latter fee would pay for five years of NordLocker!
You do pay for CertainSafe Digital Safety Deposit Box by subscription, but that pays for the army of secure cloud storage servers the company maintains. So why is NordLocker subscription-based? My contact explained that the company maintains infrastructure required for important features such as sharing and password recovery. For example, when you want to share encrypted files, NordLocker must check whether the recipient has an account and proffer an invitation if not. The subscription also helps them keep up a relationship with customers, and ensure customers get the latest technology and features. A dollar a month seems reasonable.
You can get NordLocker for free, if you’re willing to accept a 2GB limit on your encrypted files. The existence of a free option is important, because if you want to share your encrypted files, the recipient must set up a free account. Free users have access to all features of the program, subject to that limit on the amount of data they can encrypt.
With version 2.0, the product’s user interface has seriously improved. Now you see all your lockers in a left-side list, with a simple button at the bottom to create a new locker. A sidebar on the right shows details of the selected locker, including its size and sharing status. If you’re using a free account, having the size clearly visible is a help. The middle of the window lists the contents of the selected locker. When you select a file, the right-hand sidebar switches to show file details, with a quick link to export a decrypted copy. Another pleasant enhancement is that you can now resize the main window.
What Is Encryption?
Let’s back up for a minute before we go into how Nordlocker does encryption and give a bit of background on what encryption is. Since communication has existed, people have wanted to communicate in secret. Simple substitution ciphers go back to the days of the Romans, and before. Such ciphers are easy to crack using techniques like checking letter frequency and looking for common patterns. More recent, but also historical, is the one-time pad, an encryption system that’s totally uncrackable. No, really!
The concept is simple. You and your associate both have access to a random, unique key that’s at least the length of the message to be encrypted. You use a simple, reversible XOR algorithm to combine the message with the key, then send the encrypted message. Your associate applies the key again to decrypt the message. And then—this is important—you both destroy the key. Picture tearing the top sheet from a pad of keys and burning it. For the next message, you use the next key.
With each key unique and at least the length of the plaintext, there’s no analysis that could discern letter frequency, or find common patterns. It’s truly uncrackable. It’s also a pain in the neck to implement.
In the modern world, we need encryption that can be applied rapidly and efficiently. It doesn’t have to be impossible to crack, just difficult enough that it can’t be done in a reasonable time. That describes the official encryption algorithm of the US Government, Advanced Encryption Standard (AES). Bruce Schneier’s Blowfish algorithm is another much-used and hard-to-crack method.
Getting Started With NordLocker
You can rest assured that NordLocker uses top-notch encryption, specifically AES256, supported by a whole alphabet soup of technology to smooth and secure the process. You don’t have to know what Argon2, XChaCha20, or ECC are, fortunately. NordLocker is super easy to use.
Most of the products we’ve reviewed either rely strictly on AES256 or offer it as an option. Intercrypto’s Advanced Encryption Package lets you choose from AES or 16 other encryption algorithms, which may leave your head spinning. AxCrypt relies on AES for encryption and uses public key cryptography for secure sharing. And with CryptoForge you can add up to four layers of encryption using different algorithms.
To start, you create a NordLocker account and then separately create a master password to protect your encrypted files. Unlike AxCrypt Premium, Folder Lock, and several others I’ve reviewed, NordLocker doesn’t rate the strength of the password you choose, though it does require a minimum of six characters. Do be sure to choose a strong master password, something that you can remember but that others couldn’t guess.
If you do manage to forget that master password, all is not lost. During setup, NordLocker creates a 25-character recovery key, composed of numbers and capital letters, and advises you to store it in a safe place. I’d suggest printing it out and putting it in your fireproof lockbox. You do have a fireproof lockbox, don’t you? Note that changing your master password, perhaps to make it more secure, requires use of this recovery key. To complete account creation, you must check a box acknowledging you’ve been warned that if you lose both the master password and the recovery key, you will be irrevocably locked out of your files.
Next, NordLocker walks you through a few pointers on how to use the product and the Intro and Personal folders that it created for you automatically.
Creating a new locker couldn’t be simpler. Just click the New locker button, enter a name, and choose your locker’s location, which defaults to a subfolder of the Documents folder. You can try to disguise the file with an innocuous name like “Grocery List” or such, but the file extension “.locker” gives it away. That’s it. Your locker is ready to use.
Using NordLocker to protect files is a snap. Just open the locker you want to use and drag files or folders into it. When you drag a file into a locker, you choose whether to copy it or move it. As you’ll see later, the more secure option is to copy the file and then securely delete the original. Unlike some competing products, NordLocker doesn’t include a built-in secure deletion tool.
CertainSafe, by contrast, create just one secure container for your files. You don’t get to choose different lockers for different types of files. However, CertainSafe always stores your data in the cloud, separating it into many parts that live on different servers. A hacker who totally pwned one of those servers wouldn’t get your data, just disjointed parts of it.
Folder Lock, Steganos Safe, Cryptainer, and CryptoExpert also can create encrypted storage folders. Folder Lock, Steganos, and CryptoExpert create multiple containers that look like drives or folders when open. Cryptainer treats the first volume you create as primary, requiring you to remember the filenames for secondary volumes.
Previously, NordLocker used a kind of container hierarchy, though not quite like that of Cypherix Cryptainer PE. To share individual files from a locker, you would create a secondary container just for those files. With the updated user interface, it’s totally simple to drag and drop or copy and paste files between lockers, so there’s no need for this hierarchy. Just collect the files you want to share in a folder and share it. More about sharing below.
Files in the Locker
With most of the tools that create encrypted containers, an open container behaves precisely like any other drive or folder. You can move files into and out of the container, edit them in place, create new files, and do pretty much anything you’d do with any other folder.
NordLocker works differently. You can drag files or folders into the locker, and it lets you choose whether to just copy the files or move them, which effectively copies them and then deletes the originals. Copying your data into encrypted storage is generally a good thing, because you can follow up that action by applying secure deletion to the unprotected original. That ensures that even a forensic recovery expert can’t see what you don’t want seen. AxCrypt, Folder Lock, Advanced Encryption Package, CryptoForge, Steganos, and SecureIT all have a built-in secure deletion tool.
Secure deletion is a feature I’d really like to see in NordLocker, but I’m not sure it will happen. Company representatives stated they feel it isn’t necessary.
With most encrypted container systems, taking a file out of the locker is a simple matter of moving or copying it to another folder. Not so NordLocker. If you want a plaintext version of an encrypted file, you right-click it and choose Export decrypted. It’s a bit different, but it’s easy to get used to. And you can double-click any file to edit it in place.
NordLocker’s sharing system gives another user full access to one of your lockers. If you don’t want to share everything, you just spin up a locker specific to the sharing task and copy files into it. Click Share locker in the main window, enter the recipient’s email address, and you’ve launched the process. If the person you’re adding doesn’t already have a NordLocker account, the utility sends an email with an invitation to create a free account.
One easy way to convey the shared locker to the recipient is by letting NordLocker access your Dropbox account. Once you’ve done that, you share by having NordLocker upload the locker and generate a sharing link that you transmit securely to the recipient. You can also choose to just open the shared locker’s location in Windows Explorer. From here you transmit a copy of the file representing the locker using any means available, from email to strapping a USB drive on your homing pigeon.
Either way, you’re not creating a shared space for you both to work in. Your recipient receives a copy of the locker, one that can’t be opened by anyone else. Changes made to the contents of the shared locker don’t percolate back to the original. If you want true sharing, you can create a locker in a shared cloud account. Now both you and the recipient have full access. I did find I had to log out and in again to see changes made by the other user.
With many competing encryption products, you share an encrypted container and send the decryption password via some other route, perhaps emailing the container and texting the password. That does mean that anybody who intercepts both can access your secrets. With NordLocker, there’s no password to share. NordLocker re-encrypts the locker to give the recipient access. The recipient simply logs into NordLocker and opens it. For the authorized person, it’s a breeze, but a data thief can’t get a toehold.
What’s Not Here
It’s not likely that a malefactor could steal your encrypted data and somehow also capture your master password, but it’s conceivable. Some competing products ramp up security using two-factor authentication. That means that in addition to the password (something you know), they require either something you have, such as an authenticator app, or something you are, such as a fingerprint.
With Steganos Safe, for example, you use Google Authenticator or any compatible Time-based One-time Password (TOTP) app for the second factor. With CryptoExpert, you configure any USB drive to act as the second factor.
CertainSafe uses a kind of two-way handshake when you log in to your encrypted cloud storage. First you authenticate yourself to the site, and then the site authenticates itself to you by displaying a preselected image and quote. NordLocker still doesn’t offer two-factor authentication, so you’d better make sure you use a strong master password (and you might want to use a password manager to remember it for you). As noted, if you want to upgrade to a stronger master password, you use the recovery key to initiate the change.
The point of encrypting files is to prevent unauthorized access, but locking up encrypted copies is pointless if you leave the unsecured originals lying around. Just deleting them isn’t enough, since they go to the Recycle Bin. And even if you bypass the recycle bin, forensic software can often recover the data. The only safe solution is to overwrite the data before deletion. Many competing products, among them AxCrypt, Folder Lock, and CryptoForge, offer a secure deletion tool for this purpose; NordLocker does not.
NordLocker offers a simple way to protect your most sensitive files using encryption, yet easily share them when necessary. In a field where many competitors just charge a one-time fee, NordLocker’s subscription model is slightly unusual, but at $12 per year its not expensive. We’re pleased with the well-considered user interface improvements in version 2.0. We’d still like to see two-factor authentication and secure deletion as options, but we can understand the company’s reluctance to add features that might be daunting for non-techie users.
AxCrypt Premium, like NordLocker, is extremely easy to use, and it relies on public key cryptography for its secure sharing. CertainSafe Digital Safety Deposit Box boasts patented technology that scatters your data across multiple encrypted servers. And Folder Lock offers a broad selection of encryption modes and features, among them self-decrypting files, encrypted cloud storage, and an encrypted wallet for your credit cards. These three rather different products are our Editors’ Choice picks for encryption.