Originally developed as a file encryption tool, NordLocker has now grown into a cloud storage solution that encrypts files. This change has resulted in some inevitable hype around NordLocker, which got me curious. Is it really going to revolutionize my digital security?
After testing NordLocker’s features, I can honestly say that the hype is real. I easily encrypted my files, shared them with the people I wanted, and accessed them from any device without any hassle. It didn’t matter how big the files were either. However, I was a bit disappointed that it didn’t have an app for my smartphone.
But since NordLocker is developed by the same company that owns NordVPN, I’m confident that it’ll only improve over time. Please note that NordLocker won’t encrypt your internet traffic or protect your online privacy. For these purposes, you’ll need to use a VPN.
Security — Robust Security Protects Everything
NordLocker protected my private files with its world-class encryption tools. It’s also built using closed-source software and implements other measures, so I rate its security to be on par with other competitors like AxCrypt, Folder Lock, CryptoForge Steganos.
Zero-Knowledge Encryption and Master Password Protection
Your files are kept secure on NordLocker because of its end-to-end (zero-knowledge) encryption. End-to-end encryption works by encrypting files on your device, preventing anyone from accessing them — even NordLocker. Without the encryption keys, which can’t leave your device without being encrypted, no one can obtain your files.
The advanced ciphers and principles it uses are Argon2, AES-256 (for your files), and ECC (with XChaCha20, EdDSA, and Poly1305). Don’t fret if you don’t know what they are because they’re all implemented automatically, which means you don’t need to encrypt anything manually. It also relies on asymmetric cryptography, which means a public and private key are required for encryption and decryption.
Everything in your NordLocker is further protected by your master password, which is only known to you. The master password is the only way for people to access your NordLocker files without sharing them, so make sure it’s strong and be very careful if you choose to share it.
What I found surprising, though, was that it doesn’t have a two-factor authentication (2FA) system. A 2FA system would require you to have something additional to your password to protect your files, like a fingerprint or a verification text. But it’s highly unlikely that someone could steal your master password, so it’s not overly concerning.
Encrypted Cloud Storage and Closed-Source Software
Another aspect of NordLocker’s security is that it doesn’t make you use a centralized cloud server to store your encrypted files. This gives you more places to keep your encrypted files, such as your device, a memory stick, or a hard drive. Just note that if you want to access your files on another device, then you’ll need to store them on the cloud server.
It’s also worth mentioning that NordLocker is also a closed-source software, which prevents you from viewing its modifications. This means that you’ll need to trust that its encryption keys are secure.
However, it’s built using a code called GoCryptFS, which works by encrypting files individually instead of encrypting the entire locker as one. This allows greater efficiency and selection when encrypting/decrypting files. For example, I could edit a word document by decrypting the file in NordLocker without having to encrypt it again.
Since I have more control over what I can encrypt or decrypt at any given moment, I am not concerned that NordLocker is a closed-source software.
No Audits and Testing to Date
NordLocker has never had any third-party audits. However, I’m still comfortable with their security practices because of NordSec’s reputation. NordSec’s other products, NordVPN and NordPass, have had third-party audits confirming that they upheld their security and privacy practices. When I emailed NordSec, they said that an audit is due in the future, so expect one soon.
Also, NordLocker ran a hacking contest in April 2020 called the “NordLocker Bounty campaign.” To win the contest prize of $10,000, someone had to download an encrypted locker from NordLocker and successfully hack into it. After more than 600 attempts, no one could hack into an encrypted locker, which arguably demonstrates NordLocker’s high level of security.
In addition to encrypting files, I also shared them with other NordLocker users and integrated cloud services like Dropbox and Google Drive. However, its lack of smartphone compatibility was both disappointing and surprising to me.
You can synchronize your NordLocker files across different devices by using the NordLocker Cloud. All of your NordLocker files are stored in a “locker,” which is essentially a folder. A locker can be created on your computer or the NordLocker Cloud.
Once a locker is created in the NordLocker Cloud, you can access it from any device by installing the NordLocker desktop app and logging in. It means you don’t need to download files onto your device to work on them. A further advantage of NordLocker Cloud is that it saves you a lot of storage space on your computer.
However, you will need the internet to access files in your NordLocker Cloud. If you want to avoid such problems, then it’s best to download the file onto your device as a backup.
When syncing files, it’s also compatible with Google Drive and Dropbox. Syncing with either service is required to share your NordLocker folder unless you want to send a copy of your folder.
You can share your NordLocker folders (lockers) with other NordLocker users. Unfortunately, files on the NordLocker Cloud can’t be shared. To share a NordLocker folder, simply right-click on the folder and select “share locker.” From here, you just need to enter the email address of your recipient. If your recipient doesn’t have a NordLocker account, then they’ll get an invitation email to sign up for one.