NordVPN is currently rated as one of the best VPN providers around, despite some of its recent security concerns (read our NordVPN review for more on that). Tefincom, the company behind the VPN giant, is starting to branch out, though. Its first foray into other cybersecurity niches is with the NordLocker file encryption software.
In this NordLocker review, we’re going to see if the new kid on the block has the chops to stand up to established file encryption services. After spending some time with the application, we’re here to give you our thoughts on its features, pricing, ease of use, security, support and file sharing. At the end, we’ll conclude whether NordLocker is worth the price or not.
At its asking price, the answer is the ever ambiguous “maybe.” NordLocker demands a high price but makes the cost worth it. The interface and usability is second to none, as is the security. Regardless, there’s no reason not to give it a try, seeing as there’s a generous free plan available and a 30-day money-back guarantee.
Strengths and Weaknesses
- Easy to use
- No file restrictions
- Free plan available
- Can be used on multiple devices
- Easy sharing options
- Doesn’t accept PayPal
- No direct integration with cloud storage
NordLocker is a very new service, so it should come as little surprise that there aren’t a ton of features at the time of writing. It’s an encryption service, but that’s mostly it. The main feature is sharing, which you’re allowed to do no matter if you’re using the free service or if you subscribe to a premium plan.
Before getting to that, though, let’s talk integrations. Technically, NordLocker works with any cloud storage service. As NordLocker puts it, it “plays nicely” with all providers, but that’s because it doesn’t offer any direct integration. NordLocker is a purely local experience, meaning you need to have your cloud storage service set up on your machine.
For example, if you have a subscription with Sync.com — which we recommend, as you can see in our Sync.com review — you can store your “locker” (the name for your encrypted folder) locally in your sync folder.
Because that local sync folder, well, syncs across your devices, you can access your locker anywhere, so long as the machine you’re opening it on is running macOS or Windows.
NordLocker, like most encryption services, is focused on cloud storage more than backup, allowing you or collaborators to work on a file stored in a shared cloud. Because of the overlay file system it uses — more on that in the “security” section below — NordLocker can’t encrypt whole disks for online backup purposes.
That said, it can encrypt a folder with all of your files in it. NordLocker doesn’t impose size or extension limitations to your account. As long as your have a premium plan, your files can be of any size with any extension, with unlimited data, to boot.
Sharing is simple in the application, allowing you to invite new users to download NordLocker and unlock the locker you shared. You can’t share a locker through the application, though. Rather, you tell NordLocker who can access a particular locker, then you can send that encrypted locker in any way you see fit.
The problem arises — as it commonly does with encryption services — if the recipient doesn’t have a NordLocker account. Although there’s a free plan, it’s limited to 5GB, meaning if your locker is larger than that, the recipient won’t be able to open it with a free plan. That said, the free plan has upsides in other areas, as we’ll see in the next section.
|File size limit||Unlimited|
|File extension restrictions|
|Cloud storage integration||All local cloud storage folders|
|Payment methods||Credit cards, Amazon Pay, cryptocurrency|
|Refund policy||30 days|
|Encryption||AES-GCM for file content, EME wide-block for filenames|
|Sharing encryption||ECC key exchange with a 256-bit key|
|Master password hashing||Argon2 with salt|
NordLocker is slightly more expensive than other file encryption options, but as a personal-focused service, the price makes sense. Compared to Boxcryptor, the price is rough, but that service sees the greatest discount when purchasing for a team, not an individual user, as you can see in our Boxcryptor review.
Even so, the high price tag can’t be denied. Although NordLocker is close to Boxcryptor on the yearly end of things, it’s much more expensive than AxCrypt, which only charges around $35 for an annual plan (read our AxCrypt review).
The price brings with it usability, though, as we’ll see in the next section. It also brings no data or file limits. NordLocker supports any file of any size, meaning you can encrypt everything from Microsoft Word documents to 4K MKV files to Pro Tools sessions. Furthermore, there’s unlimited sharing, even on the free plan.
Like most encryption services, NordLocker has a free plan available. You’ll still need to sign up for an account, but doing so will allow you to encrypt 5GB of data for free. From our testing, there doesn’t seem to be any file restrictions, neither in type nor size. As long as you stay under the 5GB limit, you’re golden.
What’s important to note here is that the security doesn’t change if you’re using a free plan. AxCrypt only allows for a 128-bit key on its free plan, and Boxcryptor doesn’t support filename encryption. However, NordLocker gives you full security on its free plan.
Additionally, the free service can be used on as many devices as you’d like, so long as that device supports NordLocker and you remember your master password. Unlike the free plans at Boxcryptor and AxCrypt, NordLocker doesn’t impose security risks or limited cloud storage access. Rather, your data is restricted.
That said, there are free, open-source options. Read our VeraCrypt review and Cryptomator review for two examples.
If you decide to pay, NordLocker offers a 30-day money-back guarantee, which is nice to see. There’s an argument for not offering a refund policy because there’s a free plan, so we like that NordLocker offers a refund policy despite the free plan.
As for payment methods, the options you’d expect from any VPN-turned-encryption-service are offered, including credit cards, Amazon Pay and bitcoin, though oddly no PayPal.
NordLocker is built around GoCryptFS, which encrypts files and folders using AES and is cross-platform compatible, making it ideal for sharing encrypted files and folders. Instead of whole-disk encryption, GoCryptFS allows NordLocker to encrypt individual files, meaning you don’t need to reencrypt each time you create new files.
GoCryptFS is a filesystem overlay, too, meaning you can directly edit encrypted files. For instance, if you have a Word document that’s in your locker, you can decrypt it with NordLocker, edit it and close it without having to reencrypt the file.
As for encrypting your files, NordLocker relies on asymmetric cryptography, which, as you can read in our description of encryption, means a public and private key are needed to encrypt and decrypt the file.
NordLocker generates a 256-bit ECC key when you first set up your account, which provides the security benefits of RSA, but with a smaller key size (that means faster encryption and more support for older machines).
That said, ECC — elliptic-curve cryptography — is a controversial algorithm to use. Based on memos leaked by Edward Snowden, it’s possible the NSA has placed a backdoor on one or more elliptic curve-based random generators.
Tinfoil hats off, NordLocker encrypts your secret key using the XChaCha20-Poly1305-IETF cipher on your device. That key never leaves your device without first being encrypted, either. When creating a locker, a 256-bit key is generated, which is known as your locker key. That locker key is then encrypted.
Finally, on your files, NordLocker uses AES-GCM to encrypt file content, as imposed by GoCryptFS. Once you decrypt a file, all of this protection falls down like a row of dominoes.
As for sharing, NordLocker relies on ECC key exchange, where your locker is encrypted using your private key and the recipient’s public key, and then decrypted using your public key and the recipient’s private key.
NordLocker Master Password and Zero Knowledge
The key that holds everything together is your master password, which is the only way you can access your encrypted files. Your master password is never seen nor stored by NordLocker, making the service zero-knowledge in terms of access and content. As we see with our best password managers, your master password is known by you and you alone.
Instead, NordLocker sees a derived password generated with the Argon2 algorithm and a salt — essentially extra random data added for extra security — meaning NordLocker can’t know what your master password is. Then, once confirming that the Argon2 and salt result match what NordLocker expects, your master password can decrypt your secret key.
In short, NordLocker is doing everything it should when it comes to securing your files. ECC is the most likely choice, even if there’s controversy surrounding it. Other than that, NordLocker is using the latest in cryptography to ensure your files can only be seen by you and the recipients you choose.
Ease of Use
Unsurprisingly, NordLocker is very easy to use. It mirrors the website of the NordPass password manager with a simple, no-nonsense layout (read our NordPass review). The only difference is that NordLocker is available to download.
You can download the NordLocker app without signing up for an account, but you’ll need credentials to use the app. If you’re using the free plan, the setup process can quickly get confusing, as you’re never brought to a signup page. You actually have to download the application first, which has a small “create account” in the top-left corner.
If you are or have been a NordVPN user, you can’t create a new account. For whatever reason, it seems that NordVPN and NordLocker are sharing the same database of passwords, so you’ll need to enter your email and password for your NordVPN subscription to log in, even if it isn’t active.
That’s not what you’ll use to sign in, though. After entering your NordVPN credentials, you’ll be asked to create a master password for NordLocker. Then you’ll be given a recovery key, which is the only way you can recover your files if you forget your master password. Storing it with a service like 1Password may be a good idea (read our 1Password review).
Finally, NordLocker will ask where you want to store your first locker. You can keep it in your document folder, choose another location or, if you’re on Windows, store it in your OneDrive (read our OneDrive review). After that, we ran into issues.
At the time of writing, .NET framework 4.8 is brand new to Windows, and NordLocker requires it to run. Within a few weeks, most Windows users should have the update installed, but NordLocker won’t work without it. Because of that, we continually ran into errors when trying to set up our first locker.
This is clarified during the install process, but it’s worth noting that you need .NET framework 4.8 before installing NordLocker. Errors will still persist if you install NordLocker and then run the Windows update.
NordLocker’s interface resembles the Windows File Explorer. You’ll see the locker you have selected, the files and folders inside, the size of the locker and the users who have access to it. Adding files and folders is as easy as ever; simply drag and drop them into the NordLocker interface.
When copying a 204MB test folder, NordLocker encrypted the files immediately. Our folder contained a variety of file types, including text, torrent, video and audio files, all of which was stored in our default locker. NordLocker, however, can support as many lockers as you want.
It’s best to think of lockers like folders, especially since you can’t add a new one in the NordLocker interface. On Windows, you can create a new locker by navigating to the file or folder you want to encrypt, right-clicking and selecting “create locker.” Doing so will create a locker file in the directory that the original file or folder was in.
These locker files — which are, of course, only readable by NordLocker — can be moved around at your leisure. They take up the same amount of space as the folder or file you’re encrypting, but they can also be opened from any machine or directory, so long as it’s on a Windows or macOS computer.
Whenever you close and reopen the application, your default locker will open (the one you created during setup). There isn’t a way in the application to navigate to your other lockers, though, which is annoying. Instead, you’ll have to use File Explorer if you want to open other lockers.
File Sharing & Storage
You can share NordLocker files and folders with as many recipients as you want, but each person you share with will need a NordLocker account to decrypt the information. The process for sharing an entire locker is simple. Once the locker is open, simply click “add user access” and enter the email of the recipient.
If the user already has a NordLocker account, all you need to do is send them the shareable file, which NordLocker shows in File Explorer after adding a new user. If not, NordLocker will send an email asking them to sign up for an account and download the application.
For file or folder sharing within a locker, you must select the files you want to share, right-click it and select “prepare for sharing.” NordLocker will create an export version of the files or folders you want to share, and you’ll once again have to add the email addresses of other users.
If you want to share with a cloud storage service, you can, though the process gets messy. NordLocker can’t export directly to a cloud storage provider like Boxcryptor can. Instead, you’ll need a local cloud storage folder, such as those offered by Google Drive and Dropbox (read our Google Drive review and Dropbox review).
Alternatively, you could upload the encrypted file and download when needed, but that’s more of a hassle than it’s worth.
As a new service, NordLocker has little support material available. A knowledgebase is present at the time of writing, but it only has a handful of articles. Things like downloading the application and updating your billing information are covered, and covered in detail, at that. However, there aren’t many troubleshooting articles.
There are currently only three troubleshooting articles, two for Windows and one for macOS. Each OS has an article about reinstallation, and Windows has one about prerequisites not installing correctly. Considering we had issues installing because of the recent .NET framework update, it would make sense to have an article about that, too, but alas, there wasn’t one.
In short, the knowledgebase doesn’t have that much knowledge, in its current state. Based on what we’ve seen from NordVPN, we expect that more articles will be added in the future as problems come up. Right now, though, it’s an elementary resource, at best.
If you have any real problems, it’s best to reach out to the support team. NordLocker only offers email support through a contact form. Paying and non-paying users can use the form, though premium subscribers get priority support. NordLocker says the support is 24/7, but considering it’s email, it’s tough to say that.
To gauge response time, we reached out on a free account with a question about using ECC keys instead of RSA keys. After 24 hours, there was radio silence on NordLocker’s end. Granted, we tried on a free account, but if the response time is longer than 24 hours, then 24/7 support isn’t offered. There’s no way around it.
NordLocker is an easy-to-use and effective encryption application. However, it comes at a price. Although the application is wonderfully designed and the service abides by the latest in cryptography, it begs a high asking price. That said, if you can afford it, it’s one of the best around.
What do you think of NordLocker? Are you going to take advantage of its 30-day money-back guarantee? Let us know in the comments below and, as always, thanks for reading.
- NordLocker is a file encryption application from the makers of NordVPN. It allows you to encrypt and share files on Windows and macOS using AES-256 through a drag-and-drop interface.
- NordLocker costs as little as $3 per month, if you go with the three-year plan. Monthly plans normally run $8 per month, but NordLocker has a free plan available, too, which is restricted to 5GB.