Blog/Infosec 101/

Master password: why it’s so important

John Sears

John Sears

·

Dec 18, 2019

·

2 min read

It plays an important role in securing your files, and you are the only person who knows it. Can you guess what it is? Yes, you got it right – it’s the master password. Let’s take a closer look at what it does and why it’s so important.

Master vs. account password

It’s essential not to mix them up. Your account password is the one you create when registering for NordLocker – it’s your NordLocker account password. You will be using it to log in to the NordLocker app and the control panel, where you can manage your account settings and subscription.

Master password is a different thing. It is the password that lets you access your lockers. So whenever you wish to open a locker, the app will ask you to enter your master password. Think of it as a key that unlocks a door to the safe that holds a precious treasure – that is, your sensitive data.

How do you get a master password? We ask you to create it when setting up your account. Since you’ll be using the master password quite often, it's best to make it easy to remember yet secure.

Why master password matters

It wouldn’t be too much to say that the master password is a real VIP – a very important password. In fact, the master password is a vital component in NordLocker’s encryption process.

NordLocker encryption relies on public-key cryptography, where two keys – public and secret – are used. A file encrypted with your public key can only be decrypted with your secret key. By applying Argon2id key derivation function, a derived password is acquired from your master password and a salt. The derived password is used to encrypt and decrypt your secret key.

Simply speaking, encrypting and decrypting files in NordLocker requires something that only you know – your master password. It is never stored in the application or on our servers.

Losing a master password: how bad is it?

You can’t access your lockers without your master password – that’s the rule. But what happens if you lose your master password? Are you locked out of your files forever? Breath in, breath out – it’s not a nightmare yet.

If you lose your master password, don’t panic. You can reset it in just a few steps. You’ll need your recovery key – an emergency key we give you when you create your account. You should be keeping it written down in a safe place. So when the moment comes, find the note with your recovery key and enter it in the app to reset your master password.

Now, losing BOTH your master password and the recovery key is a deadly combination. Losing these two will lock you out of your files. Forever. So make sure you have your recovery key somewhere safe. We understand that life happens. In case you lose it, you can get a new recovery key – but you will need your master password to do so.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.