Locke Armory

Seamless & secure password management for your enterprise.

80% of cyberattacks succeed due to one simple & preventable avenue of attack: phished passwords*

Locke protects your business against both insecure passwords and phishing attacks by preemptively stopping your users from visiting malicious websites and allowing you to centrally manage important company passwords.

An encrypted fortress for your company's secrets

End-to-end encrypted with better algorithms—Argon2id and XChaCha20.

Locke implements a security model inspired from and improved upon that of Bitwarden. All passwords are encrypted client-side using a symmetric key. Instead of AES we use the superior XChaCha20 encryption algorithm. The symmetric key is encrypted with a master key derived from the master password using Argon2id, before being stored. All passwords and keys are then encrypted again on our servers using normal AES 256.

All data at rest is stored with symmetric encryption to guarantee security against quantum computers.

Unlike Bitwarden, Locke does not use asymmetric encryption to encrypt keys or passwords that are stored server-side. This design decision was made since RSA and ECDSA are vulnerable to Shor’s algorithm. While quantum attacks on public key cryptography are not feasible now, data can be vacuumed up by state actors and decrypted later.

We do use Crystals Kyber post-quantum secure handshake (along with TLS) to secure sensitive data in transit.

Secure & recoverable multi-factor authentication.

Security and usability don’t have to be mutually exclusive. Despite it’s popularity, SMS is not a secure channel to perform MFA. Instead, our MFA uses a 7 digit code presented on screen along with a QR code to be typed or scanned into our mobile app. In the event that a person is locked out on both devices, a hardware token is generated on app install and can be used to authenticate without an authenticator app.

On mobile devices decrypted passwords are synced to the local keystore to enable autofill, handing encryption off to the operating system and secured with biometrics.

Adaptive Phishing Filter

Protect your users from themselves.

The mightiest castle is vulnerable if attackers have a key to the front gate. In the same vein, all this encryption accounts for nothing if your employees give hackers their passwords. Locke Armory integrates an adaptive phishing filter into our browser extension that stops your users from visiting malicious websites.

Phishing attempts are logged in our admin console to enable further investigation.
Our adaptive phishing filter uses 3 layers of detection to analyze malicious websites:
  1. A configurable black and whitelist to catch easy & repeated threats.
  2. Machine learning model analysis of the URL and WHOIS data to catch new & previously unseen threats.
  3. Machine learning analysis of page content to catch complex threats.

Full Feature List

The only password manager with end to end encrypted account recovery without a recovery file—via Social Recovery.

  • Secure password storage
  • Password autofill on iOS, Android, and browsers
  • Secure password sharing
  • Multi-factor authentication
  • End-to-end encrypted recovery via Social Recovery
  • Email aliasing to hide email addresss
    beta
  • Adaptive phishing filter
    alpha
  • Admin controls
    alpha
  • Typing pattern authentication
    alpha

Admin Console

Manage company vaults and securely share them among employees

Locke Armory provides an admin console where you can manage vaults, share access with employees, configure white and blacklists, and importantly: view detailed logs on phishing & login attempts.

This feature is currently in development with a release date slated for the end of October.

Pricing

$2/user/month

For all features described above, along with white glove support. Contact us for pricing for large teams. We’re a startup and able to accommodate most budgets. 

ROADMAP

We're building the holy grail of security: Continual Authentication

Our mission is to provide seamless & secure access into everything on the Internet. The final form of this obsession with usability is something called Continual Factor Authentication (abbreviated as CFA). Instead of ever requiring a password or fingerprint, Locke can check that you are who you say you are in the background all the time using passive signals you generate such as typing pattern and gait.

Our typing model is 90.1% accurate over just thirty characters.
Action-based authorization will result in perfect network visibility.

With CFA we can generate finely scoped authorization tokens that are tied to one specific action. Once that action is taken, the token is revoked. These action-based tokens can create a super high “resolution” auth system that has the unique property of perfect internal visibility, allowing enterprises to counteract cyber attacks as they happen.