Personal security – LazLock password manager

Despite being ‘the computer geek’ to many of my friends and family, I’ve always had a love / hate relationship with technology.
I’m Generation X, the bridge generation, we came after the baby-boomers and thought that we were digital natives until the Millennials came and transformed the internet from a network of computers to a social network of user created content.

I love the ease that technology has given us, whilst hating how it’s separated us from our neighbours IRL. But this is where we live now, far away from outdated notions of ‘going online’. We’re always connected, to each other, to the news, to a constant stream of information.
The convenience it gives us is genuinely revolutionary, though it’s easy to take for granted. How many times have you travelled somewhere by booking a flight online, or ordering an Uber or a BlaBlaCar? Whilst travelling you can find a place to stay through Airbnb or book a hotel online. If you wind up in a place where you don’t speak the language you can download an app that translates the local lingo for you and, thanks to GPS, you rarely get lost.
I love all of these things, but there’s a trade off. Convenience in exchange for your privacy.

“It’s impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments of personal information. Fragments that can be retrieved, amplified… ”
William Gibson, Johnny Mnemonic
May 1981

Online privacy is one of those things that everyone is vaguely aware is important but it never seems to apply to us. We read news stories about databases getting hacked like Ashley Madison, Twitter, Sony. Maybe we get inspired to change our password when something like that hits the news but, overall, security / privacy is too fiddly to be easy to use.

As part of my job, I’m responsible for several social media accounts, managing my company’s various Facebook, Twitter, email and website profiles. I need to use strong passwords to login to each of those sites, the passwords also need to be unique.

Imagine if you used the same password for all of your online accounts, just because it’s one that you can remember.
Now imagine that one of the sites that you use it for, maybe a small forum or messageboard run by people who aren’t professionals, gets hacked.
If you’re lucky, the site doesn’t keep your passwords on file as plain text. Even so, the hash of your password can be cracked in a short amount of time (especially if it includes words, personal information or dates), once that person has your password they’ll then try to use it to login to your social media, cloud storage or email accounts.

You won’t necessarily know if someone has access to your account. Most crackers will just monitor what information you post to try and collect bank details, personal information, compromising photos… whatever.

There are tools to protect you online, try typing your email address into to see if your account has been breached.
Some websites, like Dropbox, allow 2 factor authentication. This means that when you enter your username and password online, a text message is sent to your phone containing a code. You then need to enter the code online to continue logging in.

The simplest way to start protecting yourself online though, is using a password manager. A small application that sits on your computer that contains all of your passwords.
I’ve been using password managers for years and they’ve really helped.

The general idea is that you only need to remember 1 password, the one that you use to unlock the application, it then remembers the rest for you. Even better, as the password manager takes away the need to remember everything yourself, you can start to create really long passwords made up of randomly generated letters, numbers and symbols that are very difficult to crack.
The more I used password managers, the more I found things that I disliked about them.
The ones that were easy to use are browser addons or they run in the cloud. To me, this isn’t very secure. The ones that worked locally, as a program running from your computer, were too big and ugly.
I decided to write my own program, a password manager that was small enough to fit on a USB stick and carry anywhere. That I could run on both the Windows computers at work and my Linux laptop at home. A program that protected everything with 128 bit AES encryption so that, if I ever lost my USB stick, I could be confident that my data was safe.
The program that I came up with was LazLock, a free, lightweight, portable password manager.

LazLock UI screenshot
LazLock running on Windows 10

You can view the online help for the program at

CPunk Security is a ongoing project where I plan to make online privacy simpler for the average user. Through free software, consulting and penetration testing.