Lockdown (Your Digital Saferoom)

A few weeks back I was sitting around, being particularly bored, when an email arrived in my mailbox from someone I did not recognize. Of course, what was more astonishing was not simply that this email had arrived from a random account. That happens all the time. As most everyone on the internet, I am well acquainted with “spam” email. No, what was more astonishing was that the email I had just received was clearly from someone who knew me. It was directly replying to an email thread I had just sent out.

To make a long story shorter, it turns out that one of my peers had decided to un-link their work email from their mobile device, and replace it with a temporary email. The fear? That at the conference they were headed to, someone might steal their phone in order to gain access to their work account (and by extension, client data).

Now certainly, their fear is not unfounded. The threat they described is very very real. However, their solution to me did not seem elegant enough to fly in production. They had just removed their access to all legitimate work content from their mobile device. We can do better than that.

Whether by someone stealing your phone, or via a “hacker” with the technical sophistication of a twelve year old resetting one of your internet resident account passwords by guessing your old security questions; one of the main ways an individual on the internet gets hit, is through the compromising of said accounts. It wasn’t all that long ago that the news read about the CIA head John Brennan being hacked in this manner. Truly, everyone is vulnerable. And more often than not, through no (or very little) fault of our own.

So what can we do about it? Well, obviously there is a number of things you can do. However, there was one specific idea I chose to explore. Lockdown is a digital saferoom. The nature of an intrusion into one’s digital assets is that a single breach, often spreads through linked accounts and reused passwords. Lockdown operates on a panic system. Allowing you to put all your accounts into “lockdown” in the event that you discover a breach or malicious activity in one.

How it operates couldn’t be more simple. You link it up to the accounts that you want to secure (Lockdown must support the service in question). Then you create a throwaway Gmail account to which you can email your panic phrase. Set the panic phrase in the Lockdown options; and run the script. Lockdown will silently sit, waiting to hear the panic phrase via email. In the event of a breach, gain access to a computer or phone as quickly as possible, and send the panic phrase to the throwaway Gmail account. The Lockdown script will receive the panic phrase and trigger the lockdown process. It will authenticate to all linked accounts, and change their passwords to the preset panic password. It’s really that simple.

There is certainly tons more work that needs to be done. But this is one step forward in the battle to regain control of our digital selves. Giving us a chance to protect ourselves with a digital saferoom in the event of a breach. Something that no service provider has done before.

You can find the basic version of Lockdown here: