Locke is a Digital Identity Management System (DIMS)

A digital identity is the complete electronic footprint of an individual. It is the sum of all online identifiers, attributes, and credentials—from email accounts and passwords to encrypted files, financial records, and personal data.

While often compared to traditional Identity and Access Management (IAM), which is typically an enterprise-centric tool for managing employee access to corporate resources, a DIMS is increasingly user-centric. It is a system that empowers an individual to create, control, secure, and manage their own identity across all facets of their digital life.

What is a Digital Identity? And why do I need to manage it?

Your digital identity is, simply put, the collection of data that represents you online. You need a dedicated system to manage it because the current approach of using hundreds of disconnected services has created significant security and usability challenges.

  • Credential Sprawl & Password Fatigue: The average person juggles hundreds of online accounts. This leads to password fatigue, forcing users to adopt weak, memorable, and often-reused passwords that provide insufficient informational entropy to securely encrypt data.
  • Persistent Phishing Threats: Phishing remains a highly effective attack vector because of a fundamental design flaw in our communication systems: anyone can email you. This unsolicited channel creates a massive, hard-to-defend attack surface.
  • Data Fragmentation: Your identity is scattered. Your passwords are in one service, your critical files are on another cloud, and your email is managed by a third. These silos are protected by different credentials and inconsistent security standards, leaving you vulnerable.
  • The Authentication Gap: We are constantly forced to trade security for usability. Traditional passwords require perfect, exact recall—one wrong character locks you out. This friction pushes people toward insecure practices.

The Passkey Evolution: Not a Silver Bullet

Passkeys are a genuine and important step forward for securing individual applications. However, they are still a work in progress and not a complete solution for identity management.

The user experience for passkeys can be opaque, and more importantly, they are not an ideal solution for a master account because they often lack simple, user-controlled recoverability. This can lead to a reliance on large technology providers like Apple and Google to sync and secure your most fundamental credentials, which trades one set of problems for another.

Locke ID: A User-Centric DIMS

Locke ID is a cross-platform digital identity management system designed to address these core challenges. It is a unified DIMS that integrates your passwords, files, and email into a single, secure ecosystem, giving you true ownership of your digital self.

A New Approach to Authentication: Fuzzypass

Instead of a traditional master password, Locke ID is built on Fuzzypass, a different form of knowledge-based authentication.

  • How it Works: You select a list of 8 to 12 words. Each word is associated with a “lock”—a unique number, color, and symbol. To log in, the system presents you with 3 random locks, and you simply type the 3 corresponding words.
  • Why it’s Different: Fuzzypass leverages cued recall rather than perfect serial recall. You only need to remember fuzzy associations. If you make a mistake, the locks shift to give you a new attempt with different words. This error-correction mechanism makes it remarkably easy to use while maintaining high security.
  • The Security: This method allows a user to easily remember a secret with over 100 bits of entropy. An 8-word Fuzzypass provides a conservative estimate of 90 bits of entropy, while 12 words provides up to 155 bits, making offline brute-force attacks intractable.

Reducing the Attack Surface: Secure Inbox

While no system can promise to completely solve phishing, Locke ID’s Secure Inbox provides a powerful structural defense that radically reduces the attack surface.

  • How it Works: You create anonymous email addresses for your online services.
  • The Lock: When a service (e.g., your bank) sends its first email, the Secure Inbox locks to that specific sender’s domain.
  • The Result: From that moment on, only emails from that original, verified domain can reach you at that address. All other emails—from spammers, advertisers, and phishing attacks from imposter domains—are automatically stopped.

A Unified, Post-Quantum Vault

Locke ID consolidates the core components of your identity into one vault, protected by Fuzzypass.

  • Passwords: A free password manager with unlimited accounts and unlimited devices.
  • Files: Free, end-to-end encrypted file storage.

The vault is secured with strong, end-to-end, post-quantum encryption. This ensures your data is protected not only against today’s threats but also against the “steal now, crack later” threats of the quantum computing era.

The Future of Self-Owned Identity

The Locke ID application is the first step toward a broader vision. We are actively researching the long-term challenges of providing a digital identity that is both durable and truly self-owned.

Our exploration of this research problem is detailed in our whitepaper: “Locke: A Peer-to-Peer Private Key Store to Replace Passwords.”

This paper investigates how a peer-to-peer network could alleviate people from the sole responsibility of managing their private keys. It explores concepts like distributing Shamir key shards to a self-defined trusted community (such as family), allowing for decentralized authentication and recovery. The goal is to formally define data types for people, relationships, and communities to create a digital analog to a person’s real-world identity, managed by the user.

Read our full whitepaper here.