Forums Community Unhappy with version 2 Reply To: Unhappy with version 2

#4473 Reply

Sanjay Kumar

So many people have tried to explain this to the AxCrypt developers on these forums, so there’s probably not to much point in my posting this, but I’ll try anyway.

 

First, the link (http://www.axcrypt.net/blog/use-of-different-passwords/) you point users to explaining why using different passwords for yourself is less secure does not even claim that using different passwords is less secure.  Security is always a trade off between preventing unauthorized access and permitting authorized access.  As your own post explains, multiple passwords does not decrease security, but rather increases inconvenience (e.g., increasing the chance of forgetting a password).

 

Second, with your 2.0 approach, if you’re password is compromised, 100% of your data is compromised.  Your solution is this: make sure it is not compromised.  While that is fine in theory, it is simply not applicable to real life security.  As AxCrypt 2 relies on a single strong password, the frequent entering of that password increases the odds that it will be compromised (someone looking over your shoulder, key logger, leaving it logged in, etc.).  I’m sure you are familiar with compartmentalization of information.  If you had highly-sensitive data that was rarely accessed and encrypted with a different password, a user can take numerous precautions to ensure that password is not compromised when that data is accessed (access it only when you are alone, close the blinds, check for key loggers each time, etc.).  You are essentially asking users to use that level of caution all the time.  Users will either 1) not do so, which will drastically decrease security, or 2) do so, which will drastically decrease access.   It is not a question of a “feeling.” It is has a real-life, practical impact on security and/or access.

Since so many users have tried to explain this, at the very least, you could address this more thoroughly in your link.  If multiple passwords really decreases security, you could at least explain how.  What you have explained is simply how they increase inconvenience.  By only stating you wish to increase convenience with a single password, you are implying that the use of only one password does in fact decrease security.

Thanks.