September 5, 2016 at 21:54 #4018
I just got the new AxCrypt 2 version.
It’s well known that accounts can be hacked for several reasons and mainly for users fault.
If this happen, is it enough that the hacker change my password and I lose any chance to open my encrypted files ? Are they still safe on my device but completely unusable ?
RegardsSeptember 6, 2016 at 08:54 #4023
Yes, accounts can be ‘hacked’ – although, what this typically means is that your password has been guessed or otherwise leaked. Very, very seldom are user accounts really ‘hacked’ in the sense that a vulnerability is exploited. Servers are however sometimes hacked, which sometimes is the cause of leaks of password databases (although just as often it’s an inside job).
No, if someone actually would gain access to your email for example, and then use that access to perform a password *reset*, that will not affect your files. It will, temporarily, cause your sign in to AxCrypt to fail if you’re online of course (since the ‘hacker’ has succeed in *resetting* your password). In this situation, you’ll just *reset* the password again to the original (after ensuring the ‘hacker ‘ no longer has access to your email of course, by changing the password to that service).
The files as such are not at all affected by any kind of change to the online account in this case. Also, with AxCrypt, regardless it’s always possible to open the files with the password originally used to encrypt them.
Your files are safe and usable for you, but not the ‘hacker’, if such person would succeed in actually *resetting* the password of your AxCrypt ID online.
A ‘hacker’ cannot *change* the password to your AxCrypt ID without actually knowing the original. This is not possible to bypass by hacking our server either, since it’s not a regular password change where we just check that the old password is known. We actually encrypt data on our server (using AxCrypt of course) using your password. So, to *change* password, this must be decrypted, and this requires to really know the old password before it’s possible to set a new one.
There is thus a definitive difference between *changing* and *resetting* AxCrypt ID online passwords. *resetting* can be done by a ‘hacker’ with access to your email. *changing* requires to really know the old password.