Forums Community AxCrypt 2 makes me sad… Reply To: AxCrypt 2 makes me sad…

#11488 Reply

Svante
Keymaster

Hello RS,

Thank you for your feedback!

I’d still like to reply with some facts.

A big problem with the old AxCrypt 1 was that the *encryption* password was not in any way verified. This opened for scenarios with many different encryption passwords, as well as typos. The current AxCrypt 2 design where we keep to one encryption password that has to be verified (in a cryptographically secure manner) has drastically reduced the number of incidents with users not being able to access encrypted data due to forgotten passwords or typos. That’s a fact.

If you use AxCrypt 2 from Windows Explorer, like AxCrypt 1, the normal workflow is identical. The looks of the dialogs are different, but this the same number of clicks and keyboard hits as when using the ‘remember this for encryption’ and ‘remember this for decryption’ in AxCrypt 1. That’s a fact.

You write that the use of  the cached password feature is a security risk because “if anyone manages to get access to the computer and the user is signed into Axcrypt the person has access to encrypted files!“. That’s simply not true, unless of course you left the computer entirely logged on to Windows with AxCrypt open. If you do, you’re pretty much out of luck security-wise anyway. If you sign out, if the screen saver goes active, if the computer goes to sleep, AxCrypt will sign out. There’s also an option to set a timeout for AxCrypt, just like a screen saver.

And no, we don’t want to force people to log on to the AxCrypt site to track them. We don’t track logged on users. However, we do want to try to make AxCrypt survive and evolve. This requires money. Not even one in a ten-thousand donated even $10 for AxCrypt 1. I had two options – kill AxCrypt entirely, or try to find a compromise by still offering AxCrypt for free with basic features, and then add features to make it worth paying for. For payments to work, we do need some kind of account mechanism. However, the main function of the online account is to host the password manager, and the key pairs used for key sharing (sharing encrypted files without sharing passwords), and to serve as a way to validate the encryption passwords used (see above).

You are welcome to use AxCrypt 1 of course – but beware, there’s no support and no maintenance. It’s obsolete, sunsetted abandonware at this point. Use at your own risk.