Forums Community Unhappy with version 2 Reply To: Unhappy with version 2

#4475 Reply

Svante
Spectator

Hi Sanjay!

There’s always a point in making your voice heard. We’ve changed quite a bit of things based on user feedback.

Yes, I could be more clear I guess on why it actually tends to decrease security. I do mention one aspect: Convenience. Iconvenient security solutions are either not used, or worked around. This is well established in many contexts. It’s about practical psychology, not theoretical security. Another aspect is another facet of inconvenience. Invariably, many passwords will be weaker than one strong. It’s just how we’re wired. It’s also the main theory behind single sign on in general, which is fairly well accepted. Yet another aspect is the fact that often the argument is that for less important files, the user is happy with a less secure password. Less secure. This is just faulty logic, since it costs nothing extra to use good security for all files with AxCrypt 2, and by definition it thus reduces security.

I’m afraid I’m totally at odds with your statement “the frequent entering of that password increases the odds that it will be compromised” for a number of reasons. You don’t have to enter it frequently! That’s part of the design! You only enter it *once* per session. To make it convenient. We really believe convenient security solutions increase practical security as opposed to inconvenient theoretically stronger solutions. As for odds increasing, I don’t really see it. Why would the odds of a password leak increase because it’s the same one being entered once, instead of a multitude of passwords being entered all the time?

I’ve updated the blog with a paragraph on why the use of many passwords tends to decrease security. Of course, you may be that one in a thousand who can actually remember a number of 10+ character strong passwords and for what files they are used for. In that case, many passwords won’t be harmful. But it won’t be helpful either.

We’re aiming to provide good, strong, practical easy to use security for the main stream users who do not know anything about cryptography, and don’t want to know anything either. They just want to know that as long as no-one knows their passwords, their files are safe from scrutiny.

We think we do with AxCrypt 2.

All this being said, despite that you may feel we’re not listening, we are. We are constantly evaluating options on how to satisfy as many users as possible while not compromising the overall goals and security of AxCrypt 2. What we’re struggling with is how to provide the option to use different passwords, while not at the same time making it more complex with more options for the majority of users who really like the simplicity of the standard model and while also not encouraging bad security practices.

It’s also a priority thing. Right now we feel mobile apps are more important to get out there, and we’re just starting internal beta testing this week for both iOS and Android!