I have two more suggestions:
- When creating a new account via the software it prompt for a password. It uses a basic algorithm to detect weak passwords but it allows you to use your email address as your password!
- The encryption password is transmitted via TLS. There are a number of solutions for this but they’re complicated and involve extensive development effort. However if I’ve understood the technical documentation correctly, there seems to be one simple fix which I’ll explain below.
A file encrypted with AxCrypt (AXX) is highly secure by today’s standards. If the AxCrypt binary contained a hard-coded AxCrypt public key (the EXE is secured with Authenticode and a verifiable cryptographic hash) then upon the user entering their password it could be encrypted into a miniature AXX file, transmitted to the server via TLS, decrypted with the AxCrypt private key on the server and then validated. There’d be an insignificant increase in time but the security would increase tremendously.
Some may argue that TLS is fundamentally compromised. Whichever side of the fence you’re on – by double encrypting the password (i.e. transmitted over TLS and encrypted with the AxCrypt public key) it’d minimise any risk of compromise by TLS, e.g. fake root certificate installed on the local computer, antivirus, ISP etc. – see my email for other methods.
Of course this wouldn’t prevent capture from key-loggers but it’d remove several side channel attacks against the password. It’d also satisfy many who don’t trust TLS. They’d still have to trust the server but it’d be an enormous increase in security.
It may not be practical depending upon the server configuration but it’s a relatively easy way to increase security without requiring a significant amount of development or even server resources.