Forums Community Two factor authentication Reply To: Two factor authentication

#6233 Reply

Svante
Spectator

Hello Carl,

I’m not following. The Google Authenticator is still about proving identity – not possessing a secret. Remember that AxCrypt is designed to handle the following scenario:

The attacker has access to the following:

– One or more encrypted files, and the original decrypted originals for all but the file(s) being attacked.
– All the source code and technical documentation for the application.
– Tools and skill to use, write and adapt code to try passwords/keys without interference of operating system or server authentication – i.e. entirely offline and under the attackers control.
– Lots and lots of hardware (think custom built supercomputers) and money, vast amounts of money (many, many millions of $).

In fact, the only things the attacker is not assumed to have is the password, and you (so you can’t be forced to reveal the password).

Therefore, having various additional stronger “authentication” methods does not really make sense, since we assume the attacker can get round those. We still want AxCrypt to stand strong. And it does, provided you use a sufficiently strong password, which we try relatively hard to help you with.