Forums Community Feature Request Reply To: Feature Request

May 2, 2017 at 19:10 #6303 Reply

Franz

AxCrypt would work well in a workgroup environment if there could be some way to remove the need of the users to know the encryption login password.

Fellow user here!

Maybe I am not understanding you correctly or you might be using the software otherwise than intended. Users shouldn’t “know the encryption login password”.

With AxCrypt every user should have his/her own login. There is no such thing as “the” password, every user has his account (with his own password) and this will successfully decrypt any files shared with them by the owner.

If what you’re doing is sharing “the” password that you use to encrypt the files then you’re doing it wrong according to AxCrypt. Technically there’s nothing to stop you doing this but because there’s no option to have multiple passwords it means that any other files encrypted by yourself can be decrypted by the user using the same password (assuming he has access to them).

The workaround to the scenario I have just suggested would be for you to create a separate account with a different email address and password.

Users would be able to share encrypted files on their network easily without needing any knowledge of passwords.

AxCrypt is designed to work like this assuming you use the ‘share’ function as intended. The only password (not passwords (plural)) the user needs to know is his own because he can only access files shared with him. You should never be sharing your password with him.

If you want transparent encryption then you need to use full disk encryption (like BitLocker) as this will better protect your data if your computers are stolen. In this scenario then you don’t need to use AxCrypt because the data is encrypted at rest. AxCrypt is intended for users sharing files via external email, public cloud or physical media.

Neither AxCrypt or BitLocker can protect you if you’re working on a system and it’s hacked. Therefore it’s pointless to separately encrypt files with AxCrypt unless you intend sharing them externally or it’s extremely sensitive and you want to make sure that if the file was emailed to somebody by mistake that it is unreadable.

This is the correct process for AxCrypt file sharing.

If a user copied off a file to take home, it would be useless as they can’t decrypt it (not aware of password)

No encryption software can help you here. If a user is that way inclined then he can simply:

  • take a screenshot
  • use his camera phone
  • print the data onto paper
  • copy and paste the data (it’ll then be unencrypted)
  • save the data to a new file (it’ll then be unencrypted)
  • remember the information – if possible

You need to find out about Data Loss Protection. If you’re a Windows user then use that link to find out about Microsoft’s DLP product. Encryption software cannot protect your secrets from authorised insiders, think about it.

Very briefly DLP scans your data and prevents screenshots, saving to unencrypted files, printing, copying and pasting but it cannot protection you against somebody photographing their screen or remembering the information. DLP also stops your staff inadvertently emailing/uploading sensitive data types. DLP is not encryption, it’s designed to be used in conjunction with encryption.