Forums Help & support Account Encryption Password versus File Encryption Password

This topic contains 8 replies, has 2 voices, and was last updated by  Svante 3 weeks ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #9071 Reply

    Biu55

    Dear Forum Members,

    I have just upgraded from Axcrypt 1.7 to Axcrypt 2.1 and don’t understand the following:

    – in Axcrypt 1.7, I have 2 x encrypted files with two different passwords
    – now in Axcrypt 2.1., one of the two passwords has become my ‘master password’ for the account ID / console sign in.
    – the 2nd file with the different password, now requires first the sign-in with the ‘master password’ and then with the file specific password.

    I would like to keep this setup whereby the two files have two different passwords.

    However, I cannot find any configuration with Axcrypt or information on the website how I can maintain this.

    Can anybody help me on this ?

    Many thanks for your help.

    Biu

    #9082 Reply

    Franz

    I would like to keep this setup whereby the two files have two different passwords.

    You can’t.

    https://www.axcrypt.net/blog/use-of-different-passwords/

    #9250 Reply

    bernardpalissy

    Dear Forum Members,

    As Biu55 I had different PW for different files, and it was important for me. From this point of view, the new version is very disappointing. How can I get the old one back ?

    many thanks,

    bp

    #9305 Reply

    Svante
    Keymaster

    Hello bernardpalissy,

    You can always uninstall AxCrypt 2, and use the unsupported AxCrypt 1. But before you do, please read https://www.axcrypt.net/blog/use-of-different-passwords/ which tries to explain why different passwords for different files is at best unnecessary, at worst harmful for security.

    #9314 Reply

    bernardpalissy

    hello Svante,

    Sorry, I don’t want to be sarcastic at all, and I do appreciate the fact that you answered personnaly to my post, but the strongest argument I see in this article is : having several passwords is bad, because it’s bad.

    I’m not a specialist in the subject, and my “secrets” are not those of, say, the Ministry of Defence, but my habits were sufficient to have no intrusion, no (damaging) crashes (and no viruses !) since more than 40 years data processing… sorry, say 20 years, because we have had about 20 years peacefullness in the past !

    … and according to that, in my situation, AxCrypt.1 is the solution.

    … in all cases, many thanks for BOTH AxCrypt !

    yours sincerely,

    #9318 Reply

    Biu55

    Dear Franz and Svante,

    I agree with bernardpalissy that the different passwords are important to me.

    The solution to go back to version 1.xxx works very well for me.

    It really is a pity that version 2.xxx does not support two passwords and it might be an idea to incorporate into the next version. In my humble opinion, it is justifiable to adapt the program to match how people use it.

    Many thanks for your help & advice.

    Biu

    #9321 Reply

    Svante
    Keymaster

    Hello bernardpalissy and Biu55,

    If the blog post https://www.axcrypt.net/blog/use-of-different-passwords/ gave the impression that the argument is “having several passwords is bad, because it’s bad.” I’ll have to rework it a bit ;-)

    What I was trying to say is that having several passwords is:

    – At best, unnecessary and does not contribute or add any security.

    – At worst, reducing security, because it’s harder to keep track of and use several equally strong passwords.

    – If sharing with others is the goal, the AxCrypt 2 key sharing feature is a much better and easier-to-use way to do it.

    The holy grail of security and authentication for over 20 years have been “single sign on” – one password to rule them all. Most security experts agree that fewer and stronger passwords is better. AxCrypt 2 is trying to at least not increase the problem with multiple passwords, by providing a good mechanism to reduce the need to a single password for AxCrypt at least.

    Having several passwords is bad, because it increases the problem of having strong passwords without adding any real security benefits.

    #9354 Reply

    Biu55

    Dear Svante,

    Many thanks for your reply and explanation.

    However, the articles and holy grails you refer to all assume that the users of encryption software are stupid or negligent, which is probably true to a certain extend.

    However, I have a very simple scenario where we have one password protected file which is only accessible to my wife and myself and another which is also accessible to our children. This is not such an unusual scenario nor is it particularly stupid and the fact that it is working for us, does show that it is possible to remember more than one strong password.

    Software should be flexible and be able to accommodate a variety of usage scenarios, irrespective of holy grails and treasured industry beliefs. It is the users who decide whether software is suitable.

    A holy grail is only valid for as long as somebody doesn’t come up with a better solution and clinging to it while you drown is pointless.

    With kind regards,

    Biu

     

    #9399 Reply

    Svante
    Keymaster

    Hello Biu,

    Thanks for your input!

    We’re not saying “users of encryption software are stupid or negligent“. We are, however, saying they are human!

    I try to design software so that users tend to fall into the pit of success, i.e. being nudged, or even forced, in the right direction (according to me). I am actually not a believer in software that is too flexible and leaving all decisions up to the users. Every time an option or mode of operation is considered for AxCrypt, I try fight tooth and nail to find a way *not* to add such a thing.

    This is also called opinionated software. AxCrypt has an opinion about how it should be used, which happens to coincide with my opinion… ;-)

    So, here we’ll just have to agree to disagree – and you’ll have to take it or leave it or take the source code and change to work the way you want it to work.

Viewing 9 posts - 1 through 9 (of 9 total)
Reply To: Account Encryption Password versus File Encryption Password
Your information: