This topic contains 10 replies, has 2 voices, and was last updated by Rickie 1 year, 9 months ago.
September 6, 2016 at 21:19 #4029
When I use the free version 2.1.1460.0-x64 to encrypt it moves it to a different section and places a green icon of what could be a lock on the note. It doesn’t ask me for an encryption password before “encrypting” and to verify the password, it just opens the “locked” file just as pretty as you please. My question; please enlighten the ignorant by instructing me how this new encryption works. What I have now is a cute icon that takes the place of a plain note icon. All help would be most appreciated.September 7, 2016 at 07:16 #4031
Thank you for taking the time to ask, since this is obviously something we need to get better at explaining.
I’ll try to be brief:
- It does not ask you for a password before encrypting, because you already gave AxCrypt your password when you “signed in”. This password is kept around for as long as you’re still “signed in”, and used for both encryption and…
- …it just opens the locked file just as pretty as you please because of the same reason – the password is kept around as long as you’re “signed in”. This is one of the main improvements of AxCrpyt 2 – it makes it so much easier to work with!
The green icon appears because the file is really encrypted, and renamed to end with “.axx” and that’s when Windows will display the stylized green padlock icon.
You’ll now think – but where’s the protection if anyone can open the file?
The answer is that AxCrypt will sign you out automatically when the screen saver goes active, you log out of Windows or the computer goes to sleep.
And you never, never ever leave your computer logged on to windows in a place where other untrusted people have access to it, do you? If you do, there’s really no need to bother with encryption at all. It might make you feel better, but it doesn’t provide an ounce of real protection.
It’s a little like airport security confiscating your empty water bottle. “Look, we’re preventing people from getting inside with a container that can be filled with bad stuff!”, but… on the other side of security I can buy a new water bottle, empty it or drink the water – and now I have my empty container! It’s a totally meaningless action in the name of “security”.
Encrypting your files, regardless of mechanism, and then leaving your computer accessible to anyone who walks by is also a pretty meaningless action. Why? Because, as someone said, if you let someone else have full access to your computer, it’s no longer your computer. It’s that persons computer, and they can do pretty much anything they like. In this case it probably means quickly installing a readymade keylogger kit to pick up your password and send it so the person can open the files he or she also copied or sent out during the time they had access to your computer.
Security is also only as strong as the weakest link in the chain. It doesn’t matter how hard you’ve encrypted your files, if you are not using your computer in a generally safe way.
With AxCrypt 2, you get both convenient usage (which means it’s more likely you’ll actually encrypt your stuff) and real security as long as you follow some simple and general guidelines for reasonably safe computer use.December 23, 2016 at 20:27 #4945
I use AxCrypt on my home computer to protect sensitive financial and password data. I don’t want my nanny, house cleaner, or visiting friends to be able to access these files. I trust that none of these people are going to install a key logger or otherwise hack my PC, but they may inadvertently open my sensitive files now, thanks to this “improvement” of AxCrypt 2. Getting logged out when the screen saver comes up is not safe enough for me. Can you PLEASE add the option to have it prompt you for the password every time you try to open an encrypted file? Such an easy feature to add, and it will make lovers of AxCrypt 1 much happier.December 23, 2016 at 20:38 #4946
Thanks for your input!
They say the customer is never wrong, but to be honest I have a hard time with this rather frequent request. I’m assuming you’ve read https://www.axcrypt.net/blog/leaving-computer-axcrypt/ which is a longer dicussion about this.
But, yes, we’ll be adding a number of dangerous options like this one. I really, really think that it tends to reduce security because of the increased threshold of use and the likelyhood of avoiding long and strong passwords. But, we will add it as an option.
Stay tuned! Now the mobile apps are out, we’ll have more resources to work on the desktop application.December 24, 2016 at 01:36 #4953
Thank you for the response. Yes I did read “leaving-computer-axcrypt” and I do understand your point of view. But I think it is flawed in some settings. For example in a small office setting. There is no way I’m going to log out of windows or manually log out of AxCrypt every time I get up from my desk; it’s just not going to happen. My building is secure and I trust that my co-workers are not going to hack my PC with a key-logger or anything of that nature, but if somebody stumbled on my private files they might read them for the heck of it. To me that is a valid situation to have a file prompt for a password every time it is accessed. And that is not just making me “feel safer”, it is protecting me from the much more real threat of a “casual breech”, as opposed to a malicious hacker type breech. Calling this a “dangerous feature” is a bit ridiculous in this context.
I’d suggest implementing the ‘prompt for password every time’ option on a per-file basis, so this additional level of security can be applied only to a single file if desired. Personally I’m only encrypting a single file which is shared over the internet through OneDrive. It contains passwords and other personal data that I wouldn’t want a coworker to see. I understand this is not the use model that you are targeting, but it’s probably how a lot of your users are using it…
Anyways, I appreciate the response, and being that I’m currently using the free version of the software I’m certainly not going to complain about whatever features are added or not added… either way it’s better than other encryption solutions I’ve tried, so thank you for your hard work.December 24, 2016 at 09:22 #4954
Your “per-file” option is actually quite an interesting idea. Thank you. We may indeed do just that. Watch https://bitbucket.org/axantum/axcrypt-net/issues/186/add-option-for-requiring-password-every for progress.December 26, 2016 at 22:17 #4976
I’ve been using AxCrypt 1.x for years now on my home computer and I agree with Neal 100%. I mainly use AxCrypt to prevent someone who’s using my computer from opening my personal files that contain sensitive information (like bills, income tax returns, etc.). I trust that these people aren’t going to try and damage my computer or delete my files, but AxCrypt helps prevent them from looking at the files that I’d rather not have them look at.
If AxCrypt 2.x adds a feature to always prompt for the password, I’ll upgrade. But until then, I’m sticking with AxCrypt 1.x.December 27, 2016 at 10:43 #4983
Thanks for all the feedback! We will be adding an option to always prompt for the password. You can follow and monitor the progress here: https://bitbucket.org/axantum/axcrypt-net/issues/186/add-option-for-requiring-password-every .March 11, 2017 at 20:15 #5730
I notice AxCrypt also logs out automatically not just when you log out, but also when you lock your screen – that is very nice! I too was worried about this new “signed in” state, but that feature is perfect. Locking the screen is quick and easy, and that’s what most of us do when we leave our computers. Good job!!June 26, 2017 at 02:45 #7110
I use different passwords with different types of files. I appears that AxCrypt only allows <span style=”text-decoration: underline;”>one</span> password, the “AxCrypt ID”. It no longer accepts the different passwords that I have used in the past.
Perhaps I do not understand the workings of the new version, but to have only one password (the “sign in” password) means that all my files are available to anyone who wakes my computer from ssameleep. This is terrible security! We are constantly advised to use different passwords for each account, which I do. I do not want AxCrypt to automatically assign a different password to my encrypted files, (and the SAME password for all files).
Am I not understanding the mechanics?June 26, 2017 at 04:02 #7111
all my files are available to anyone who wakes my computer from ssameleep.
If you read the earlier posts you’d know this isn’t the case. Waking your computer up causes AxCrypt to request your password.
It stays logged in until you log out or you shutdown. If you set a screensaver or sleep timer then you’ll be logged out automatically.
By having this mechanism you are encouraged to use a longer and more secure password because you’re not typing it all the time.