This topic contains 24 replies, has 2 voices, and was last updated by James Pittman 11 months, 2 weeks ago.
July 10, 2017 at 12:43 #7339
Why not simply allow users to specify different passwords for different files, and have each file ask for a password when it is opened?
There’s other software that can do this for you; AxCrypt have chosen to go down another path.
Meaning, if my wife or child or coworker uses my computer and I haven’t put it to sleep, they could potentially access files that they are legally not allowed to do.
Simple, use the Inactivity Sign Out and set it to something like 5 minutes.
AxCrypt is making some really big assumptions about how their users use the files, and then above when users have complained, you’re arguing with them about their perceptions of use. But who CARES if your users perceive security in a different way than you do?
Other software is available. If AxCrypt doesn’t provide the functionality you require, look elsewhere: it’s an open/free market. The majority of users are happy with the new paradigm.
I used to love this program, but I will probably go back to the old version or switch systems. I’m particularly annoyed that old passwords have been “updated” to reflect the new one, which I can never remember anyway since the password rules were different.
The old software still works or there are commercial alternatives you can pay for. The proof in the pudding is that you “can never remember [your passwords] anyway” – that is *exactly* why AxCrypt chose to move to the single password model.July 10, 2017 at 20:23 #7343
I agree with Theodore. The “inactivity sign-out” feature is still new but it renders a major objection to version 2 moot. Maybe an option to sign-out after only 1 minute would satisfy the really paranoid.July 10, 2017 at 20:26 #7344
You can actually reduce it to 1 minute by manually changing the configuration; it’s just not a pre-configured choice. However that’d be for the “really paranoid” because it’d be extremely user unfriendly.December 13, 2017 at 17:42 #8467
For many years I’ve used version 1.7 of AxCrypt and have been very pleased with the ease of use and with what I judge to be very effective security. I’m running a Windows 10 64bit Pro system. One of my principal AxCrypt uses is for a master list of user-ids, passwords, secret questions, etc., etc. This file is an Excel (Office 2013) workbook that is password protected and then encrypted using AxCrypt. As a consequence in order to open this file I must enter the unique AxCrypt password I created for it and once that p/w has been entered correctly I must then enter the unique p/w I set up in Excel when I first created the file.
With version 2.1.xx of AxCrypt my unique and very strong AxCrypt p/w for this file is no more. I can’t get to any of my encrypted files unless I log into AxCrypt first and then I can enter the P/W for the Word or Excel file that has it’s own unique password. So I’ve gone from two very strong and unique passwords in ver. 1.7 to a master password for all AxCrypt encrypted files plus a p/w for the MS Office file that I need to open. As far as I’m concerned this is a step backward that makes my sensitive files less secure than they were before. In addition if I have 5 encrypted MS Office files none of which has an Office password the result is that all 5 files have the same password. This is hardly secure.
At the very least the user should be able to select how ver. 2.1.xx will work, i.e. the “new” way or the way ver. 1.7 works currently.December 13, 2017 at 19:01 #8468
Your current setup of keeping your usernames and passwords is inesecure. You should be using a password manager which is designed for this scenario. The following are my recommendations:
To answer your other point;
I can’t get to any of my encrypted files unless I log into AxCrypt first and then I can enter the P/W for the Word or Excel file that has it’s own unique password.
This is how AxCrypt 2 works. It’s much more secure because you can use one exceptionally complicated password which you can store in your password manager and then, once logged in to AxCrypt, all your files open upon a double-click until logged out.
In addition if I have 5 encrypted MS Office files none of which has an Office password the result is that all 5 files have the same password. This is hardly secure.
It’s extremely secure and nobody has broken AxCrypt’s encryption because it uses a world-renowned encryption library.
At the very least the user should be able to select how ver. 2.1.xx will work, i.e. the “new” way or the way ver. 1.7 works currently.
There’d be no point.
AxCrypt 1.7 works in the method you refer to. If you prefer that paradigm then you can revert to 1.7
AxCrypt 2 works with modern encryption and a single-sign on paradigm.
Install whichever version you prefer.December 13, 2017 at 19:25 #8469
Thank you for your very prompt reply.
I seriously disagree that my methodology is not secure. I’ve never had my password file hacked. How many times have the big cloud players been hacked? One of the most popular, Last Pass, has been hacked several times in the last 5-7 years. What about the others? We have no idea unless they confess, and how many have been hacked but failed to confess? Personal preferences and comfort zones are what makes personal computing so interesting. I take offense at you categorically disparaging the method I’ve chosen to protect my passwords. My approach is a legitimate alternative to password managers and should be recognized as such, particularly since I use AxCrypt to encrypt the files.
I’m afraid you misunderstood what I wrote concerning the 5 MS Office files. Nowhere do I see a recommendation by AxCrypt to create a password when a new MS Office file is being created so as to enhance security. I never fail to password protect my important Office documents when they are created, and it is only then that I use AxCrypt to encrypt them. Unless I missed it nowhere on your site do I see a warning about allowing browsers (any of them) to store passwords, and you should have such a warning in place.
I’ll be sticking with version 1.7 thank you!December 13, 2017 at 20:43 #8470
I’ve written a longer text on the fallacy of a multiple passwords strategy, you’re welcome to read it here: https://www.axcrypt.net/blog/use-of-different-passwords/ .
It’s questionable if the Office password protection adds anything also, the problem being that Microsoft failed several times to implement it correctly, and now it’s often very hard to know just what version of the implementations is used in a specific situation. The most recent implementation appears to be “good”, but it’s often not used due to default settings for backwards compatibility etc. It’s complicated…
The idea with AxCrypt 2 is that you should use one single sufficiently strong password for all your needs. Also, we do provide a password manager, but I can of course understand concerns about that. However, stating “I’ve never been hacked, but LastPass has” is not really a valid argument. The most likely case is that on-one has tried hacking you, while thousands have tried hacking LastPass. The problem is that there is a big risk that the first one who tries to hack you succeeds, and you won’t know until it’s too late. In some ways, it’s actually a good idea to use a product or service which *has* been hacked, as long as the provider has acted correctly, and improved the product since. Then at least you know that someone has tried, found a problem, which subsequently has been fixed. That’s one known problem gone.December 13, 2017 at 20:53 #8471
I seriously disagree that my methodology is not secure. I’ve never had my password file hacked. How many times have the big cloud players been hacked?
You can disagree but you’d be wrong. If you clicked on any of those links provided you’d find that none of them are cloud services. They are all free, open-source, offline password managers and your data is stored on your computer.
I take offense at you categorically disparaging the method I’ve chosen to protect my passwords.
Don’t take offence. It’s insecure according to all security experts but you’re free to protect your passwords however you please.
Nowhere do I see a recommendation by AxCrypt to create a password when a new MS Office file is being created so as to enhance security.
The site doesn’t state that because Microsoft Office uses AES and so does AxCrypt. If AES can be broken then multiple layers of the same encryption won’t offer any additional protection; just more inconvenience for you and a greater likelihood the file will become inaccessible either through corruption or password loss.
I’ll be sticking with version 1.7 thank you!
If it works for you, great. (Anybody else reading this should be aware that it’s no longer supported)September 12, 2018 at 19:18 #11335
I used AxCrypt to secure some files years ago. I am trying to open those same files today and cannot do so with the same password that I had used back then. It wants me to “sign in” instead. Absolutely terrible. I regret using this software.September 12, 2018 at 22:16 #11336
Thanks for your feedback. Sorry you feel that way. The sign in procedure is partially just a paradigm to make it easier for most people to recognize the function. Also, it adds actual verification (still without us storing it) of the password, reducing the risk of typos leading to encryption with the “wrong” password leading to data loss. This is not too uncommon with the old software. We think it’s a great improvement, but I certainly respect your point of view as well.