Forums Bugs & issues Cannot use AxCrypt to keep my local files secure from other local people

This topic contains 13 replies, has 2 voices, and was last updated by  Paddy 3 weeks ago.

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #4744 Reply

    Gabriel

    This isn’t a bug; it’s an issue.

    I downloaded AxCrypt to keep my personal local files secure from other admins using a shared admin account. So, we all use the computer on the same admin account–or even if it wasn’t the same admin account it doesn’t matter–we are all admins and could take over any admin account we wanted.

    To my dismay, when I right click a file and choose AxCrypt –> Encrypt, it doesn’t ask me for a custom password, it just encrypts it. Then, to my horror, when I click Decrypt, it doesn’t ask me for a password, it just decrypts it. AxCrypt 1 would have worked perfectly for my needs, where version 2 seems to be worthless to me for this purpose.

    Is there a setting or workaround I can use to get the desired behavior? I’d like to set a custom password, and it *must* ask me for the password each time I try to decrypt a file. Also, I don’t like AxCrypt always being run under my personal email address when others might want to use it too–on the same PC, as an admin, on the same admin account.

    #4745 Reply

    Svante
    Keymaster

    Hi Gabriel,

    I understand the shared admin account – but you don’t leave the system signed in with admin access do you?

    AxCrypt will automatically sign out when the windows account is logged out, or the screen saver goes active etc. So it should really work quite well for you in this case.

    However, AxCrypt is not multi-user right now. We’ll be adding that function in the future.

    It’s an extremely unusual situation – shared Admin account where you work with personal sensitive information.

    So, no, it’s not perfect for that situation, but apart from the fact that it will remember your email-address (which should not be a secret for your co-admins though), it should work quite well given that you actually sign out or at least enable the screen saver when you leave the system.

    If I missed anything, please let me know!

    #4746 Reply

    Gabriel

    Svante,

    Thanks for the info and quick response. I just uninstalled v2 and went back to v1.7.3180.0, and it works perfect for my use case. Basically, I’m just using AxCrypt in this particular case in order to put passwords on any type of file–including those that you normally can’t password protect. I hope you can give the option for the old functionality so that we can choose to have the v1.7 interface in v2.

    Signing out of the shared admin account is not practical. Setting the screensaver is a work-around but very non-ideal. Here’s our use case for AxCrypt:

    We are on a shared work computer. All work computers are horribly ridiculously locked down: no admin rights, China-like fascist firewall, no USB devices allowed even, except keyboards and mice. However, a small group of us are computer programmers, so we got a special machine, off the network, with a separate, open internet even, for use for software and firmware development.  All of us in this small group are developers, and this is our unlocked development PC that we periodically use and share. At any given moment one guy might be running data collections software up that he wants on constantly, while someone else sits down for half a day to program. Therefore, since we are all using the same or similar applications, and we are all admins on the same computer (but we occasionally need to drop a personal file we need protected), we aren’t logging out between users, and sometimes we explicitly prevent the screensaver from coming on so that the background software can run on 1 monitor while others work on the other monitors (it has 4 monitors).

    So….AxCrypt 2 is poorly set up for our particular case. I think having an option for AxCrypt 1-like functionality would be nice.

    #4747 Reply

    Gabriel

    Also, a few more comments:

    1. right-clicking a URL in Windows Explorer with AxCrypt 2 does NOT bring up the context menu for AxCrypt (it should, but doesn’t), but for v 1.7 it does. Please fix for v2.
    2. the “Encrypt Copy to .EXE” option in AxCrypt v1.7 is *really* nice! If this feature is not in v2, please bring it back. I regularly need to share un-passwordable, sensitive files with people who don’t have AxCrypt, and that’s a great feature to have.
    3. I use Linux all the time. If you could make this program cross-platform to work with Linux too that would be phenomenal. I really like AxCrypt 1.7. It’s a great program.

     

    #4748 Reply

    Svante
    Keymaster

    Hi,

    Thanks for the extra info, and that *is* one strange work environment…

    1 – What you mean “right-clicking an URL”? A shortcut?

    2 – See http://www.axcrypt.net/blog/avoid-self-decrypting-files/ .

    3 – We’re working on cross-platform, right now in beta for mobile iOS and Android apps. Next step Mac OS X, which we thing as a spinoff will support Linux with minimal extra work, so there’s hope!

    #4853 Reply

    Emily

    Hi Svante,

    I’m adding my voice to this thread because I have a similar issue as my fellow customer, and wanted to help make this a red flag that you’re losing captive users who will be reverting to 1.x because the functionality isn’t available in Axcrypt 2.x.

    I’m going to copy the email that I was just writing to support, as I understand it will not be prioritized regardless:

    I’ve dug through your forums, and realized this issue I’m bringing up seems to have been a deliberate choice.

    In short – at our company, we have at least 4 levels of security required, with different passwords. We usually work on separate computers but have a shared server where all our files are stored, with different passwords encrypted in 1.x free.

    Now that Axcrypt 2.x has been installed on two of our machines, whenever an 1.x encrypted file is opened, as you’ve described in your support forums, the password appears to be overwritten with the user’s password.

    This eliminates our crucial security clearance levels. If I have to give an employee my password – which unlocks ALL our encrypted files – to open their specific file, then the encryption is null for our purposes.

    Is there the capability with Axcrypt’s 2.x free version to encrypt files with a specific password, that is DIFFERENT from the user’s email/ID-linked password?

    If the answer is no, I have to find a reliable source to download the 1.x software – any recommendations of such sources are really greatly appreciated, or if you’re providing it on your website and I just haven’t seen it, please do share the link.

    In removing or burying this functionality in Premium, you’ve removed a core function of Axcrypt and basically why we, and I can imagine many other companies with multiple security levels, use the service.

    That said, I can imagine you may not care too much about losing free users, but it’s a real shame.

    If you agree, I earnestly request you provide the functionality to password-protect encrypted files with a chosen password in the free version. The community will thank you.

    Thank you for creating such useful software. I hope I can continue to use it.

    #4854 Reply

    Barry

    Hi,

    You can still download AxCrypt 1.7 from the other website but bear in mind that AxCrypt are not providing any updates to it which in itself is a security risk.

    I agree that’s it’s extremely annoying to be unable to use separate passwords which is why I’ve moved over to 7-Zip which allows you to do exactly that and it’s free.

    However I think you’re misunderstanding how AxCrypt 2 works because for your purpose – being able to share a file with a specific person without needing to give out your password – is possible. You must be a Premium (paid) user to use this feature.

    The benefits of this approach in your use-case scenario is that you can have all your files on the central server and not need to have lots of separate passwords. You just share it with the individual(s) you want to and you never give out any password. The user you’ve shared it with can just open the file (using his password).

    It’s possible I’ve misunderstood you; in which case you’ll have to use the unsupported AxCrypt 1.7 or switch to something like 7-Zip.

    Watch the official AxCrypt video from 1m17 onwards (it should automatically jump to that point).

     

    #4857 Reply

    Svante
    Keymaster

    Hi Emily (and thanks to Barry for jumping in),

    I’d just like to confirm what Barry’s saying – the key sharing feature in AxCrypt 2 should improve usability for your scenario, provided the group of users having access to a given file is not too large. But then again, if it’s say 50 persons – just how much security to do you imagine you’ll be getting with a “secret” password shared with 50 people?

    The whole point of AxCrypt 2 key sharing is that you *can* share encrypted files with others *without* sharing any passwords. You do not need to give out your password. You just add the authorized viewers to the list of users to share the file key with.

    If you try it out, I think you’ll like what you see and find that it’s actually a great improvement over AxCrypt 1 for your situation.

    #4957 Reply

    Paddy

    Svante – could you not consider a situation where a family uses the same computer “hot-seating”, one uses it, another takes his or her place.  The computer is run as administrator, separate accounts have not been set up.  They feel there is no need to do so.

    Dad would like to create a separate Excel worksheet showing all his banking passwords, user names, banking account numbers even PIN numbers.

    Mum wants to create an Access document to record details of her florist business.

    His son would like to create a Word table with all his passwords, contacts, URLs for web sites etc.

    None of the three would like the other two to have access to their information……….

    With AxCrypt 1 each of the above would have been able to create their own document and encrypt it with their own password.  Unfortunately with AxCrypt 2 this is not possible.

    Certainly to me the functions in AxCrypt 1 seem far  more sensible and I wonder why you removed them?

    I installed AxCrypt 2 today because I was getting many errors with AxCrypt 1 when trying to make changes to Word or Access documents and on trying to save them I would get a file error message.

    I’ve not encountered the file error message in AxCrypt 2 but I feel that I have lost the individual control I had with AxCrypt 1.  It was no hardship to me to open files individually and enter the separate passwords.

     

     

    #4958 Reply

    Lucas

    People have been asking for this feature to be reinstated Paddy but that’s not the way AxCrypt is moving. We’ll see what Svante says but your comments are highly unlikely to change anything.

    In your specific example there is nothing to stop your Dad, Mum and Son using the in-built password protection of Microsoft Excel, Access and Word. This is a much easier solution than using any piece of encryption software because it’s included in the software and the cryptography is just as strong as Axcrypt (it uses AES-128) as long as you’re using Microsoft Office 2010 or later. All you do is set a document password and that’s it. Every time you open the file you’ll be prompted for a password; no error messages or anything.

    However I have concerns with your Dad storing banking passwords, PINs, usernames and such like in Excel. Similarly you shouldn’t be using Word for this type of material. You should be using a password manager; these are designed to keep this sort of information secure and they’re much more convenient than using files!

    In order of my recommendation

    1Password (it’s proprietary, costs $4.99 per month, is licensed for 5 users <span style=”text-decoration: underline;”>and</span> works on mobile devices too)

    LastPass (most features are free and there’s premium offering costing $1 per month and works on mobile devices too)

    KeePass Professional (it’s free and open source but only works on a computer)

    Password Safe (it’s free and open source but only works on a computer)

     

    If you still want to continue using AxCrypt like you used to then take a look at 7-Zip, it’s free and open source but in your environment it’s just as much hassle as AxCrypt. Use the in-built password protection of Microsoft Office for the Access database and everything else should be in a password manager.

    #4967 Reply

    Paddy

    Thank you Lucas, and a Merry Christmas to you!

    I didn’t realise that MS Office had built-in encryption.  That is probably my best bet.

    Currently I store my passwords, user names, memorable information on a Word (table) document.  It’s amazing how this grows over time.

    I’ve used AxCrypt1 to encrypt the table. I didn’t have too many problems on my old XP computer, however on my latest computer with Windows 10 AxCrypt1 wouldn’t always save changes I made to the table and I’d get a warning box stating something like “The document couldn’t be saved because of a file error and would you like to retry”.  I discovered recently that after entering information, trying to save, receiving the error message and retrying to save that the error message did not reappear, indicating that the table had been saved.  However, and this is the really annoying part, the new information had not be stored.

    I did give KeePass a trial some years ago.  Agreed it was very good at creating passwords especially as it used lots of special keys.  The only drawback was that when one of these long, difficult passwords was created and copied to the clipboard some web sites would not allow pasting into the respective box.  This was very annoying and I found that I was having to manually write down the password on a piece of paper, then enter it into the box and quite often I’d inject my own errors into the procedure, so I gave up on it.

    Thanks once again

    #4968 Reply

    Lucas

    Merry Christmas Paddy!

    Yes, the integrated password protection of Microsoft Office is by far the easiest and most convenient method of encrypting your files. The first time you encrypt simply go to:

    File | Save As | More Options | Tools | General Options | Password to Open

    Those options may vary slightly depending on your version. Then, every time you go to open the document (after you’ve closed it), you’ll be prompted to enter your password.

    The default encryption for Office 2013 (and Office 2016) is AES-128 in CBC mode with 100,000 iterations. The way it is implemented in these modern versions is extremely secure and because it is built into the software you don’t get any errors.

    Even professional password cracking software cannot break the encryption if you use a sufficiently secure password (10 characters, symbols, numbers). It can only guess the password if you use a short, dictionary word:

     

    “With latest versions of popular office suites such as Microsoft Office 2013 implementing the strongest security, brute force attacks become painfully slow and ineffective even in GPU-accelerated environments. The limited recovery speed of Microsoft Office 2013 passwords required the use of a smarter approach than brute force or simple dictionary attacks.
    With truly random passwords now taking near infinite time to recover, Advanced Office Password Recovery employs a social engineering approach and implements smart attacks targeting human psychology.”

     

    I can only imagine the glitch you are suffering with AxCrypt is because there are two copies open.

    With password managers some sites restrict pasting but you can also view the password in cleartext and type if necessary. KeePass also offers a feature which simulates keyboard presses, i.e. in tricks the website into thinking somebody is typing (instead of pasting) and therefore allows it to be entered!

    #4980 Reply

    Svante
    Keymaster

    Hi Paddy (& Lucas),

    We will be adding an option for “require password every time”, since it is such a frequent request. We really don’t agree with this, since we think it encourages other unsafe practices such as sharing a Windows Login between different users – even in a family. Nevertheless, it seems like the line of least resistance ;-)

    On the case of passwords stored using AxCrypt, I’d like to point out that with the Premium subscription you’re also getting our Password Manager, which is both less costly and in many ways simpler to use than many other similar services. It is available for use from any device with an internet connection, including mobile devices.

     

    #4985 Reply

    Paddy

    Thank you Lucas – you’re a genius!

Viewing 14 posts - 1 through 14 (of 14 total)
Reply To: Cannot use AxCrypt to keep my local files secure from other local people
Your information: