March 9, 2017 at 01:45 #5723
Hi, sorry to post in an old thread but I am having an issue that matches this thread title exactly and after reading through the thread am still unable to access my old file. I think I actually understand what happened and have permanently lost access to the file but I want to double check.
I have a .txt file on my computer in which I keep a list of all my passwords for things that need to have a strong/difficult password but that I don’t use often. I have always kept that .txt file encrypted with AxCrypt, using a strong password that I have memorized. Recently (a few weeks ago) I upgraded to V2 and opened the file. At the time I must have either remembered my old AxCrypt sign-in info or reset my password. In what will become an ironic move, I then added that password (the AxCrypt sign-in pw) to the .txt file. After closing or signing out or whatever, I let AxCrypt convert the file to V2, understanding that it was just something the program wanted to do to make it more secure.
Today I go to open the file, having totally forgotten about this whole new sign-in thing, and am surprised that it asks me to login to my account instead of just entering the file’s passphrase. I tried typical passwords I use for things I’m not worried about (I never planned to store any passwords on AxCrypt, so didn’t really care if the password was weak), but none of them worked. I probably used a more complicated password, but don’t remember what it is (never thought I would need it), and of course it’s in this .txt file that I’m trying to decrypt. I go to the AxCrypt website and reset my password. OK, now I can sign in, but when I go to type the original passphrase for the file it tells me that it’s incorrect.
I’m assuming that what happened is that when I let the software convert the file to V2, it essentially re-encrypted it with my account pw, getting rid of the original passphrase. Since I reset my account password, the only way I can open the file now is with the original account password that I used for the session when I upgraded the file?
If this understanding is correct, I’ve basically lost 10+ passwords and accounts that I won’t be able to get back. If so, on this “onboarding process,” it REALLY needs to be clear that the sign in password will be the new password for ALL V2 files, and that old file passphrases won’t work once upgraded. Like, this needs to be in a separate pop up window in caps and bold letters and a big graphic with big red warning signs.
To explain why there might be some reluctance to this system: I keep some files encrypted with a weak password that’s easy and quick to type. There’s no sensitive information here, just personal things like diary/journal backups that I wouldn’t want a friend etc. using my computer to accidentally open. Then I use a very strong password for this one file that stores my other passwords. For me it makes sense to have different passwords for different files, and V1 made this very straightforward and easy – select the file, give it a passphrase, and you’re good to go. I’m sure the new features in V2 are great for those who want to use them, but it seems to lose some of the straightforwardness and flexibility of V1 and not have a good way to have different files with different passphrases. Also the onboarding process was not clear to me and seems to have caused me to permanently lose access to a very important file.
In any case, based on what I described above can you please confirm my understanding? Thanks.March 9, 2017 at 08:01 #5725
I am very sorry to hear this. It appears you have understood correctly, what you describe is a very likely explanation of what has happened.
Unfortunately, we’ve had many similar incidents with V1, apparently it’s not altogether too uncommon to set a password encrypt a file and forget it.
For this reason, we’ve now made users enter the password no less than three times before we actually use it to encrypt anything. This has significantly decreased the number of such incidents, but it appears it happened to you anyway.
We also have the ‘show password’ option on by default to reduce the risk of typing something else that is expected.
Still, since it happened, again we need to clarify this even further.
We will be adding some form of first-time use information that you’ll have to ‘sign’ with your password where we’ll inform of the importance of not forgetting the password, as well as of how critical it is to use backups. We’ll also be adding a similar dialog when a V1 file is first converted, informing of what is happening.
Once again, I’m sorry.
On the another note, I’ve written a blog post about multiple passwords, here: https://www.axcrypt.net/blog/use-of-different-passwords/ .