This topic contains 4 replies, has 2 voices, and was last updated by Sputnik 1 year, 10 months ago.
May 31, 2016 at 20:09 #3307
Hi Svante !
I was thinking about the problem that represents the actual password politics for many people.
It seems that some people fear that because the password they must enter to decrypt their files is the same that they have given to sign in with your website, that this represent a threat to the security of their password.
I understand that when different people send crypted files or keys (?) to each other through your servers, you need to be sure who is who and you get that through the signing in with the actual password.
Just to give to the users the feeling of the security of their password, could you introduce another type of password which would be an offline password ?
Thus you would have 2 different passwords : an online password for when you want to collaborate with others through your servers and a new one, an offline password which would be used only for an offline usage ?
Thank you.May 31, 2016 at 20:13 #3308
Thank you again for your feedback and interest!
You are right that we do have an issue with the intuitive feeling that it’s bad to have the password sent to a server.
We are considering this, but what we’re trying to achieve is decent security that is really simple to use. So, the ‘offline’ feature would have to be as simple. We’re not quite sure just yet how this would work, but we are certainly thinking about it.
Once again, thanks!
SvanteMay 31, 2016 at 20:40 #3311
Hi Svante !
I think that a simple way to proceed with this would be like this :
When the user opens up AxCrypt, AxCrypt would ask for a password. The password the user will enter will determine if he wishes to go online or if he wishes to go offline.
Inside the AxCRypt UI there could be a place where you could place 2 different buttons : one for the “Online” connection and another one for the “Offline” connection.
If a connection is active, its button would show the title “Disconnect” and if the connection is inactive, the button would show the title “Connect”.
This way, the user would have a complete control on the way AxCrypt is working.
This is a just an idea among many others.
Thank you.May 31, 2016 at 20:57 #3312
Hi Svante !
Forget about the exact formulation of what I just said.
I have just realized that it is a little more complicated than this.
Thank youJune 1, 2016 at 14:40 #3335
Thanks for your input – keep it coming!