This topic contains 5 replies, has 2 voices, and was last updated by Gene 1 year, 10 months ago.
September 5, 2016 at 21:54 #4018
I just got the new AxCrypt 2 version.
It’s well known that accounts can be hacked for several reasons and mainly for users fault.
If this happen, is it enough that the hacker change my password and I lose any chance to open my encrypted files ? Are they still safe on my device but completely unusable ?
RegardsSeptember 6, 2016 at 08:54 #4023
Yes, accounts can be ‘hacked’ – although, what this typically means is that your password has been guessed or otherwise leaked. Very, very seldom are user accounts really ‘hacked’ in the sense that a vulnerability is exploited. Servers are however sometimes hacked, which sometimes is the cause of leaks of password databases (although just as often it’s an inside job).
No, if someone actually would gain access to your email for example, and then use that access to perform a password *reset*, that will not affect your files. It will, temporarily, cause your sign in to AxCrypt to fail if you’re online of course (since the ‘hacker’ has succeed in *resetting* your password). In this situation, you’ll just *reset* the password again to the original (after ensuring the ‘hacker ‘ no longer has access to your email of course, by changing the password to that service).
The files as such are not at all affected by any kind of change to the online account in this case. Also, with AxCrypt, regardless it’s always possible to open the files with the password originally used to encrypt them.
Your files are safe and usable for you, but not the ‘hacker’, if such person would succeed in actually *resetting* the password of your AxCrypt ID online.
A ‘hacker’ cannot *change* the password to your AxCrypt ID without actually knowing the original. This is not possible to bypass by hacking our server either, since it’s not a regular password change where we just check that the old password is known. We actually encrypt data on our server (using AxCrypt of course) using your password. So, to *change* password, this must be decrypted, and this requires to really know the old password before it’s possible to set a new one.
There is thus a definitive difference between *changing* and *resetting* AxCrypt ID online passwords. *resetting* can be done by a ‘hacker’ with access to your email. *changing* requires to really know the old password.January 14, 2017 at 16:48 #5206
Hello, – Svante….. I am very hopeful that you can clear up my confusion and concern.
I have just received the email message that follows below. I have used the terrific FREE version of Axcrypt for YEARS now. I do not understand what is being spoken of (ID account, etc.) in the message, BUT I cannot afford to lose my file access because of some misunderstood “signup” for “anything”. What I mean is that I did not ever intentionally sign up for anything. I MIGHT have (I CANNOT REMEMBER !) agreed to receive NEWSLETTERS about/from Axcrypt is the ONLY possibility I can even imagine, but I cannot even be sure of that. I was and AM perfectly satisfied with my free Axcrypt version I’ve had and used for years and have no need nor interest in changing things. So, my question is: IF I do nothing and this “AXCRYPT ID Account” is then deleted, as the note states, does that mean I will LOSE all access to my files that are encrypted/protected on my system? ! I never saw anything at any time, ANYWHERE that made mention of such a situation or such a “possibility” along with any offer. PLEASE let me know what the situation clearly is.
These statements (from the email) are what concern me most at the moment: “We’re about to delete your AxCrypt ID!” “… we’ll be removing you permanently from our system.”
WHAT exactly does it mean if that (deleting my ID and removing me completely) happens?
Thanks & Regards, Gene
PLEASE SEE the EMAIL NOTE (from Axcrypt) IMMEDIATELY BELOW :
We’re about to delete your AxCrypt ID!
You gave us your e-mail as part of installing or using AxCrypt, through an app or the web. We sent you an verification code via e-mail, but you’ve not used it. If you do not immediately verify your AxCrypt ID account by using the verification code we’ll be removing you permanently from our system.
Your verification code is 1Wn2IIPc5PBz .
Verify AxCrypt ID
You can start your trial of AxCrypt Premium features for 30 days in the app!
You do not need to respond or do anything. If you do nothing, no more e-mails will be sent and your AxCrypt ID account will be deleted permanently.
Thanks for using AxCrypt!
The AxCrypt team
If it is unclear why you are receiving this from AxCrypt.net, you can ignore this email or report it to firstname.lastname@example.org.January 14, 2017 at 17:46 #5207
No worries. Your account has not been hacked. You will not lose access to your files.
Someone, probably yourself, have registered your email address in our system. When this happens, we ask you to verify the email by clicking a link or entering a verification code.
No-one did this during the time period we’ll wait for this, and what this email says is just that – since you did not verify it, we’ll just remove you.
This has no affect to your ability to access your files, as long as you know the password used to encrypt them.January 14, 2017 at 17:47 #5208
When you sign up to AxCrypt 2 you’re required to enter your email address when you start the program. You then have to enter a verification code which is sent by email. Once you’ve done this you decide upon a password and that’s that. There’s a a free version of AxCrypt 2 and a paid version.
AxCrypt 1.7 is a different piece of software which works differently. No sign-up was required and the software was free.
If your files are encrypted with AxCrypt 1.7 then they’ll continue to be permanently accessible.
If your files are encryption with AxCrypt 2 (unlikely because you’re saying you didn’t enter the verification code) then your AxCrypt 2 ID will be deleted. Any files can still be decrypted providing you don’t forget your password.
Capital letters indicate you’re shouting and it makes it difficult to understand your question.January 14, 2017 at 20:53 #5211
Thanks to both Svante and Craig for the very quick and clear responses. Sorry for the caps issue. It was for emphasis, not yelling or shouting. I’ve never been a forum user at all until now, but I’ll make note of that point should I use this or another in the future. Appreciate the help…. Regards, Gene