Auto sign out options

[Yehuda]

This is more of a suggestion than a bug, but this seemed like the best place to put it.

I see that the software automatically signs out when the screensaver starts or the user is locked. Maybe these could be options that we can choose. For example, Lastpass for Applications has the following settings:

Thanks!

[SvanteSpectator]

Thank you Yehuda!

Here’s the thing – we’re allergic (at least very sensitive) to options. We think software should try to work as well as possible without options as far as it is at all possible. Also, we don’t want to re-invent any wheels.

All of these options and settings actually exist – in your screen saver settings. Since we *really*, *really* recommend that a password protected screen saver is always used, regardless of the use of AxCrypt or not, this would be a duplication of features already existing.

So, while I really appreciate you taking the time, in this particular case I stand by our active decision not to have this as an option. At least so far – I’m always open for new takes on old situations!

Svante

[Yehuda]

Thank you for your prompt reply!

I definitely hear what you’re saying, but it is precisely because of what you said that I’m requesting this.

I have my computer set to lock after a very short time of inactivity. But then AxCrypt signs out after this short period as well. Signing into AxCrypt is far more tedious, since I use a randomly generated 100 character password stored in LastPass. I am far less worried about someone gaining access to my physical computer than gaining access to my files stored in the cloud, hence the encryption.

Thanks!

[Dale]

Well, there you have it Yehuda. Needing these options apparently means we are using our computers wrong! Can someone please suggest an equivalent piece of software developed by developers without an alergy for options?

 

 

[SvanteSpectator]

Hi Dale,

I did say we are perhaps not allergic, but at least very sensitive to options. They tend to mess up the usability. That doesn’t mean we will refuse to add any options at all. Some are necessary, but what we’re saying is that we think twice at least before adding an option.

The auto sign out option is actually on the to do list.

https://bitbucket.org/axantum/axcrypt-net/issues/208/sign-out-automatically-on-a-set-time

[Peter]

I just updated to 2.0 and have found that once you sign in to the program, you do not need to supply the password to open subsequent files.  Can you please include this as an option.  I want to have to enter the password every time I open a file.  This may seem like an additional level of security, but the screensaver option, while enable on my laptop, doesn’t always function, so the additional level of security is actually a fail-safe to keep the files secure.  Thank you.

[Brian]

Peter, if you want to be prompted for your AxCrypt password every time then click File > Sign Out within the application.

The other option is to press the Windows Key + L to activate the Windows lock screen.

[Peter]

Brian, once you open a file with the password, all other files open without prompting, unless you signout after every individual file.  That is not practical.

[Brian]

It’s equally impractical to type in a secure (long, random, alphanumeric with symbols) encryption password each time. If your password doesn’t conform with the above criteria then it isn’t secure.

What you’re asking for can be done very easily. Lock your screen whenever you leave your workstation unattended. When unlocking your screen you’ll be prompted to enter your AxCrypt password when you next go to unlock a file.

There’s really no reason for the feature you’re asking for because it doesn’t make you more secure. It might make you feel more secure but that’s a false perception.

If you’re leaving your screen unattended and unlocked then a malicious party can easily siphon your password by a key logger, malware etc. AxCrypt’s lack of prompt is the least of your problems.

If you’re locking your screen then the problem you mention is solved. You’ll be prompted for not only your screen password but your AxCrypt password.

If you’re worried about multiple users then you’re doing it wrong. Every user should have their own user account otherwise they can circumvent the encryption via the means suggested above: key loggers etc.

What is it you’re seeking to achieve by being forced enter your password each time?

[Peter]

If I step away from my computer for a minute or 5, it would be too easy for someone to step up to it and open a file. Regardless of whether you feel it is needed or warranted, one of the nice aspects of ver. 1 was that a password was needed to open every file.  That is an aspect that I like and would like to have in ver. 2.  A simple, safeguard that doesn’t require me to lock my computer every single time I step away.  Safe by default.

[Brian]

They can bypass AxCrypt if you step away from your computer. I’ve already explained how.

You’re making yourself insecure by not locking your screen.

That same person can delete all your files, copy things to a USB, install malware and much more unless you lock your screen.

AxCrypt, nor any other encryption software, can protect you from yourself. If you don’t lock your screen it’s game over.

[Peter]

I am not sure why you have turned this into an argument.  I have asked for the same functionality that was in ver.1 to be added to ver.2, and you have continued to lecture me on how to secure my computer.  Plain and simple, keeping everything encrypted and being asked for a password every time is far safer than relying on locking the computer should you step away. In any event, it is not for you to tell me how to use my computer.  Many others have also asked for the ver.2 functionality to be brought to ver. 2, so there must be many who desire the added security of having to unlock each file when opened by password.  Thank you.

[Brian]

I haven’t turned it into an argument. I just can’t understand why you think it’ll make you more secure but if you’re the type who prefers “security theater” then great. It won’t make you any more secure – in fact it’ll make you less secure because you’ll be lulled into a false sense of security and thereby fail to take more pragmatic steps to securing my system. But, as you imply, that’s not my problem.

Your information security practices will ultimately undermine your security but, hey, at least you’ll feel safe.

On a final note your wish will soon be granted. If you’d looked through the forum you’d have found this:

“We will be adding an option for “require password every time”, since it is such a frequent request. We really don’t agree with this, since we think it encourages other unsafe practices such as sharing a Windows Login between different users – even in a family. Nevertheless, it seems like the line of least resistance ;-)”

[Dale]

Brian,  The reason you cant understand why having a requirement to unlock files using a password each and every time can improve security for the many users requesting this is because you have failed to understand the scenarios for each of the users. Many of these users have reasons for not wanting , or being able to use a screen saver with the timeout settings you would claim give them the security level they require.  Many have other reasons. You are in no position to lecture users on  when and where your measure x  is more important than their reason x.

You are in a position to advise – and if youre going to be dogmatic, provide innacurate information (a screen saver is not sufficient to prevent someone with physical access to a drive from delete files, moving them, copying them etc) and and start throwing around sanctimonious terms like ‘security theatre’, then your  in a position to be ignored as well.

[Dale]

Anyone who needs the above functionality in the meantime while it is being added to Axcrypt can use this autohotkey script. It will close axcrypt a short while after you open a file, logging you out and requireing password entry any time you open a file again.

—————————

#NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases.
; #Warn ; Enable warnings to assist with detecting common errors.
SendMode Input ; Recommended for new scripts due to its superior speed and reliability.
SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory.
#Persistent

settimer, kill, 20000
return

kill:
Process, Exist, AxCrypt.exe
sleep 10000
If ErrorLevel <> 0
Process, Close, AxCrypt.exe
return

——————————

[Author]

Posts