Forums Community Feedback about AxCrypt 2.0 from an old user

This topic contains 3 replies, has 2 voices, and was last updated by  Leonard 5 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #13410 Reply

    Leonard

    OK, I’ve been using AxCrypt 1.x for quite some time. I don’t remember when I first stumbled onto it, but it was a very simple, very little and non-intrusive program. I liked how it asks a password for each file I encrypt, the “Shred and Delete” option on the context menu, everything about the program was intuitive from the get-go.

    After formatting my PC I looked for AxCrypt again, and it was interesting to see version 2.0. Not that 1.x was lacking in anything (at least for me) but I thought if it’s newer, it’d be better. I was wrong. Before it gets any longer, let me do a short list of features I don’t like.

    • The new UI design
    • Creating account means a connection exists between your “encryption password” and “something not mandatory for encryption”
    • Need to be logged on (yes you can be OFFLINE and LOGGED ON at the same time, I’m aware of that)
    • Automatic decryption if you are logged on (good luck to you if you forget to log off after encrypting something)
    • Secure deleting became a paid option
    • Able to use different passwords for different files became a paid option (Not sure actually, but I think password manager allows you to do that. At least I hope?)

    Also, I read this on your blog “If you change your password on our server, we’ll re-encrypt your private key there with the new password and this means that all your already encrypted files will now be decryptable with the new password!” which alone could raise some caution flags but I can’t describe how horrified I am when the program itself did not ask me my old password when I clicked on “password change”. It simply asked for a new password, and confirmation of password again. Which means, if, by any chance, someone gets 20 seconds of access to your PC, not only you lose access to newly encrypted files, but you lose access to all your encrypted files, on all devices in sync. Before you give me “Oh if someone can access your PC, he/she can do anything to it, it’s not safe anymore” bs, let me remind you: If I were to use old AxCrypt 1.x and left my PC alone for 20 seconds, the damage would be less even if I were to forget “automatic decryption with the last password used” checkbox filled. I’d lose 2-3 files that my PC could decrypt in 20 seconds time, and be done with it.

    I know you’d like to earn something from a software you’ve developed, but if you’re going to monetize features that were free on previous versions, and add no new features (at least no new features that do not provide us with additional security threats and/or backdoors) then I’m not gonna buy it or use it.

    #13411 Reply

    Svante
    Spectator

    Hi Leonard,

    Thanks for the feedback. Some of it is are your personal opinions, they must remain so. It is meaningless to discuss the fact you don’t like the new UI design without some concrete ideas from you to improve it for example.

    However, there are some technical misunderstandings that should be corrected, and some basis for changes that you may not be aware of.

    “Automatic decryption” – this was always an option with AxCrypt 1.x (“Remember this key for decryption”).
    “Need to be logged on” – this was also in essence an option with AxCrypt 1.x (“Remember this key for encryption”).

    The basic reason for making these non-optional defaults was because of usage errors of users causing data loss, as well as increased convenience. It’s simply more convenient not to need to enter your password all the time, and the “log on” metaphor is to reduce and avoid the risk of a user using different or mistyped passwords and then being unable to decrypt. This is based on real world experience of millions of users. The new model has essentially stopped data loss caused by these mistakes.

    if, by any chance, someone gets 20 seconds of access to your PC, not only you lose access to newly encrypted files, but you lose access to all your encrypted files, on all devices in sync” – This is simply incorrect. The way it’s designed you can always open the files with the password used initially to encrypt them. So you do not lose access. Also, you just can’t dismiss the fact that if you leave your PC unattended it’s not safe anymore. It’s not! You just can’t leave your PC without a screen saver or anything! If you do, it makes no sense to consider security at all.

    That we changed some previously free options into paid options is of course unfortunate for you as a free user – but the alternative to getting some revenue was to simply abandon the whole thing. As it is, you can still use 1.x for as long as you like, and you get the same and in some cases better functionality for nothing with version 2.x

    Thanks again for your feedback!

    #13566 Reply

    Dave

    If i could join part of what Leonard is having concerns about perhaps i can help provide a possible solution.

    I too have been using AxCrypt for the better part of almost two years. knowing that some files are worth keeping secret lead me to try this application. I would consider myself a more paranoid end user which fears having my file(s) stolen. Granted i know that any application can only go so far and the rest is my best judgment in keeping the files i hold dearly as safe as possible.

    I myself tend to access my encrypted files while at work and dont wish to have anyone else, physical or online, have access to the content these files possess.  The feature that i believe Leonard was bringing up is that if i can access these files, in theory so can anyone else at that precise moment in time. I would suspect that for many of us these encrypted file hold a password or some sort of other information that is needed for a short duration. After we access this information contained, it would be better to “lock” this file once again from being opened, even to myself. This revolves around the idea that we are then auto locked out after a time interval. However short or long is determined by the AxCrypt application.

    I believe that Leonard was stating that we took solace in the fact that we were prompted to enter our password as often as possible. this told us that if anyone else, physical or online presence, who tried to access these same files would be greeted by the same ‘enter password’ prompt. With the latest Free version that is currently out there, this is no longer an option.

    I understand getting paid for the time and energy put into making software. i however would recommend that this time limit on the auto locking or rather this inactivity sign out be changed from the defaulted ‘Never’ option to perhaps 10 minutes interval. This option can still remain Locked for free users but the defaulted time interval is now set to a time limit other than ‘Never’ sign out. In theory, if i’m am able to access my secure files during this ‘Never’ session so can any one else whether i want them to or not.

    For the time being, i have taken to right clicking on the taskbar icon and manually signing out as soon as i am done accessing my file(s). this is manually done but feel 100% better in knowing that everyone will then see the ‘Enter password’ screen when trying to access my files, even if the user is myself.

    #13578 Reply

    Leonard

    First, I’d like to point out some interesting statements.

    1) On company’s blog, it is written: “If you change your password on our server, we’ll re-encrypt your private key there with the new password and this means that all your already encrypted files will now be decryptable with the new password!”

    2) What Svante said above: “The way it’s designed you can always open the files with the password used initially to encrypt them.”

    So, for example, let’s say I encrypted some files with AxCrypt. Let’s say I change my password on the server the next day. Do those files are still accessible with “the password used initially to encrypt them”? Will they be “decryptable with the new password” too?

    Also further clarifying these points to prevent people from misunderstanding what I’m getting at:

    “Automatic decryption” – this was always an option with AxCrypt 1.x (“Remember this key for decryption”).
    Yes it was an option with its default as “NO”, but now it is non-optional and “YES”

    “Need to be logged on” – this was also in essence an option with AxCrypt 1.x (“Remember this key for encryption”).
    Yes, in essence, it could be counted as a similar option to one that’s in AxCrypt 1.x if only being logged on did not also enable “Automatic decryption” as well. So, unfortunately, they are not similar at all.

    “The basic reason for making these non-optional defaults was because of usage errors of users causing data loss, as well as increased convenience. It’s simply more convenient not to need to enter your password all the time, and…”

    I totally agree not being required to type password whenever I want to access a file is convenient for some. And both AxCrypt 1.x and 2.x have optional or non-optional features allowing that “convenience”. However, there are some “technical misunderstandings that should be corrected” here: A feature may be “convenient” by itself but changing it from optional to non-optional does not make it “more convenient”. If you want to call it “more convenient” you should leave it as an option and choose “the most convenient” option as default.

Viewing 4 posts - 1 through 4 (of 4 total)
Reply To: Feedback about AxCrypt 2.0 from an old user
Your information: