Forums › Bugs & issues › Garbage!
This topic contains 10 replies, has 2 voices, and was last updated by Lance Roberts 2 years, 3 months ago.
-
AuthorPosts
-
J Goss15 minutes with this lame app and that was it! I uninstalled the troll.
Doesn’t recognize passwords!
And screw you and your “I’m not a robot” reCAPTCHA!
EuanOkay, bye bye.
Good riddance to the troll (you).
If you want to be arrogant, nobody on here will help you.
AxCrypt is simple to use. If you can’t understand it, learn how to use a computer.
PeterAxCryp is a very poor product.
The encryption level is so high that it is too easy to forget the password – (Remember that these day we have to remember far more passwords for websites & credit cards etc).
This is because it is too difficult to make a memorable password that requires non-alphanumeric characters.
The only way to remember passwords from AxCrypt is to write them down – which completely defeats the object.
As a result I have installed AxCrypt from my computer and placed my files on a stick that is removed from the computer and hidden away.
I have also recommended that my friends do the same.
I will reconsider AxCrypt if there is ever a version that allows the use to use ANY password form – a warning that the password is not strong will suffice.
PeterIncidentally Euan, I am software engineer and have written encryption code many times on embedded platforms.
Although I agree that arrogance is not acceptable on any forum.
HarryThe encryption level is so high that it is too easy to forget the password
There’s no point in using weak encryption. You either do it properly or don’t do it at all.
That you say the encryption level is so high is a compliment. It shows the product working as intended.
—
This is because it is too difficult to make a memorable password that requires non-alphanumeric characters.
The only way to remember passwords from AxCrypt is to write them down – which completely defeats the object.
That’s what a password manager is for.
—
I am software engineer and have written encryption code many times on embedded platforms.
<b>If you’ve written encryption code then I’m worried. That’s not the job of a software engineer, it’s the job of a professional cryptographer. Even the AxCrypt developers haven’t written their own encryption code!</b>
If you are a software engineer then you’d already be using a password manager (and wouldn’t need to remember lots of passwords) and you’d understand the benefits of strong encryption. You’d also be aware of alternative products that use weak cryptography if that’s what you so desperately seek.
It seems like AxCrypt isn’t the software for you but it most definitely is the software for people who need uncrackable encryption. For everybody else (including you) there’s access control products or weak encryption.
Hello J Goss,
I’m sorry you don’t like AxCrypt – but it does work quite well, and does recognize passwords for millions of users. If you’re having problems, we’re here to help you resolve them, but we do need more details.
Concerning the reCaptcha – we don’t like it either, but we have no choice. Without it, this forum is absolutely useless, with thousands of spam posts every day. If you have a better suggestion on how to stop spam with even less effort than a click in a checkbox, please let us know!
Hello Peter,
Thank you for your input!
I understand that your main issue with AxCrypt is our complexity password requirements. The thing is, we we know from experience that without this many will use passwords that are simply too poor. These users will then live in the false belief that AxCrypt offers any protection, which in this case it doesn’t. AxCrypt is about providing real security within the bounds we specify, not just the warm fuzzy feeling of thinking you’re secure.
Also, we’re promoting a model where you only use one password, and this does make it more worthwhile to learn that strong password by rote. There’s also a password manager included with AxCrypt.
To assist, we have a password generator that may help you generate memorable but strong passwords. Try it out at https://forum.axcrypt.net/password-generator/ .
TroyI’d like to add that requiring a strong password makes sense – but I’d like to see some form of multi-auth implemented that takes the password and pairs it with a mobile app or the like to ensure you can access your data. Make it optional of course but never-the-less you can get away with weaker passwords when implementing multi-factor.
Just my two cents but it seems like you can create a strong product that meets everyone’s needs by providing them options and levels of security to choose from.
SteveHi Troy.
Multi-factor Authentication doesn’t work with encryption. That’s why companies like LastPass can bypass MFA to get into their users’ vaults!
LastPass can’t read their users’ decrypted data because it’s encrypted with only a password the user knows but LastPass staff can activate or deactivate MFA at will. If LastPass staff can deactivate MFA, so can hackers.
That’s why AxCrypt doesn’t (and won’t) use MFA, it makes no sense.
Using MFA to secure your emails makes perfect sense but that’s because you’re accessing data stored on your email provider’s servers.
As AxCrypt <b>never </b>store your files on their servers MFA won’t protect you from anything. If you use a weak password, hackers will break in because MFA is trivial to deactivate.
The only protection from hackers is a long, strong, unique password.
Thanks Steve! Hello Troy (and others asking the same question),
There is a fundamental difference between encryption and authentication (access control). I’ve written a longer blog post about that here: https://forum.axcrypt.net/blog/encryption-vs-authentication/ .
Lance RobertsThanks for your information, it was really very helpfull.
-
AuthorPosts