Forums Bugs & issues Password is wrong, but it is not

This topic contains 18 replies, has 4 voices, and was last updated by  LindaDot 4 years, 4 months ago.

Viewing 15 posts - 1 through 15 (of 19 total)
  • Author
    Posts
  • #9889 Reply

    C. Silva

    Dear Sir, Madam,

     

    I have noticed that when my laptop is offline, sometimes I cannot decrypt my files. It tells me ‘wrong password’. If I connect to the internet, then it accepts the password. I never have this problem when I access my files op my desktop pc at home (which is always connected to the internet). Yes, I am very sure I am typing in the correct password. Could this possibly be a bug?

     

    I am using the latest version 2 (I checked for updates).

     

    Many thanks in advance for your reply.

     

    Kind regards,

    C. Silva.

    #9904 Reply

    Svante
    Spectator

    Hello C. Silva,

    When you say “when my laptop is offline, sometimes I cannot decrypt my files” it’s an indication of a user problem – not a software problem, or that there is more to the story so to speak. Our software is entirely deterministic during decryption, so when the word *sometimes* appears there must be something else that varies.

    There is also a difference to note between the signing in to AxCrypt, and decrypting a file. If your software in your laptop is not synchronized with an updated password online, a situation can certainly arise where the sign in process offline expects a different password than online. This does not account for your description of a “sometimes” behavior.

    Notable is the fact that you *reset* your password on March 5, indicating that you have at least two “correct” passwords in use – one old and one new. Please note the difference between a password *reset* and a password *change*. You did a reset.

    Another explanation of the “sometimes” effect could then be that the files you can’t open are from before (or after) that password reset. A password reset does not allow you to open files encrypted before the reset, with the password set after the reset. The reset is only to allow you to sign in again, and is used to encrypt new files. To decrypt old files, you still need to know the original password.

    If you can send a screen shot when you get this “sometimes” problem, it will help us understand exactly at what point the password is not accepted.

    #9912 Reply

    C. Silva

    Hello Svente,

     

    Thank you for your reply, much appreciated. Indeed, ‘sometimes’ is not correctly described. It actually always does this, but perhaps not for all the files. As I have many files, I cannot tell which ones precisely, but they were all encrypted with the same password and the password is the same for the files as well as for the online AxCrypt account (so one password for everything). Moreover, I think it is the signing-in part that gives problems, and not decrypting perse, I think. However, I am not aware of a function that allows me to decrypt the files without loggin-in?

    Yes, I do remember that I did a ‘reset’ a while back, however, it was because of this problem. So the reset is not the cause.

     

    I can reproduce this problem as follows:

    1. In my office there is no WiFi signal, thus, it is offline.

    2. I type my password into notepad and copy it to clipboard.

    3. I double click an axx file, and I paste the password into the decryption window of AxCrypt. It tells me wrong password. (see screenshot).

    4. I walk with my laptop to an area that has WiFi (now online). I try again, keeps telling me ‘wrong password’. I close the AxCrypt password window and double click the axx file again. Again I just paste the password from clipboard. Now it accepts the password.

     

    I hope you can help me with this issue.

     

    Kind regards,

    C. Silva.

    #9913 Reply

    Svante
    Spectator

    Hello C. Silva,

    Can you please follow steps 2 and 3 provided here https://forum.axcrypt.net/blog/send-complete-error-report/ and email it to our support inbox as described there?

    Do refer to me in the text or subject of the email, and it will get to me.

    #11010 Reply

    Mark

    I am a longtime axcrypt 1.0 user that upgraded to 2.0 last year.  I was frustrated with the lack of progress indication on large file encryptions and was poking around in options and found the “Always Offline” option.  I’ve experimented with this feature and note that whenever I have it enabled and I attempt to unencrypt a file, the axcrypt sign-on appears and when I type in my password it tells me wrong password.  If I then turn off Always Offline, and try again, it works.  I find this very disconcerting that I have to be online to unencrypt my files.  Based on the FAQs and this forum, this is not the way axcrypt is supposed to work.  Always Offline appears to be a broken feature.  If I can’t use the app offline, then it is broken.  What happens if the axcrypt service goes out of business or gets hacked, all my files become inaccessible????  This is unacceptable.  Please fix the Always Offline feature.  In my opinion you have lost site of the core benefit of axcrypt if the app won’t work in a purely client side use case.

    #11011 Reply

    Svante
    Spectator

    Hello Mark,

    As you say – that’s not how it’s supposed to work, and something is definitely wrong if what you describe is what is happening.

    There are a few cases where the offline / online password can get a little out of sync, but that only happens under specific circumstances and only when changing or resetting passwords.

    Can you:

    1)  Please follow the instructions here: https://forum.axcrypt.net/blog/send-complete-error-report/ and send the result to support at axcrypt dot net, and mention it’s for me.

    2) Start AxCrypt in normal online mode, use the “clear all settings and exit” option. Restart AxCrypt. Re-enter your AxCrypt ID email and password, sign in, verify it all works and then try the “always offline” option again.

    Step 1) is to have information to analyze to try to determine the cause of the problem. Step 2) is to verify that offline actually does work. It does not fix the problem if there is one, causing you to get into that situation, but that’s what step 1) is for.

     

    #12102 Reply

    Pamela

    I have exactly the same problem as Mark. With the Always Offline option invoked, Axcrypt does not recognise my password and I’m locked out of a crucial file. This is extremely disconcerting as, when travelling, I cannot count on access to the internet. With the offline option deactivated, my password is recognised. I have only one small encrypted text file. I have not reset or changed my password. Your reply to Mark – ‘There are a few cases where the offline / online password can get a little out of sync….’ – is worrying. I would prefer that my password not be online. Is it possible to use Axcrypt entirely independently of your online services?

    #12103 Reply

    Svante
    Spectator

    Hello Pamela,

    Yes, it’s possible to use AxCrypt entirely without online services, but it’s not something we really support or recommend.

    The comment about online / offline password getting out of sync is only related to signing in to the app.

    Your statement “With the Always Offline option invoked, Axcrypt does not recognise my password … With the offline option deactivated, my password is recognised” should not be the whole truth. Here’s how AxCrypt works in the respective situations:

    Online:

    1. You type a password to sign in, let’s say “MyPassword”. AxCrypt send a request to our server with that password (encrypted), and our server verifies that this password is indeed the password set for the online account.
    2. If ok, AxCrypt synchronizes information with the server, including the hash of the password (a way to verify the correctness of the password, without storing the actual password).
    3. AxCrypt remembers the actual password in the program memory.
    4. You try to open a file by double-clicking it for example.
    5. AxCrypt now uses this remembered password and tries to decrypt the requested file.
    6. If successful, the file is decrypted and opened.
    7. If unsuccessful, the file can’t be decrypted, and AxCrypt opens a new password dialog asking you for the file password.

    Offline:

    1. You type a password to sign in, let’s say “MyPassword”. AxCrypt verifies the password against the locally stored hash mentioned in step 2, above.
    2. If ok, AxCrypt remembers the actual password in the program memory.
    3. You try to open a file by double-clicking it for example.
    4. AxCrypt now uses this remembered password and tries to decrypt the requested file.
    5. If successful, the file is decrypted and opened.
    6. If unsuccessful, the file can’t be decrypted, and AxCrypt opens a new password dialog asking you for the file password.

    The out of sync situation can happen for example if you change your password online, perhaps using the web, and then use your computer offline without connecting to the Internet. In this situation, the offline password is the old unchanged password – so if you try to use the new password it won’t work because the offline app has not yet been synchronized.

    Once you successfully log in online, the offline password should be updated.

    So the question is really – at what stage does AxCrypt not recognize your password?

    Looking at the logs, it seems you have a pending password reset request, and also that you downgraded from 2.1.1560 to 2.1.1547 – but the current version is 2.1.1573 . Can you tell us some more about the sequence of events, and best of all – screen shots of how it looks when it fails? Also, do please update to the most recent version.

    #12105 Reply

    Pamela

    Dear Svante,

    Thank you for your informative message.

    I have now upgraded the version on my desktop to 2.1.1573. That seems to have corrected the problem.

    FYI:

    I’d never downgraded. When I couldn’t get access to the encrypted file on the desktop, I turned to my laptop, which fortunately was in online mode, and was able to recover the file. The version on the laptop is 2.1.1547, the older of the two, so it may have looked to you like a downgrade.

    Before the 2.1.1573 upgrade on the desktop, my password was rejected in offline mode regardless of whether I tried opening the file from the right-click context menu in File Explorer (Win 10) or from the AxCrypt program. Either way, entering my password returned the little red blinking exclamation point that signifies password error. So I couldn’t even get into the program to toggle the offline setting off. There’s nothing special to see in a screenshot because, for whatever reason, the blinking red icon doesn’t appear in the captured image.

    I never asked for a password change or reset. At some point, while trying to log in, I was offered the opportunity to change/reset it. But a warning said it wouldn’t let me recover my file so I didn’t pursue it.

    Questions for you:

    In Step 1 of the Online procedure you describe, is the encrypted password sent to the AxCrypt server something different from the hash of the password mentioned in Step 2? I’m guessing that it is since, otherwise, the server, having verified the hash in Step 1, would have a match and wouldn’t need to synchronise it in Step 2.

    So in what form(s) does the AxCrypt server store my password?

    Does the AxCrypt server store my file(s)?

    What else does the server store? Version numbers, apparently.

    What are the disadvantages (to me) of operating entirely offline?

    Thank you again.

    Kind Regards,

    Pamela

    #12120 Reply

    Svante
    Spectator

    Hello Pamela,

    Yes – use of a previous version on a different PC will look like a downgrade – we only store the most recently used version and the previous version.

    The password is actually sent (but over an encrypted connection) to the server, and is then verified there if it matches or not, in an equivalent manner as is done locally. In neither case do we store the password as it is or in a recoverable form locally or on the server – except in briefly in memory on the server, and during a valid login in session locally.

    The synchronization happens every time – although the net effect usually is nothing happens. But there are many scenarios where such a sync is required – even if the sign in is immediately successful. A slightly constructed, but simple to explain, scenario is if an account is password reset – to the same password as was originally valid, directly or indirectly.

    Our servers never see or store any part of your encrypted files. This is all done locally on your device.

    The disadvantages of operating entirely offline is among other things that you won’t get that sync done (effectively a backup of your key pair(s)) and it’s much less convenient. Also we won’t be able to update your license if you have a paid subscription.

    #12124 Reply

    Pamela

    Thank you, Svante. That’s very helpful.

    Pamela

    #13295 Reply

    Paul

    I had this happen to me while changing passwords, with a firewall blocking the program.

    It was a horrific experience as I thought I had lost access to all my password documents, which were encrypted with AxCrypt.

    The old version was great. This new one is too unreliable to trust with important documents.

    #13307 Reply

    Azhaguraja B
    Keymaster

    Hello Paul,

    Password Reset is not a way to recover encrypted files! It’s only to allow you to sign in to the AxCrypt app and web. The new password will be used to encrypt new files.

    After resetting your AxCrypt account with a new password, We will get access to the AxCrypt account server and application too. But We can’t decrypt the old encrypted with the new password.

    But still, we can decrypt/open the old AxCrypt encrypted files with the file password(which was used in the file encryption).

    Both the versions(1.x & 2.x) of AxCrypt application will not allow the users to decrypt/open the encrypted file(s) without knowing the file password.

    And the firewall blocks the AxCrypt app – Firewalls will block the applications/software based on how it was configured. So please check the firewall configuration. There is no problem with the AxCrypt app.

    Please note: Always take a regular backup or keep a separate copy of your important files.

    • This reply was modified 5 years, 10 months ago by  Azhaguraja B.
    #14877 Reply

    ALAN LUNDSTROM

    Attention:
    Several weeks ago I contacted Support, while signed into my account, regarding being unable to copy my password in AxCrypt to my phone’s App. After I sign in twice to AxCrypt on my phone and select an App and show the password for that App, I have no option to copy the shown password. Consequently, I cannot access my phone’s secure App unless I write down the password shown and manually input it into the phone’s App. This is insecure and too cumbersome.
    As I mentioned I contacted you several weeks ago and have not had any response from Support, let alone a fix for this problem.
    Please contact me or I will have to cancel this subscription and purchase another password manager.
    My phone is a Pixel 2XL running Android 10, Security patch level: December 5, 2019.
    AxCrypt used to work properly on my phone (copy and paste) until just before I contacted you the first time.
    Please respond.

    #14912 Reply

    Prabhukumar R
    Moderator

    Hello ALAN LUNDSTROM,

    Please avoid sending a same query in different mediums. You may get duplicate response.

    Do you ask to copy the password feature in the password manager?  If yes, we have recently fixed the issue.

    You can copy the password in the password manager feature. You click the copy clipboard button[screenshot attached] in the password box.

    Now the password is copied. after that, you can paste the password anyplace.

    we are checking with our local environment copy password feature is working fine.

    still, if you have facing any issue, please write detailed information about the issue. we will investigate the issue and try to resolve the issue as soon as possible.

    We have responded to your previous email on 09-july-2019. Please check your inbox or junk or spam folder.

Viewing 15 posts - 1 through 15 (of 19 total)
Reply To: Password is wrong, but it is not
Your information: