Hello Nick,
Since really changing the password is the same as changing the encryption, which means changing the encrypted files that operation must by definition be done on the files themselves. It can’t be done remotely.
If the password is weak, then it may indeed be possible to brute-force (i.e. guess) the password. It all depends on how weak the password is and how determined the attacker is.
When you use AxCrypt 2, it is actually quite hard to set a really weak password, since we require a minimum strength. For AxCrypt 1, no such check is made so there you can have the password “1” for example, or “Password”, or “qwerty” etc. That’s highly unlikely with AxCrypt 2.
If you password is either shorter than or equal to 4 or 5 characters in length, or is on the list of the most common passwords used then it’s very likely that a reasonably determined or even highly curious attacker will be able to guess it.