This topic contains 22 replies, has 3 voices, and was last updated by Dave 2 years, 10 months ago.
Svante – I appreciate the distinction between authentication and encryption. The use-case we’re trying to protect against in asking for 2FA is a user’s password being compromised. No matter how good the encryption is once an attacker obtains the users password they’re in. Think of an average medium sized business with remote access. A user’s password is compromised; the attacker uses that to gain remote access to company’s network or some cloud resource. They encounter an AxCrypt encrypted file (must be good stuff, its encrypted). The user (of course) uses the same password for AxCrypt. Easy peasy, decrypt the file using the same compromised password. With 2FA in place, when the attacker attempts to get access to AxCrypt they would effectively be blocked from gaining access to the sensitive data (not to mention the user getting a message on their cell phone alerting them that something’s up). Authentication in this case ensures the file is only decrypted by the owner.
Listen to your users.
AxCrypt is about strong encryption and real protection – not obfuscation. Your scenario with the compromised password is not possible to really mitigate by 2FA. As you say: “Easy peasy, decrypt the file using the same compromised password“.
That’s the thing – AxCrypt is about encryption. If the password to the encrypted data is compromised, the data is compromised as well. That’s the flip side of “If the password to the encrypted data is lost, the data is lost as well”. (There is no password reset with encryption, because the data itself is modified, it’s not about software “letting you in”).
AxCrypt is open source, and the algorithms are public and documented.
If we add 2FA, it just means the attacker will use a different implementation (or more likely, a trivially hacked version of our code) that just uses the compromised password to quietly decrypt the data.
You might feel safer with 2FA, but with AxCrypt it’s not about the feeling, it’s about the fact. The fact is:
If you lose your password, your data is lost.
If your password is compromised, your data is compromised (provided the attacker has access to the data of course).
Adding 2FA to our code doesn’t change that. It is trivial to bypass.
This is the difference between encryption and access control.
If you have data protected using access control under for example Windows, an attacker can mount the disk in a Linux computer and read the data at leisure – because Linux does not implement the access control in question.
If you have data protected with strong and properly implemented encryption, it does not matter where the data is attempted to be read, or using what software. The data is encrypted, access is not determined by software – regardless of how many factors are used to allow access, in the end it’s just software saying yes or no, and this can always be bypassed by having software that always says yes.
I understand your argument against 2FA when it comes to encrypted files, which is the primary function of AxCrypt. Even if someone figures out or finds out my password, unless they also have my files, my files are safe.
I wonder, however, what your opinion is regarding the password manager included in AxCrypt premium. If I understand correctly, passwords are stored in encrypted form on your servers. Wouldn’t this mean that if a user’s password is compromised, someone other than the user could log in with their credentials and access their stored passwords? Isn’t that where you would want access control in place? Why would someone want to use AxCrypt’s password manager if they can’t control access to it, as they do with any other online password manager?
I’d love to hear your thoughts on this.
AxCrypt Password manager to store your all kinds of personal passwords and secrets which will be encrypted by your AxCrypt account password and stored in our servers.
AxCrypt will not store the users password anywhere in our servers. All the stored users’ keys(public and private) and stored passwords in the password manager will get encrypted with their account password. So without knowing the file password, Sorry to say, no one can decrypt the files and view their stored passwords. This is the way AxCrypt was designed.
Please note: Unfortunately, If you forgot your AxCrypt account password, then you can’t decrypt/view your stored passwords.
Still, you are facing any issues, please provide more information about the issue and write a mail to firstname.lastname@example.org.
Prabhukumar R, thank you for taking the time to reply. However, this doesn’t address my post at all (or possibly misunderstands it). I was responding to the discussion going on above my post, not posting about an issue I have.
AxCrypt’s password manager stores user passwords on your servers. It may not store the master password, but the discussion above me had been about encryption vs access control as the basis for AxCrypt not supporting 2FA. I would expect that an online password manager would also check whether I am who I say am, because I’m accessing remote online data, not my local files. All major online password managers support this. The offline ones don’t, and that makes sense, but AxCrypt’s password manager is not an offline one, is it?
In regards to what Svante’s posted in Nov, are you stating that since “Axcrypt is open source and the algorithms are public” that in the event a 2FA gets implemented you would have disclose this via source code? Meaning that Axcrypt aversion to wanting to implement a 2FA and or use one that is already available, is that you would have to let other ‘coders’ see this in the source code?
You also mentioned that “It is trivial to bypass” referring to cracking 2FA. This means to me that you agree its adds a 2nd level but that its ‘trivial’ for some people to bypass. If adding a 2FA makes even the light hearted hacker try harder to get in, then i dont see how this is an issue. Yes is would be work on your end to implement a 2FA but its better than stating, “Well since they have access to my house, i’ll give them access to my car too.” If a few more “locks” in my “house” makes it more difficult for them to steal what i have, i would want as many locks as i can put on my doors regardless if it’ll only delay them from getting to my stuff. in the delay in getting in or access, i could be alerted to their presence.
Perhaps if a 2FA was implemented, and someone was trying to get in, an email could be sent to said user alerting us of an ‘attempt to access’ and it would be a fighting chance for me to pull the data before someone steals it from me.