[AxCrypt SupportModerator]

Hello Anonymous,

I’m not saying you should carry the strong key on a piece of paper.

I’m saying you should use one single strong key that you remember, and use that to protect your other secrets such as your encrypted files and other passwords.

Since that one single strong key is the key to ‘everything’, it’s pretty bad to lose, therefore you should have a non-perishable backup safely stored away. Our suggestion is a piece of paper in a safety deposit box or similar.

Our suggestion is that you keep the entire strong key in your memory, and keep a safe backup of it.

We provide our smart password generator that creates strong, but useful, passwords to assist you. Try it out here: https://forum.axcrypt.net/password-generator/ . It’s of course included in our password manager as well.

[AxCrypt SupportModerator]

Hello jjartus,

We discontinued the ‘key file concept’ for a number of reasons, mostly because it tended to cause data loss when the key file was lost.

Instead, we recommend to use a single very strong password, and we have provided a password generator to help you out.

We do recommend that you write this one password down on paper (unless you use a password manager from someone else than us, in which case we recommend that you write down that password on paper) and store in safety deposit box or similar.

[AxCrypt SupportModerator]

Hello Stee,

Yepp, you’re missing something ;-) We designed AxCrypt to be both convenient and secure.

AxCrypt 2 asks you to sign in to your account, which AxCrypt 1 did not. We now use a single sign on model where the same password is used to sign in to our servers and to protect your files.

AxCrypt 2 works just like your email software or most other password-protected systems. You sign in once, and remain signed in until signed out. Just like you can read many emails without entering the password every time, AxCrypt will do the same. The files are still encrypted, but your password is remembered until you sign out of AxCrypt.

AxCrypt stays signed in until signed out, just like most similar applications such as your email. Once signed in, you can read, write and update information without having to re-enter the password, until signed out. AxCrypt will automatically sign out when the screen saver goes active, or you can sign out manually.

Please read more in our blog: http://www.axcrypt.net/blog/leaving-computer-axcrypt/

[AxCrypt SupportModerator]

Hello Jim,

AxCrypt actually works quite well in larger companies as well, in smaller teams and projects, and will work better in the future as well as we add such things as key recovery agents. It’s not really intended for enterprise wide use though, true enough.

So you’re right, for enterprise-wide, centrally managed encryption there are indeed solutions such as the one from PKWARE. Interestingly enough, AxCrypt actually has most of the distingusing features promoted for Smartcrypt. We have persistent encryption, easy key management, encryption without data expansion and cross-platform. We don’t have enterprise data discovery and centralized management.

You’re also right that we’re not FIPS 140-2 Validated. But, as far as I can determine, neither is Smartcrypt from PKWARE. All they are doing is using FIPS 140-1 or 140-2 validated cryptographic modules – i.e. calling the appropriate OS API etc, when there is a validation made by the manufacturer like Apple, Google, Microsoft etc. PKWARE is actually a little sneaky here, their documentation gives the impression they are validated, but they are apparently not. The certificates listed are not theirs, it’s various computer and software manufacturers such as the mentioned Apple, Google etc. They are also using a non-existing term – “FIPS compliance”. There is no such thing. A cryptographic is either validated or not, which is really the only distinction that has any real meaning. What PKWARE means with “FIPS Compliance” is that when they are using FIPS approved algorithms and modes of operations, they are in turn using a FIPS 140-1/-2 validated cryptographic module, where available. Whether this is a sufficient guarantee to fulfull your organizations requirements is up to each organization to decide.

Neither AxCrypt or Smartcrypt is FIPS 140-1/-2 validated. AxCrypt and Smartcrypt both uses FIPS approved algorithm families (AES, RSA, SHS etc…). Smartcrypt apparently has a non-standard mode where they ensure that they use device-specific implementations that are FIPS validated, when available. What other restrictions or features are affected by the Smartcrypt FIPS mode is not easily determined at a first glance, but since it’s not enabled by default I’m assuming it does affect the products function, compatibility or performance.

[AxCrypt SupportModerator]

Hi Toni,

Thanks for your feedback!

You are right, there is some confusion about the transition from AxCrypt version 1 to version 2. We’ve tried really hard both to significantly improve how AxCrypt 2 works, and at the same time maintain compatibility and get a reasonably smooth transition for old users. We can always get better at this, and we’ll continue with this.

The scenario you describe of setting up an account, and not paying attention to the password used which is subsequenly used for encryption does happen. One of the challenges we have is that the only way we can communicate with our users is through messages, popups, web pages and other written media. The thing is… Most users (myself included) will simly not read what’s written.

But we’ll be adding some additional dialogs both to inform users why files suddenly “just open”, and also when the first encryption happens we’ll popup a verification dialog asking for the password, or something like this.

[AxCrypt SupportModerator]

Hello Shelley,

Well, it depends. In principle, yes. AxCrypt works on files that are accessible on your local computer. I’m not quite sure how Google works with different accounts in the same computer, but if you can get the Google desktop app to synchronize them, you can then encrypt them with AxCrypt.

Otherwise, as you say, download them, encrypt them, delete them on Drive and upload them.

In any case, when doing things like this, do ensure good backups!

[AxCrypt SupportModerator]

Hello Richo582,

Thank you for reporting this! What version of AxCrypt are you running, and does this happen every time or just sometimes?

[AxCrypt SupportModerator]

Hello Bruno!

Thanks for your feedback! You are of course right that some users, like yourself, miss the 100% password-based way AxCrypt 1 works. We’d of course be happy to please as many users as possible. Unfortunately we have several challenges. One being limited resources, it takes developer and designer time to implement and maintain different features. The other being the fact that the multiple-password nature of AxCrypt version 1 actually leads to some data loss because of mistyped, forgotten passwords, or just confusion about what password was used when and where.

Most users will respond “well, that’s just up to each user to be responsible about”… until it’s your files that you suddenly realize you can’t access.

So, we do have to be careful about adding features and actually have to try to protect users from themselves sometimes. A surprising number of users do not fully realize the implications of using password based strong encryption until it’s too late. A forgotten or misplaces password is the same as permanently destroying all files encrypted with that password. There is no way back.

All this being said, we are indeed looking at ways to add password based sharing to the product – but we have some other things with higher priority – namely the Mac version and fully featured iOS and Android apps.

[AxCrypt SupportModerator]

Hello Bruno,

Please sign out and sign in again. In order to keep Internet traffic down, we do not have any kind of push notifications (there is actually no such thing, push notifications are implemented using periodic polling). We don’t like apps that consume data without actually doing anything. Therefore we only check account status during the sign in process when we’re anyway accessing the server.

[AxCrypt SupportModerator]

Hello Shelley,

I’m not sure I fully understand the question, but AxCrypt will essentially encrypt anything that is a file on your computer. You can always try also, and ask when something is not working as you expect.

[AxCrypt SupportModerator]

Hello Stefan,

On January 3 it appears you performed a password *reset* – setting a new password without knowing the previous. You created your account in September 2016. The most likely cause for your problem is that LinkedIn-docx.axx was encrypted before January 3, and after September 2016 using the password you used with us during that period, before the password reset.

[AxCrypt SupportModerator]

Hello Clint,

No problem, but a suggestion: Create a separate account on your PC for your son and any other users of the computer, and set a password on your account and enable a password protected screen saver.

[AxCrypt SupportModerator]

Hello Nick,

You need to upgrade your software from the download page at https://forum.axcrypt.net/ , your version is very old.

Also it’s exactly the other way around – AxCrypt 1 cannot open files encrypted with AxCrypt 2. AxCrypt 2 can open all files, encrypted with AxCrypt 1 and 2.

[AxCrypt SupportModerator]

Hello frank,

No, it can’t because files in a computer are too easily copied. The thing with an iPhone is that it’s a closed system with controlled external access, so there it makes sense.

On a PC or Mac, or wherever it’s trivial to make a copy of the file. Also it’s very easy to mount an ‘offline’ password guessing attack. In fact, we offer such a ‘brute force’ program to help users who almost know their password try to find it again.

[AxCrypt SupportModerator]

Hello Nick,

Are you actually saying the version is shown as literally 2.1.1234124 ??

Uninstalling, reinstalling etc is always ok. What you need to know is the password.

Always keep updated backups of your files.

[Author]

Posts