Why secure files with strong encryption?
Why do you need encryption in order to secure your files? In two words: privacy and confidentiality.
As private persons, we nowadays store lots of information on our computers that is not necessarily secret, but just simply private. Many of us also at times have the need to use employer-owned computers and servers, as well as public servers, to store such information. It might be copies of electronic invoices, private letters, your CV etc.
In all these situations you might feel a little more comfortable knowing that regardless of physical access to the files by network administrators, service personnel or even other family members in your home network, your private information is still kept private.
As employees we frequently are responsible for information that is sensitive in various ways. It might be salaries if you’re a manager, or customer data if you’re in sales or support etc. This information is kept in confidence by you, and you have a responsibility to care for it as best you can.
In many cases it’s not really enough to just store it on the corporate network server and apply appropriate restrictive access permissions. The information and files are still always available to support staff, network administrators etc. Even if you trust your colleagues, as you should, mistakes do happen and sometimes it’s simply human to be curious. Anyone finding a file with his or her name on it will be sorely tempted to sneak a peek…
Finally, there are an increasing number of cases where legislation and similar rules come into play such as the Health Insurance Portability and Accountability Act, HIPAA, where encryption of confidential data is required under certain circumstances.
In these and similar situations encryption programs such as AxCrypt provide a secure and convenient method to provide privacy and confidentiality as appropriate.
What is the difference between AxCrypt 1.x and 2.x?
AxCrypt 1.x is a legacy version. That means it is outdated and there is no longer any support for it, whereas AxCrypt 2.x is the version that we are continuously working on to keep improving it. It’s absolutely not recommended to use 1.x. We recommend all users, old and new, to always use the most current released version of AxCrypt, which can be downloaded here.
For users that have a specific need for the legacy downloads (usage at own risk), they can be found here.
What platforms does AxCrypt run on?
AxCrypt is currently available on most major platforms, including: Windows, MacOS, iOS and Android. For more information about platforms and system requirements, head over to Requirements.
Does AxCrypt support password recovery for corporate use?
If you represent a company thinking about using AxCrypt, you may be worried about the case of an employee quitting and not telling the password to his or her files. The question then is if you can set a password recovery policy?
If an employee quits, and refuses to give back company property your response should be to report the person to the police for theft, and/or take other legal action. This applies just as much to his laptop as the intellectual property owned by the company which is stored on the laptop or the company servers.
There are enterprise solutions that do implement functionality like this, but the most common reason to use AxCrypt is because of it’s simplicity to implement. Enterprise solutions demand quite a bit of infrastructure, maintenance and can be quite complex to install. Unfortunately, enterprise solutions do not really protect against disgruntled (ex-) employees anyway, although they do provide protection against accidental password loss.
So, AxCrypt is kept simple to use and deploy, at the cost of no password recovery. Data loss concerns should be addressed via backup procedures of both passwords and data, and issues with employees leaving without divulging passwords should be treated as any other destructive or illegal behavior by such a person.
How are large files supported?
AxCrypt is only limited by available hard disk space.
Why is the file time-stamp set to the time of securing the file?
The default operation of AxCrypt when securing a plain-text file, is to store the original files time-stamps inside the secured file and to set the time-stamps of the resulting secured file to the time when it was most recently secured. The rationale for this behavior is as follows:
Many backup and file-synchronization software programs depend on the modification time of files to determine if it has been modified since the last run. This test fails, if the secured file retains the original date of the plain-text file and at worst the file does not get copied/backed up etc.
Good security software will ensure that securing the same file twice produces completely different secured files, to make it harder to determine if the file is the same as another file, or another earlier version of a file. If the time-stamp is retained, an attacker will get a high-precision time-stamp that more or less uniquely identifies each and every file thus leaking what might be important information about the file. (File size will remain the same, since the securing is deterministic, but this is a much weaker assertion).
Semantically, securing a file is a transformation of the file, and this should be reflected in the time-stamp. Note that the original plain-text time-stamps still will be restored if the security is removed from the file!
If AxCrypt ever should support multi-file archives, there’s no choice but to use the time of securing it, otherwise it’ll make it very inconsistent – which time-stamp should a multi-file AxCrypt archive which happens to contain exactly one file use (which by the way is the case today, the file format supports multiple files, but AxCrypt has not implemented this functionality yet).
How many passes does wipe do/Why only one pass wiping?
Wipe and Delete only overwrites once with pseudo random data. We’re currently not planning to implement DoD 5220.22 (NISPOM) sanitization, nor Gutmann 35-pass secure-wipe. The cost of retrieving single-overwritten data is prohibitive as it is. If the attacker has the resources for that (as well as getting physical access to the disk) there are many easier and surer ways of getting at the data.
A PC is such an insecure and uncontrolled environment, that to use DoD-style wiping in a running system is severe overkill and misleading. Such wiping should be used prior to destruction or re-use of hard disks, and then only from a stand-alone diskette and CD so that the entire disk surface may be wiped, regardless of operating system structures. We recommend Boot and Nuke for this purpose.
The purpose of AxCrypt wiping is to protect from use of common undelete tools, not to protect from electron microscopy or special diagnostic hardware and software available to hard disc manufacturers. Wiping 35 times also takes a lot of time...
What are the major differences between the standalone version and installer version of AxCrypt?
The installer version comes with some additional features (e.g. context menu integration) compared to the lightweight, standalone version.
The standalone version is directly executable – no installation is required. In this version, you will not get AxCrypt’s right click context in Explorer, nor will you be able to open files by double-clicking.
How can I stop anyone from securing my files?
Short answer: You can’t. Follow-up question: Why would you want to?
If you install AxCrypt, anyone with access to your computer can secure your files. This is sometimes seen as a risk with installing AxCrypt. However, this is not the case. The real risk is with ‘…anyone with access to your computer’. Anyone who can access your computer and run an installed copy of AxCrypt, can also install AxCrypt or any other security or deletion software. Anyone who can access your computer can delete your files, and probably format your hard disk. Anyone with physical access can also throw it out the window, steal it, use it for target practice with a shotgun or any other activity that may prove detrimental to the health of your files.
The point is that it makes no sense to restrict access to AxCrypt – it’s the access to the computer that needs to be restricted! That’s why you should always use a password protected screen saver and always have a password on your account. Because then, if your files are secured with AxCrypt, your information will stay safe even in the face of loss or theft of your computer or media with the files on.
What happens when my subscription expires?
If you stop subscribing to Premium or Business, you will fall back to the Viewer or Free plan after the end of your subscription period. You won’t have to worry about your files, because you’ll never get locked out of your data.
With the Windows version, your files will be re-encrypted with 128-bit AES encryption, rather than the 256-bit AES algorithm that was used when you were on a subscription. If you are using AxCrypt on macOS, you will be unable to encrypt new files. You can still decrypt and view the encrypted files. The content of encrypted files can’t be updated. That means you have to either decrypt them, or get a paid subscription to keep using AxCrypt like before.
How do I renew my subscription?
New subscribers have a subscription that will automatically renew at the end of the subscription period, using the initial payment method. To check your subscription status, login to the account site, and check it on the My AxCrypt ID page. You will see the date it renews on there.
If it mentions that the subscription will expire on a certain date, you either subscribed before June 25th 2020, or you cancelled your automatic payments. In that case, you will have to renew it yourself.
What will my email be used for when I sign up?
Your email will be used to name your AxCrypt ID, and will also be used as the name when authenticating against the server in order to access premium functionality. It may also be used to notify you of critical software updates, new features and other communications from us such as a newsletter. The AxCrypt ID itself will be used to allow others to share files securely with you without the need to share passwords, and for other possible future features such as enabling others to validate digital signatures. Since we offer premium features from a server based infrastructure, we need something to identify you by. Currently this is your email since it is universally available and accepted. In the future it may be some other moniker such as your mobile phone number, your government issued digital identity, your Twitter account etc.
We will not sell or use your email for third party communications without your explicit consent.
Do you have keys and passwords on your servers?
Yes, but encrypted with your password which we do not store. There is no essential change in the security compared to previous versions. You must still use a strong password, and keep it secret.
The only thing that must be secret with AxCrypt is your password. Nothing else, not the software, not the secured files, not the secured account keys or anything else. As long as your password is both strong and secret, your secured files remain secure. Even if our server would be compromised, the permanently stored sensitive data stored there is encrypted with your password, which we do not store.
Why does AxCrypt only ask for a password during sign-in? Isn’t that insecure?
While you are signed in to AxCrypt, offline or online, AxCrypt will not ask you again for the same password. This feature makes usage of AxCrypt much more convenient, and saves you from the trouble of re-entering the password every time.
Security is a chain only as strong as its weakest link. In your local system, there are so many other ways to get at your data that to sacrifice the convenience of a password cache just to ‘feel’ safer, was not thought to be a good idea.
But what’s then the use of AxCrypt if anyone can walk up to my PC and just double-click?
Under the heading Documentation > Security > Local PC Security you will find a discussion about what is needed to protect your PC locally, and why. The important thing for this discussion is: If anyone can walk up to your PC and it’s not protected by a password-protected screen-saver you have no protection anyway! All that is needed for a would-be attacker is access to a PC with for example a diskette or CD-drive, a USB-port or an Internet connection, and it’s a few seconds work to install a keylogger or a trojan. Do not trust a PC that has been left unattended and unprotected.
The second reason for the password cache is that if you do not need to enter it every time, you may actually find it reasonable to use a longer and stronger password than otherwise, thus increasing security.
If you are concerned about physical access to your own computer there are other measures you should take first. If you want to, you can always sign out from AxCrypt when leaving your computer.
How do I sign in when I have an existing account I don’t know the password for?
If you’ve just downloaded AxCrypt 2, entered your email and gotten a message that you already have an account, but don’t know the password, you need to issue a password reset. Click on the link and follow the instructions. If you’re already using a strong password for your AxCrypt files, you should consider using that as your account password.
File Encryption for .NET and Mono has stopped working
If you get an error message “File Encryption for .NET and Mono has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.” the most likely cause is a software called “Lavasoft Web Companion”. This is not compatible with modern versions of Windows, and it modifies the way the network is accessed in a way that causes AxCrypt and other programs to crash.
Check if you have Lavasoft Web Companion installed, and uninstall it if this is the case. If you’re still having the same problem or do not have the Lavasoft software installed, please follow the instructions and file a full error report.
I forgot my password. What to do?
The basic rule is: If you lose or forget your password or key-file, your documents are lost. There is no back-door into AxCrypt.
The only way to recover a lost password is to try all likely combinations.
All that being said, there is a special case where we could possibly help you. If you think you know your password, but not quite, or if it’s less than 5 characters long – then we can write and adapt a special program that will try many combinations automatically. This is called a brute force attack.
AxCrypt is specifically engineered to counter brute force attacks, and does it rather well, so this will only work when the number of combinations to try is very small, let’s say less than a million.
If you think you may be in a position where you can narrow down the possible combinations enough for us, then there is a slight chance to recover the password using a utility that will attempt to try many possibilities according to a pattern you provide. Please contact support if would like to try the brute force utility.
I got a warning from my antivirus software. Is AxCrypt infected?
No, the official distribution does not intentionally contain anything that even remotely can be called malicious. It is very unlikely to be infected by anything unintentionally. Please read a lengthier blog post for details why we can make that statement.
Why do I get ‘Access Denied’ and/or my file names are in green text?
AxCrypt is accessed via the right-click context menu, under the heading ‘AxCrypt’. There is also a built-in encryption in some versions of Windows, which is accessed in a similar way, but under the heading ‘Properties’, then the button ‘Advanced’ and finally the check box ‘Encrypt contents to secure data’. This encryption uses a feature called Encrypting File System, or EFS for short.
There are typically two reasons for getting ‘Access Denied’ messages. Both occur when files are either moved to a new system, or Windows is (re)installed on an existing system. One situation is a problem, the other is not.
If the file names in Windows Explorer are shown in black text, then you’re likely just having an NTFS ownership issue, and this is easily remedied. Please Google for ‘ntfs take ownership’ (without the quotes) to find suggested solutions.
If the file names in Windows Explorer are shown in green text, then you’ve inadvertently encrypted them with EFS. This might mean your files are lost. Please Google for ‘efs access denied’ for explanations and possible remedies.
EFS may in some cases be a useful feature, and can for some scenarios be a better solution than AxCrypt. However... Beware: There be Dragons!
Because of the way EFS is implemented, it is also likely to be the single most common cause of data loss in Windows environments. If you’re a computer security wizard, and have a full understanding of X.509 encryption certificates, and how the Windows Certificate Stores work and interact with user credentials, then you won’t have a problem as long as you’re careful to ensure backups of the appropriate certificates and keys. If, however, the previous sentence confuses you then you should probably not be using EFS because of the mentioned risk of data loss when moving files to a new system, or (re)installing Windows, or resetting passwords, or…
My secured file is damaged, what can I do?
If your secured file is corrupt, you will get a message which will refer to the HMAC being incorrect or some similar text.
This message implies that the file is recognized by AxCrypt, and that you have entered the correct password and/or key file, and there is hope!
Another message that may be seen will refer to the GUID being incorrect. This indicates a severe error in the file to the extent that it’s not even recognized as an AxCrypt file. In most cases this is because the file is simply not a file secured by AxCrypt.
AxCrypt has some features for recovery of damaged files, but there are some limitations. You must also be careful, and start by marking the original (damaged) file as read-only, and then make a copy of it – and always only work on the copy!
Please contact support for further instructions on how to proceed.
Your protection against data loss is regular backups. Please backup all your important files – secured as well as files without security. AxCrypt is not intended to provide any protection against data loss – only against disclosure and undetected manipulation.
Anyone can still delete my secured files, why is that?
Securing a file with AxCrypt protects your information from prying eyes and undetected modification or corruption. It does not protect against destruction, willfully or by accident.
It bears repetition: Your protection against data loss is regular backups.
Technically it’s not really possible to reliably protect your data against destruction with software – except backup software. Of course, software can add safeguards that make it harder to do it by mistake, or even maliciously but in the end you can’t protect against vandals that way.
You should be using the NTFS file system and let every user of the computer sign in as a separate, restricted, user. No-one should normally run as administrator. This will protect your files against deletion by other users of the same computer, but it will not protect against yourself – or any agent acting on your behalf. Please remember that viruses and trojan intrusions will be acting as if on the behalf of the compromised user!
If your system is compromised by a virus or a trojan, your secured files will be protected from theft – but not from destruction.
AxCrypt is not intended to protect against destruction, and there is to our knowledge no such serious software available except backup software. Any software claiming to provide such protection should be examined carefully to understand exactly what it is it protects against and how. Always backup your data regardless of other measures taken.