In the movies, encryption always seems to involve random characters scrolling down the screen, or hackers pounding on keyboards. The reality isn’t quite the same, though some encryption products are complex enough to make you want to pound your keyboard with your head. AxCrypt Premium is a breath of fresh air in this field. It offers seriously advanced encryption features in a superbly simple setting.
Many encryption tools offer a perpetual license. You can buy them once and use them indefinitely. AxCrypt, based in Sweden, charges $35 per year. That ongoing subscription is needed because some of its features are server-based. CertainSafe Digital Safety Deposit Box, which stores all your encrypted data in the cloud, runs $12 per month, which is a good bit more than AxCrypt. Note that if you’re willing to settle for weakish 128-bit encryption and forego some advanced features, you can use AxCrypt for free.
What Is Encryption?
When Sir Francis Bacon wanted to keep his writings safe from prying eyes, he encoded them by replacing each letter with a five-character sequence of a’s and b’s. A page of Baconian ciphertext is really hard to look at! Breaking that kind of cipher is a simple matter of analyzing letter frequencies, though I’m sure it made Sir Francis feel safer.
Modern encryption algorithms are light-years beyond old-fashioned ciphers. Their output bears no visible relationship to the data that went in, and cracking a modern encryption algorithm would take an impossibly long time. The official encryption algorithm of the US Government is Advanced Encryption Standard (AES). Bruce Schneier’s Blowfish algorithm is another much-used method.
AES, Blowfish, and many common encryption algorithms are symmetric, meaning the same key is used to encrypt and decrypt data. If you want to share an encrypted file, you must securely (and separately) transmit the key to the recipient. Public Key Infrastructure (PKI) cryptography avoids that problem. In this system, if I want to send you a file, I look up your public key and encrypt the file with it. You use your private key to decrypt the file. Conversely, if I want to prove to you that a document comes from me and hasn’t been modified, I encrypt it with my private key. The fact that you can decrypt it with the public key proves that you digitally signed it with your private key.
Getting Started With AxCrypt
As with most encryption tools I’ve tested, AxCrypt installs in a trice. The very first time you launch it, you must sign in with your email and then enter a confirmation code sent to your email address. I’ll get into the reason for that later. You also must create a single master password. Like the master password for your password manager, it needs to be both strong and memorable.
AxCrypt rates the password as you type, and it’s a tough critic. A 16-character password containing all character types merely rated “good.” Advanced Encryption Package and CryptoForge also rate your passwords. This is the password you use to sign in online, and also the password that unlocks the product on your PC.
Advanced Encryption Package lets you choose from 17 different encryption algorithms. CryptoForge offers four, along with the option to layer in more than one of them. But do ordinary users know enough to make a choice? AxCrypt just sticks with AES, the government standard.
After that, AxCrypt is almost invisible. If you drag a file onto its window, that file gets encrypted. You can also encrypt, decrypt, and securely delete files from AxCrypt’s right-click context menu. Cypherix SecureIT, Advanced Encryption Package, and CryptoForge also offer access via context menu.
AxCrypt also lets you define one or more Secured Folders. This isn’t the same as the encrypted vault protection provided by Cypherix Cryptainer PE and CryptoExpert, though the effect is somewhat similar. When you sign out of AxCrypt (or get signed out automatically after inactivity), the program encrypts everything in the Secured Folders.
But wait, there’s more! With almost every file-encryption tool, launching an encrypted file starts the decryption process. If you want to edit the file, you must decrypt, edit, and re-encrypt. With AxCrypt, launching an encrypted file opens it in the appropriate application. When you save, your saved file is encrypted automatically. Clicking the broom icon serves to clean up any temporary files that may have been left behind.
How Is This Safe?
Hold on, you may be thinking, what’s to stop someone from walking up to my computer before the passphrase times out, decrypting my files, and stealing them? The answer, according to AxCrypt’s FAQ, is that if your local security is lax enough to let that happen, you have a huge problem that no encryption can solve.
You absolutely need to protect your Windows login with a strong password. If you have Windows 10 and a webcam, you can add Windows Hello biometric authentication. McAfee’s True Key lets you add biometric login to other Windows versions.
Set up Windows so it automatically locks your account after inactivity. You do this by going to screen saver settings, defining the time for inactivity, and checking the box that says to display the logon screen upon resuming. This works even if you don’t select a screen saver. For that matter, it’s simple enough to lock your system by pressing Windows+L before leaving your desk.
The AxCrypt documentation goes into detail about other ways to protect your local security. It also points out that because it keeps the program’s passphrase in memory, the user doesn’t have to enter it over and over. And that should encourage the use of truly strong passphrases, which is important.
AxCrypt includes a feature called password management, but it’s not what you might expect. Launching it takes you to the AxCrypt website Password Management page. Click New to add a description and password. Click Search to search your saved passwords. That’s the extent of it. It’s not a password management utility like LastPass or Dashlane.
There is one interesting feature here, however. Clicking the Suggest Password button generates a 17-character password that contains all character types but is also somewhat pronounceable. I learned more about this feature on the Password Generator webpage.
According to that page, it uses “statistical analysis of actual text,” and “produces strong passwords that are not nonsensical and actually possible to remember and type.” Oddly, with each click of the button it generates three passwords, strong, medium, and weak. Running it just now, I got “sabBleed’weTurld15,” “va4poSeSher,” and “asInatic.” Even the weak password is better than what you get by default from Advanced Encryption Package’s funky password manager. It defaults to generating five-character all-caps passwords like NOWAY. In testing, it also crashed when asked to do much more than that.
AxCrypt makes everything about encryption simple, so you shouldn’t be surprised to learn that it even makes PKI exchange of secure data simple. Here’s how it works. Click the sharing button on the toolbar. Select or enter the desired contact email address. Then send an encrypted file to the recipient.
A recipient who doesn’t already have AxCrypt must install the free edition, as the sharing email explains. The message comes with the necessary six-digit confirmation code already embedded, making it easy for the recipient to get started. And that’s it; sharing managed.
More advanced PKI features are found under the Key Management menu. Here you can export your public key for sharing, or import a public key that’s been shared with you. You can also export and import your entire account.
Advanced Encryption Package also supports PKI, but it’s aimed at a vastly different audience, specifically those with technical expertise in encryption. By contrast, anybody can use AxCrypt.
Make It Easy
If an encryption package is difficult or confusing to use, it won’t get used. The same is true for many other kinds of security software. Firewall spewing popups? Chances are you’ll just turn it off. Fortunately, AxCrypt Premium is extraordinarily easy to use. True, the fact that it keeps your passphrase in memory means that you absolutely must take care of your computer’s physical security, but that’s just good practice. And of course, you’re free to sign out of AxCrypt any time you’re not using it.
This product doesn’t have the biggest collection of bells and whistles. That honor surely goes to Advanced Encryption Package. But average users don’t want those bells and whistles, they just want simple protection for their files. And, simple or not, AxCrypt manages to offer PKI encryption, something few competitors do. For these reasons, AxCrypt joins CertainSafe and Folder Lock as an Editors’ Choice for encryption.
AxCrypt Premium Specs
|Public Key Cryptography||Yes|
|Rate Password Strength||Yes|
|Create Encrypted Storage||No|
|Create Self-Decrypting EXE||No|
|Secure Deletion of Originals||Yes|