There kind of is an argument here that maybe more services should permit for use of public-private key authentication.
Using one password with multiple services is a problem, because you have a shared secret with the other end, and if you use the same password with multiple services, that service or people who break into it could impersonate you elsewhere.
But with public-private key encryption, you never hand out your private key. You only use it to sign a specific request sent you, so that risk doesn’t exist. You can use a public-private key pair with one or multiple services.
I mean, personally, I’d kind of rather have three physical keystore devices.
One I carry with me. That stores the key or keypairs necessary to do the sort of things that I carry auth data with me – my keys and the cards I carry in my wallet. Just means that I only need one device.
The other I leave at home, stored securely. That authenticates to maybe more-critical stuff, things like a stockbroker, maybe – stuff where I don’t need day-to-day access, and don’t want to worry about my credentials going missing.
The last I keep in a safety deposit box in a bank. That has all my authentication stuff. That’s to deal with catastrophic situations, like my house burns down or I get killed and need a way to pass authentication stuff. The bank makes me jump through a lot of hoops to get access to it, but it’s there.
I’d like the device to have a display and a keypad, so that I don’t have to trust external input devices as to what it is that I’m authenticating (e.g. smartcard point-of-sale systems do this).
I’d rather not use a smartphone for the first device. The smartphone is just too damned complicated and rapidly-changing for me to really want it to store my authentication data. I’d rather have it be a separate token, something that I can plug into a smartphone or point-of-sale terminal if I want to perform an authentication.
There are crypto tokens that contain keystores – powered or smartcard – but they tend to not have a screen or keypad, to save on costs. I don’t really feel like that’s something that I need to save on, as long as I only have one.
I’d like the device to optionally permit setting a passcode for a given key on it. That’s not an ironclad form of security, but makes it harder than just pickpocketing someone’s keys. And for some things, that I use all the time – like my house – I don’t need to have a passcode.
This has a number of benefits:
If you’re mugged or something, you physically are unable to authorize to things that require the keys on the device at home or the device at the bank. In fact, you can credibly say that you can’t do so. That counters coercion issues:
You don’t need to trust POS terminals. Sketchy terminal? Not a problem.
You can keep a log of transactions on the device.
You don’t have to worry about the latest clever smartphone attack compromising your credentials.
You can use the thing the same way with a smartphone or computer or point-of-sale terminal. That’s something that we really don’t have today – most people don’t have smartcard readers, and vendors generally don’t have support for authentication for those.
It has some downsides:
It’s another device to carry.
It needs to be powered (though it could have very low power requirements, like a digital wristwatch, run for a year on a charge, unlike a smartphone, and could potentially charge off USB or similar). You wouldn’t want your “keys” to lose power (though people who do stuff like smartphone payment already need to worry about this).
There kind of is an argument here that maybe more services should permit for use of public-private key authentication.
Using one password with multiple services is a problem, because you have a shared secret with the other end, and if you use the same password with multiple services, that service or people who break into it could impersonate you elsewhere.
But with public-private key encryption, you never hand out your private key. You only use it to sign a specific request sent you, so that risk doesn’t exist. You can use a public-private key pair with one or multiple services.
I mean, personally, I’d kind of rather have three physical keystore devices.
One I carry with me. That stores the key or keypairs necessary to do the sort of things that I carry auth data with me – my keys and the cards I carry in my wallet. Just means that I only need one device.
The other I leave at home, stored securely. That authenticates to maybe more-critical stuff, things like a stockbroker, maybe – stuff where I don’t need day-to-day access, and don’t want to worry about my credentials going missing.
The last I keep in a safety deposit box in a bank. That has all my authentication stuff. That’s to deal with catastrophic situations, like my house burns down or I get killed and need a way to pass authentication stuff. The bank makes me jump through a lot of hoops to get access to it, but it’s there.
I’d like the device to have a display and a keypad, so that I don’t have to trust external input devices as to what it is that I’m authenticating (e.g. smartcard point-of-sale systems do this).
I’d rather not use a smartphone for the first device. The smartphone is just too damned complicated and rapidly-changing for me to really want it to store my authentication data. I’d rather have it be a separate token, something that I can plug into a smartphone or point-of-sale terminal if I want to perform an authentication.
There are crypto tokens that contain keystores – powered or smartcard – but they tend to not have a screen or keypad, to save on costs. I don’t really feel like that’s something that I need to save on, as long as I only have one.
I’d like the device to optionally permit setting a passcode for a given key on it. That’s not an ironclad form of security, but makes it harder than just pickpocketing someone’s keys. And for some things, that I use all the time – like my house – I don’t need to have a passcode.
This has a number of benefits:
You don’t need to trust POS terminals. Sketchy terminal? Not a problem.
You can keep a log of transactions on the device.
You don’t have to worry about the latest clever smartphone attack compromising your credentials.
You can use the thing the same way with a smartphone or computer or point-of-sale terminal. That’s something that we really don’t have today – most people don’t have smartcard readers, and vendors generally don’t have support for authentication for those.
It has some downsides:
It’s another device to carry.
It needs to be powered (though it could have very low power requirements, like a digital wristwatch, run for a year on a charge, unlike a smartphone, and could potentially charge off USB or similar). You wouldn’t want your “keys” to lose power (though people who do stuff like smartphone payment already need to worry about this).
It costs something.