Key security in a passwordless world
A short, uninformed post on securing keys
In a previous post, I discussed how passwordless authentication could be better than password-based methods. In that post, I mention that key security with normal people (whether it’s them just giving the keys away or someone gaining access to the machine) will be massively difficult and will be a major issue in a passwordless world. I’m going to go full-on bullet point style with some ideas and the pros and cons of each. Before I get going: none of these replace good ‘ole system security and user education. The makers of these products should aim to educate users to a near annoying degree about the common key phishing techniques.
Only export encrypted keys
A major issue in the crypto world is people giving away their seed phrases. We could make this impossible by requiring a password + AES encrypted exports of the key. The downside to this is compatibility, unless this is standardized the key will only work with the wallet or utility it was generated on. Also, hackers could still go for a security key and password, though users our more likely to be wary of giving up a password than just a key.
SSH and PGP use this technique and it works well, though their users tend to be more computer security averse so it’s hard to tell what “normal” users would do.
Multisig
Pure multisig splits your key up between different 3 or 4 trusted people. This is good for security but bad for convenience.
There is a place for pure multisig: for example, if you have some kind of crypto vault you hardly access, but it’s terrible for digital logins.
I could reasonably see a version of this that uses a primary key and secondary key the secondary key would have two forms, one a plain form you place in a vault or intrust to a third party and a form that can be generated with an OTP code.
Every time you sign something, you have to use some kind of authenticator app and if somehow your phone dies, you can get the original key back from the trusted third party.
A fun combination of both
For effective passwordless security, we need both. Any plain key or key fragment should be password protected. Adding a second authentication factor could add another layer of security in the case of an attacker getting physical access to your computer.
The amount of people getting private keys is increasing with the crypto revolution, we need to make sure these keys stay safe and we have effective methods to keep users out of harm’s way while still giving them the freedom to choose their software.
if you enjoy my post please subscribe and follow me on Twitter.