tptacek
6 days ago
Email accounts are the highest common denominator in online authentication. Phones are competitive, but people lose phones. Phone numbers are more common and durable, but the security of phone numbers is leagues below that of a flagship provider email account. It makes sense that so many authentication flows work this way.
When designing a "fantasy football" alternate authentication system for the Internet, start with account recovery: what happens when a user loses your fancy authenticator? If the answer is "they just don't get access anymore" or "a panel of their peers attests to them", your fantasy authentication system also needs a fantasy species of sentient beings to serve as users, because it won't work for humans.
simonw
6 days ago
> If the answer is "they just don't get access anymore" or "a panel of their peers attests to them", your fantasy authentication system also needs a fantasy species of sentient beings to serve as users, because it won't work for humans.
This has been my single biggest argument against blockchain/cryptocurrency stuff for years: the "lose your key, lose your wallet" thing is fundamentally incompatible with real users.
Humans need to be able to recover from their mistakes.
drdaeman
5 days ago
> [...] the "lose your key, lose your wallet" thing is fundamentally incompatible with real users. Humans need to be able to recover from their mistakes.
Maybe it's my memory playing tricks, or I've only seen the good articles, but I believe nearly every single article about setting up a self-managed crypto wallet had stressed out the importance of having a backup. Serious ones had even explained the 3-2-1 rule. Then the hype came, with it came scams and pumps-and-dumps and NFTs and whatever, and crypto became a clusterfuck that a lot of people didn't want to touch. Yuck.
That's probably the one thing cryptocurrency communities undeniably got right. Quite unlike the Passkeys, where I've yet to see any official or semi-official demo site that even has a flow for adding a second token (some actual sites do, but not the demos).
We should start teaching basic backup strategies in schools. It's not some advanced rocket science, and it's a knowledge that's useful to anyone who deals with information (that is, literally anyone participating in the modern society).
Also, this user unfriendliness is extremely temporary, because computers and Internet are new (at the scale of societies), and there are plenty of folks who had only started to use them later in their lives. After you lose some file or account (ideally, as a kid, so it's not something serious) you start to understand the old adage about those whose do backups and those who don't do them _yet_.
Vegenoid
5 days ago
> I believe nearly every single article about setting up a self-managed crypto wallet had stressed out the importance of having a backup. Serious ones had even explained the 3-2-1 rule.
Yes, this is why it is incompatible with widespread adoption. Most people do not want to do this, and in fact could not do so effectively without learning and thinking a good deal more about computers and risk scenarios, which they don’t want to do and will not do.
You are correct that it is a solution. However, it is not a solution that will ever be adopted on a wide scale.
drdaeman
5 days ago
> Most people do not want to do this
Yes, and I think that's not because they don't want to do it but because:
1) they don't know that they should do this; 2) they don't know why should they do this; 2) they don't know how to do this; 3) because even the systems marketed as current state-of-art (Passkeys) are poorly designed and don't even allow to have proper 3-2-1 backups conveniently (can't enroll a device sitting in a safe, it must be physically brought online which beats the whole point of offsite backups).
Design it to make backups and failover secure yet easy, available out-of-box, and explicitly recommending best practices to follow - and everyone will do it as a no-brainer, at least for anything they care about.
Until recently no one told people to not reuse passwords. Even today most password-based signup forms just ask for password and maybe tell the requirements (length, characters) but extremely rarely they explain anything about uniqueness, randomness or anything else. No surprise it sucks hard in practice, when nearly everyone ignores the education aspect.
People aren't stupid. At least in general. They're just blissfully unaware about a lot of things, especially the older generations. What is impossible in real world is designing a fantasy football nanny authentication system to "safeguard" them, without making a lot of undesirable sacrifices. We manage to explain people to not poke with scissors into electrical outlets (and make it hard to do so accidentally) - we can manage similar stuff with computers too.
Vegenoid
5 days ago
> We manage to explain people to not poke with scissors into electrical outlets (and make it hard to do so accidentally) - we can manage similar stuff with computers too.
I don't think this is a good analogy, because the example is simply warning people of a thing not to do. It takes no effort. Maintaining backups does take effort. This is more like getting people to pick up a new chore, just like how many people see interacting with their bank and financial services as a chore.
Many people who work in IT (or are into computers as a hobby) discount the effort it takes, because there is a lot less friction between them and computers than for the average person.
> even the systems marketed as current state-of-art (Passkeys) are poorly designed and don't even allow to have proper 3-2-1 backups conveniently (can't enroll a device sitting in a safe, it must be physically brought online which beats the whole point of offsite backups). Design it to make backups and failover secure yet easy, available out-of-box, and explicitly recommending best practices to follow - and everyone will do it as a no-brainer, at least for anything they care about.
People have been saying this for a long time. "We just need a better system!" The system doesn't exist because people don't want a system that requires effort. It requires effort to protect a secret that, if leaked or lost, would irreversibly result in your financial ruin. It requires a lot less ongoing effort (to a non computer savvy person) to use financial institutions to store their money securely.
People will choose the system that safeguards them and makes sacrifices that many computer security and freedom oriented people will find undesirable. This is demonstrated by the choices that people have repeatedly made.
EVa5I7bHFq9mnYK
4 days ago
People's bank accounts are irreversibly hacked, emptied, frozen, seized, blocked, impounded, garnished on a daily basis. That you haven't encountered it yet, doesn't mean it's not happening.
People should have a choice which system suits them more.
Vegenoid
3 days ago
Is there not a choice? What is stopping you from converting all your fiat into crypto?
This is simply about what choice the majority of people have made, and likely will continue to make.
EVa5I7bHFq9mnYK
2 days ago
>> What is stopping you
Possible disapproval by fine HN community.
Xen9
4 days ago
Highly relevant (self-advertisement):
drdaeman
4 days ago
I strongly disagree, but I feel that the conversation would be pointless fight of beliefs, unless I actually design and showcase a solution that would be simple yet secure (and I don't want anything that takes effort) - but that will take me a while to work on.
The idea is that user shouldn't have any friction, besides meeting minimal requirements: 1) being capable of reading (or otherwise accessing the text) and comprehending simple instructions; and 2) having certain minimally required hardware or software installed.
I'm sure this is doable and every primitive to build this already exists and vetted by competent people. I'm sure it's possible for a layman non-technical person with normal cognitive capabilities to have a safe authentication solution (which is very different from data backups) with full ownership of their identities and credentials.
Sure there are people that cannot read or cannot comprehend things. A lot of people. I've seen way too many folks who had simple and clear ELI5-grade instructions with zero technical jargon - and nonetheless had failed to follow them because "computers hard". In some case it's the fault of UI or UX, but I strongly believe in most cases it's just learned helplessness - "computers are not my thing and they're hard" and brain shuts off instead of even trying to read. The only solutions are to 1) make them actually interested in achieving their goals (worked for my dad - man went from "I don't know and don't understand [and 'I don't want to' in the tone], order this for me" to suddenly figuring it all out and placing online orders in just a few minutes as soon as he actually needed something when I wasn't around to help), and 2) make sure they have all materials accessible, well structured and covering as many possible scenarios as possible so it's all there the moment they snap out of their learned helplessness. Nothing else works as it is fundamentally impossible to design anything that would work even if people don't read and don't think.
I have some sketches in my mind, specifically focusing on use by laypeople without making compromises about fundamentals (like what is identity - a lot of modern auth perverts this concept badly). I'll give it a try someday, actually drawing it all and writing notes on the inner workings. Wish there'd be a ten of me and we'd have 240 hours a day... Sorry.
> This is demonstrated by the choices that people have repeatedly made.
I'm afraid this is a very bad attitude to follow. The choices people had repeatedly made got us in quite a bad place. Just look at the poster child - IoT - it's a complete disaster. Online auth is in a very similar poor and messed up state, it just less visible.
Vegenoid
4 days ago
I think we may be passing as ships in the night a little bit - that is, I thought we were talking about cryptocurrency wallets, and the merits of a system with authentication relying entirely on cryptographic secrets.
I wish you luck in your development of such a system. I don't disagree with anything you said about learned helplessness, and I think it can be fruitful to push individuals or groups to overcome it, but I think trying to do that to the general populace is like trying to change the wind.
karmajunkie
5 days ago
i think you’re sidestepping the parent’s point: if it depends on users doing the right thing every time, it’s not compatible with the real world.
yes, the advice about wallets is “make a backup”. the advice about passwords is “don’t reuse them”, yet the VAST majority of users use the same password for banking, email, and their phone provider. so what do you think the chances are that your average user makes a backup of their wallet AND remember where it is in three years?
pretty much zero.
antifa
5 days ago
How many forms of backup survive "the government threw you in prison for years?" Even Gmail will refuse to authenticate a correct password with "we couldn't verify it was you" if you never binded your account to a phone and just got out of prison 3 years later.
drdaeman
5 days ago
Uh, well, in context of crypto - your (self-owned) crypto wallet totally would work.
As for email... Sure, I guess it depends on the service and their policies. But here's an anecdote. A few years ago, I've managed to log in in to a completely forgotten 10+ years old email account, finding its password in an old backup. It worked. ¯\(ツ)/¯
If an user cannot log in with a valid credentials, without brute-forcing them, after some years of absence, it's absolutely the service's fault. Of course, in the modern world, customer issues mean nothing so anything goes. But -quoting GP post - when designing a "fantasy football" alternate authentication system for the Internet, this probably shouldn't be a thing.
soerxpso
6 days ago
> the "lose your key, lose your wallet" thing is fundamentally incompatible with real users.
You're allowed to store your key at the bank if this is an issue for you. It's less secure than memorizing it, but obviously equally as secure as your bank account is.
Vegenoid
5 days ago
Are you referring to a physical lockbox? Because if so, that is certainly not as secure as your bank account, because criminals could not drain your bank account by breaking into a bank, nor could your account’s funds be lost if the physical location were destroyed by a flood or other disaster.
Even if you are referring to digital storage managed by the bank, presumably competently enough to avoid data loss, if that data is exfiltrated your wallet will be drained. It would be very difficult for a hacker to irreversibly drain your bank account (given the type and terms of the account, but will apply to most savings accounts), due to the protection and delay systems in place meant to catch fraudulent or unauthorized activity. Note that this definition of “unauthorized” actually means “not authorized by the human being who owns this account”, instead of the crypto definition of “not authorized by someone who knows the correct secret”.
throwaway290
6 days ago
It is not equally secure, if bank loses you money you have recourse, if bank loses your key (a fire, a flood) it's gone.
perceptronas
6 days ago
You can store it in two or N places. Or bank can do this for you.
notfed
5 days ago
"Mom, I already told you: you have to generate a key pair, split the private key into three parts using Shamir' secret sharing algorithm, then give each part to three banks. Whenever you want to use it, you have to go collect it from each of those banks---but DON'T write it down anywhere---and perform your transaction"
And to think the conversation started with an observation that people can't even remember one password.
rkagerer
5 days ago
I agree, there's miles of runway remaining for improving the UX. I actually think it'd be neat if a crypto had this (and a few other things) as a baked-in feature. i.e. In order to create a wallet in the first place, you need to identify e.g. 5 trusted friends who'll serve as recovery partners. Maybe it's initially tied to the same invite mechanic used to join the ecosystem. Could be done in a privacy-preserving (and to some degree anonymity-preserving) fashion. The right UI could make this even simpler than recovering a Gmail account. Everyone would just have it set up, and these conversations about losing your keys would be a relic of the past.
throwaway290
6 days ago
More places is more opportunities for the baddies to get it.
kriops
6 days ago
Shamir it.
sulandor
6 days ago
please wrap the whole thing as a trustworthy product
cooljoseph
6 days ago
I don't understand why this was downvoted. In case it's not clear: (S)he's saying to split the key into multiple shares that can be used to reconstruct the key if you have a large enough quorum. Then store each share in a different place. As long as you don't lose too many of the shares, you'll be fine. And one baddie is NOT enough to get the key.
throwaway290
5 days ago
Either shuffling those keys stored in N different deposit boxes is overly complicated for a normal person, or it is not overly complicated for a moderately dedicated baddie either
Djdjur7373bb
5 days ago
Unless the "baddie" in this case is the government, why would it be easy for anyone to obtain access to multiple secrets stored in multiple boxes/banks?
Multisig is a pretty common setup for crypto and there is software that makes it easier.
throwaway290
4 days ago
Can you show how it can be easy to use in normal life for a regular person and at the same time really difficult for the attacker?:)
tomhallett
5 days ago
"soerxpso" said "store your key at the bank", but you are saying "two or N places". So it sounds like 1 bank is less secure for your key then 1 bank is for your money, because you need two or more banks for your key, while 1 bank for your money is sufficient. Correct?
afastow
6 days ago
I stay away from everything crypto but I don't see the difference. In both cases if they didn't make it right you'd go to the courts and make your case that they are at fault and owe you compensation.
kgwgk
6 days ago
In the first case, bank deposits are insured. In the second case, safe deposit boxes are not insured.
afastow
6 days ago
They're just different things. The FDIC insurance is for if the bank itself goes insolvent and they literally don't have enough money to cover their depositors' balances anymore. There's no reason a safe deposit box would be affected.
kgwgk
5 days ago
Yes, they are different things. A safe deposit box wouldn't be affected by the banks insolvency.
A safe deposit box may be affected by other things and if those things happen they don't have to "make it right", if you go to the courts and make your case you may find that they are not at fault and you are not owed any compensation.
throwaway290
5 days ago
A fire, a flood, a robbery...
bburnett44
5 days ago
Is a bank deposit box not insured against those things? I've never really thought about it but always assumed they would be
dagw
5 days ago
Probably varies from bank to bank, but in my experience you have to specifically buy separate insurance if you want the content of your deposit box insured. The big problem from the bank's point of view is that, unlike your bank account, the bank doesn't know what you have in the box and thus has no idea what to insure it for and no way to verify any claim.
account42
4 days ago
More importantly the bank doesn't profit more from something more valuable being in your safety deposit box so it doesn't make economic sense for them to be the one insuring it.
user
5 days ago
btilly
5 days ago
The history of crypto says, "Good luck!"
There is a long history here of once trusted institutions turning out to be fraudulent.
generic92034
5 days ago
I might be mistaken, but are not several "traditional" banks offering crypto wallets for customers? Is there a realistic chance this kind of bank is going to steal their customers' crypto and going (at least, next to criminal investigations) bankrupt over it?
Djdjur7373bb
5 days ago
Sure, they could. Would that be any different from how a bank could steal funds from a traditional deposit account?
By making a bank the custodian of your crypto wallet, you're placing your trust in them and should have similar legal recourse you would have had with a fiat deposit.
generic92034
5 days ago
I am not sure if you are objecting. Definitely you need to trust your bank if you are going store your crypto with them. I just do not see any large traditional bank stealing their customers' crypto and hoping to get away with it.
As far as I know all the cases of stolen crypto have been newly founded companies with their only business being your crypto. That is quite unlike the other kind of bank.
comprev
5 days ago
If you accidentally burn cash you cannot recover it. The paper in your hand isn't replicated in another place.
Humans have been unable to recover from mistakes since day zero
depaya
5 days ago
That is a funny example to use because the US Government has a service specifically designed to help you in that situation: https://www.bep.gov/services/mutilated-currency-redemption
Yes obviously if your money is completely burned then it's gone, but that is generally pretty unlikely to happen. Losing your digital key is many orders of magnitude more likely to happen in my opinion. And there is - by design - absolutely no way to get it back. That makes using blockchain for anything serious completely untenable in my opinion.
andresgottlieb
5 days ago
It doesn't need to be completely burned to be gone:
"No redemption will be made when (...) Fragments and remnants presented which represent 50% or less of a note are identifiable as United States currency but the method of destruction and supporting evidence do not satisfy the Treasury that the missing portion has been totally destroyed"
Not that unlikely, in my opinion.
dotancohen
5 days ago
For at least 12,000 years, humans have been getting very good at holding on to physical things.
Digital things, not so much. I'm a professional in the field, yet I've lost digital data in the past few years. Normal users who work in other fields? Lost cause.
mvitorino
5 days ago
Accidentally burning money is a very low probably event. Forgetting passwords or any type of memorized secret is the most likely default outcome, and chance only increases with time passing.
sealeck
5 days ago
> If you accidentally burn cash you cannot recover it. The paper in your hand isn't replicated in another place.
Which is (one reason) why most people use a bank account and don't hide their money in big bundle of cash under their pillow?
mercenario
4 days ago
With current currencies you don't have an option, you HAVE to give your money to banks and accept its consequences, like losing privacy, risk of have it frozen, etc.
With cryptocurrencies at least you have an option, you can leave it at a custodial wallet that can manage some of the security for you or you can have a non-custodial wallet.
j-bos
6 days ago
I don't know, we carried physical money for millenia. Humans managed that.
alkonaut
6 days ago
Yes and people quickly realized that there is an amount they don’t want to carry around. No one carries their life savings and few would even keep it in a safe in their house.
blahedo
6 days ago
Yes, by evolving banks to solve some of the problems of lugging around lots of cash and/or stuffing it in a trunk in your house. And assuming you are known at your bank and/or can (eventually) prove your identity there, you don't have the same "lost wallet" problem being discussed here.
lolinder
6 days ago
Money occupies physical space, so for most of history there was a pretty low cap on how much you could bring with you at once, which placed a cap on how much a single mistake could cost you.
somenameforme
6 days ago
Currency was traditionally made of precious metals which often gave them a rather high starting point of value. It also made them inflation resistant meaning the real value only grew over time. For instance in the Roman Empire an aureus [1] was worth 25 denarii (prior to inflation) and was about 2cm in size, so roughly the same size as a dime, made of pure gold. And a denarius was worth about a day's wages. So you could comfortably hold decades of wages in a small coin purse. And as inflation ravaged the Empire a single aureus gradually came to be worth thousands of denarii.
presentation
6 days ago
This is what transit payment cards in Japan at least do, you can tap to pay most places but there’s a cap of 20k yen you can add to your card, so there’s a cap to how much you can lose.
notpushkin
5 days ago
I love how these cards work in Japan. There’s a bunch of different operators but they all work across the country – for example, if you buy a KITACA in Sapporo, you can use it in Tokyo and Osaka and anywhere else. And of course you can use them in a bunch of places, from all the transit options to vending machines and coin lockers on stations to konbini everywhere and even some restaurants.
(Of course it’s a bit more complicated: https://commons.wikimedia.org/wiki/File:ICCard_Connection_en... – but still impressive nonetheless!)
zaphirplane
6 days ago
> cap on how much you could bring
Bring to where ? Are you mapping the crypto wallet concept to the physical wallet concept as a mobile storage concept ?
All your money is the limit, however you store it.
zmgsabst
6 days ago
That cap has always and still does exceed the median worth.
ekianjo
6 days ago
> there was a pretty low cap on how much you could bring with you at once,
you didnt need to bring a case of cash to buy anything before the 20th century
iamthepieman
6 days ago
You didn't lose your entire savings if you lost your wallet, usually.
onethought
6 days ago
Perhaps micro wallets should be a thing where your wealth is distributed across many keys mitigating some loss.
ta_1138
6 days ago
At which point I gained the problem of having to keep track of all of my microwallets securely, hopefully in a way that survives my phone being lost, a house fire, or my untimely death, leaving the wealth to inheritors. All while, at the same time, not ending up behind a single key that has access to all the information to those micro wallets.
Quickly you end up in a situation that either starts to look like how financial companies keep their most high risk keys, or end up outsourcing the whole thing to something that quickly starts to resemble your bank.
So ultimately it's just like cash: Fine for small amounts. Risky, but maybe livable for somewhat larger accounts, or a giant headache that will probably bite you when you start looking at lifetime savings.
jakelazaroff
6 days ago
If I’m having trouble juggling a single ball, why would it help to add more balls into the mix?
IggleSniggle
6 days ago
Physical money is physically recoverable after lost
Too
6 days ago
For the system yes, a dropped coin eventually reenters the market and a burned bill can be reprinted again. Can't say the same about a crypto wallet. For an individual though, in both cases, a lost wallet is a lost wallet.
While an interesting difference to study, the average person is not going to care about the former case. They just don't want to keep their life savings in an asset as easy to loose as their pocket money.
IggleSniggle
5 days ago
If you drop your wallet in a bar, there's a chance you can recover it by returning to the bar and searching for it, by the bartender or a patron returning it to you based on the address or a number in your wallet, etc. Physical money really is not the same, even for the individual.
user
5 days ago
d0gsg0w00f
5 days ago
A burned bill can be replaced because its value is backed by an institution--the absence of such an institution is the premise of crypto.
onethought
6 days ago
No it isn’t. No more than a wallet key.
If I lose $1 note. It’s gone. If I recover it, then it’s no longer lost.
MadnessASAP
6 days ago
A $1 note being a macro scale physical object enjoys a variety of benefits such as object permanence which provide a baseline level of recoverability. Whereas a wallet key l, being a number, enjoys no such protections.
Of course you may choose to encode your wallet key on paper, metal, or stone granting it properties not unlike a note. However you have now compromised the security of your wallet as well it becomes no mere $1 note, rather it is a note that represents all or a significant fraction of your net worth.
zmgsabst
6 days ago
You can encode your bitcoin in wallets of predetermined size, spreading your risk.
But you’re reinventing money with extra steps.
Djdjur7373bb
5 days ago
> But you’re reinventing money with extra steps.
But you gain some desirable properties over traditional money.
Without crypto, you don't have frictionless and permissionless transfers of arbitrary value across international borders.
SpicyLemonZest
5 days ago
There's no fundamental property of the monetary system that prevents transfers of arbitrary value across international borders. There's just a large number of financial regulators, border guards, etc. who will throw you in jail if you carry a big block of gold across the border or accept a large wire transfer without filling out the necessary forms. In many countries, the laws governing those forms don't yet apply to cryptocurrencies, but I'm skeptical it will remain that way forever.
Djdjur7373bb
5 days ago
That's true, and the AML laws for crypto are already becoming more strict, especially in Europe. But in practice, it will be much easier to evade those laws than it is with fiat transfers or moving physical cash/gold.
zmgsabst
5 days ago
There’s also some weird technicalities:
Eg, if you shard a key into three pieces and each person carries one through security, did anyone actually transport the money through?
paxys
5 days ago
Banks have been a thing almost as long as money.
kibwen
5 days ago
And the notion of credit has been a thing even longer than both money and banks. You don't need to carry money around for every little transaction if people know you're good for it someday in the the future.
verzali
4 days ago
Don't you need an idea of credit for money to work at all? You need to be able to trust that the shiny rock you give me today for my wheat will be worth anything tomorrow when I want some of your meat.
umanwizard
6 days ago
Yeah and it sucked which is why we invented better solutions.
What most bitcoin fans seem not to understand is that for the vast majority of people, transactions being reversible by authority figures is desirable.
lelanthran
6 days ago
> I don't know, we carried physical money for millenia. Humans managed that.
Yeah, but if I lose the physical 100$ I am carrying, that doesn't prevent me from accessing the rest of my cash stored elsewhere.
I've never lost access to the rest of my cash stored elsewhere.
nick3443
6 days ago
Maybe instead of a crypto brokerage holding your wallet, there can be a "key bank" which uses those more expensive methods of attestation and you can use it for recovery if you lose your key up to once per year or something. It would be like having your key written down in a safety deposit box at a local or regional bank.
grey-area
6 days ago
Maybe the key bank could hold your digital money as well. Then we wouldn’t need a blockchain and your transactions could be instant, free, private and reversible.
firesteelrain
6 days ago
This is the same problem that you run into with secret zero and commonly discussed in context of HashiCorp Vault. At some point you need to store the unlock keys then you need another repository under RBAC to protect that repository. They say to print out the keys and store them offline on paper but how many own a Class 5 safe ?
tasuki
6 days ago
How many own a lot of books? Just... pick one.
firesteelrain
6 days ago
Not following? Do you know what I meant by a Class 5 safe?
tasuki
5 days ago
I don't. And frankly I don't think a safe is a good place to store secrets. It is too conspicuous.
firesteelrain
5 days ago
These safes are certified for all kinds of sensitive (GSA recommends them for Classified use from what I have read) use and they are safe.
Ideally, you connect Vault to a HSM if you need that kind of security that’s being described. HSMs are electronic safes
tasuki
5 days ago
> These safes are certified for classified use and they are safe.
The website says "10 minutes against forced entry". That's not safe.
No safe is safe against a state level actor. No safe is safe against "hit you with a crowbar until you open the safe".
Whatever secrets you have, it's better to hide them than to put them in such a conspicuous place. The only reason one should use a safe is as a plausible decoy...
firesteelrain
5 days ago
This isn’t the safe to rule all safes. You have other mitigating factors like access control.
If you have state level actors physically breaking into your facilities then we might be at war
tasuki
5 days ago
If you have enough books (which doesn't even have to be that many), it's much better to store your secrets in one or more of the books.
firesteelrain
5 days ago
Yea but you have multiple pieces of the secret to restart your Vault instance. Now you need to go to everyone’s office or home to get this secret to restore it.
I am referring to Shamir algorithm that Vault uses
thinkmassive
5 days ago
Collaborative custody multisig providers have been in business for years. Recently even Block (CashApp etc) has introduced a product with this feature.
By geographically distributing your signing devices you improve both security and reliability. One of those keys can be hosted by a third party to be used for recovery, without providing them any ability to touch your funds without your involvement.
cortic
5 days ago
>> If the answer is "they just don't get access anymore" or "a panel of their peers attests to them", your fantasy authentication system also needs a fantasy species of sentient beings to serve as users, because it won't work for humans.
>This has been my single biggest argument against fiat currency stuff for years: the "lose your money, lose your money" thing is fundamentally incompatible with real users. Humans need to be able to recover from their mistakes.
And yet, for the very longest time, it was the default position for humans.
thaumasiotes
6 days ago
> This has been my single biggest argument against blockchain/cryptocurrency stuff for years: the "lose your key, lose your wallet" thing is fundamentally incompatible with real users.
This would make currency fundamentally incompatible with real users. Reality says otherwise.
jacinda
6 days ago
Currency in the real world has many, many backups. For example, if I forgot the PIN number to a very old bank account that I later find a long lost relative recently put hundreds of thousands of dollars into when they passed away, I have other avenues to recover access. They might be annoying or require work (getting an affidavit, multiple forms of ID, etc) but it's not irrevocable in the way that a strict definition of bitcoin is.
xboxnolifes
6 days ago
A bank account is not currency. Cash is. You can still put cryptocurrency in a bank if you so choose.
jjmarr
6 days ago
It's a lot harder for the average person to lose 1 million dollars in cash than in Bitcoin because humans naturally understand the exchange of physical objects.
If I have a duffel bag of money, it is obvious that physical possession of the bills means I can access its value. Anything negating that possession would cost me my money. I should probably keep it away from open flames and water; but it's not going to spontaneously combust. A thief would need to physically take the money in the duffel bag for me to lose the value.
Meanwhile if I store Bitcoin on a USB drive the drive might randomly fail and I lose all my money (because I'm actually storing a key to access it) even though I still have the USB stick. The solution is to back up my key in multiple places simultaneously, which doesn't make sense to most people (how can money be in two places at once?)
If I plug the USB stick into the wrong computer, someone can steal all my money (because they can find out what the key is) without me ever losing the USB stick.
Virtually every human on Earth understands the notions of object permanence and that objects can be exchanged for other objects. This is intuitive from evolution and actual monkeys can comprehend physical currency.[1] I don't see how cryptocurrency can be on that level.
[1]. https://www.zmescience.com/research/how-scientists-tught-mon...
eesmith
6 days ago
Except reality isn't so ... digital.
In reality I've found a lost wallet and helped return it to its owner. At least twice, actually. Both times because there was an identifying name in the wallet.
Then there's the time as a kid when we found $60 on the floor at a department store, and turned it over to lost&found. I remember it because the store had a policy that if cash hadn't been claimed for a month, then the person who turned it in got it. Which we did.
user
5 days ago
rendaw
6 days ago
I've heard that a lot about cryptocurrency, but aren't there plenty of cryptocurrency users who have never lost their wallet and have good personal opsec?
Maybe the issue is trying to force one solution for everyone.
rblatz
6 days ago
Even Bitcoin core developers, which should be well above average in understanding crypto and good opsec, have had their Bitcoin stolen.
wpm
6 days ago
The issue in not trying to force one solution for everyone becomes a blocker when you intend on making some technology useful and essential to everyone, hence, no one seriously gives a damn about crypto anymore.
airstrike
6 days ago
The claim that most humans are prone to losing keys isn't negated by the existence of some humans that have (so far) been able to keep their keys.
user
6 days ago
candiddevmike
6 days ago
Government provided digital IDs would solve a lot of this. Yes, they may have their own problems, but outsourcing the action of identifying individuals to the government seems valuable and less prone to "lock outs" like Google and friends.
terribleperson
6 days ago
I think I've said it before, but I want USPS-provided email. To set one up you'd go to a post office, verify your identity in some way, and set up an email. If you forget your password and want to recover it, you'd have to go back into a post office and verify your identity again.
quectophoton
6 days ago
Yes!
Stuff like national ID, banks, ISP, job search websites, doctor appointments, etc, require[1] having an email address, and it feels wrong using gmail and similar providers for these use cases that are already tied to you having a physical presence in that location anyway.
Could be provided by any local company, really, but postal services are not going to disappear anytime soon and they already have a second way of getting in contact with you if there's any issue (registered mail[2]).
Debit cards are already delivered through postal mail anyway, and there's not many things that are more sensitive than that.
[1]: Well, maybe doctor appointments don't require and only strongly encourage, but that doesn't affect the point too much.
hnbad
6 days ago
Germany has PostIdent: you are issued a code, take it to the closest post office, hand them the code (originally this involved printouts) and your ID card and they scan your ID card and enter it into their system where the issuer of the code can then request that info to verify your identity.
This has largely been replaced by videochat for ID card verification where some underpaid person walks you through holding your ID card in front of your smartphone cameras to verify that it's real, not CG, not tampered with and matches your claimed identity.
The critical aspect here is that you don't have to hand your ID card (or a picture of it) to the company that wants to know your identity. The post office or the videochat provider serves as a trusted source of truth.
noAnswer
6 days ago
Or you hold our ID card to your phone and do it on the spot.
https://www.deutschepost.de/en/p/postident/geschaeftskunden/...
elros
6 days ago
Initially when I moved to Germany I thought it was a bit of a hassle to have to go to the post office for PostIdent; now I actually miss the elegance and privacy of that system in other countries.
kolmogorov
6 days ago
https://en.wikipedia.org/wiki/De-Mail also was an attempt
thbb123
6 days ago
The french postal services does that and includes a digital wallet and cloud repository.for instance, my paycheck certificates are delivered on this wallet.
Besides, the french administration is providing its own global scheme for online authentication.
Right now it works for all public services, but it is also open to all willing businesses.
It makes it also very easy to control tightly what kind of information is distributed to various services and businesses.
aborsy
6 days ago
What are the names of these services, to see how they work, their recovery process and abuse prevention?
palsecam
6 days ago
https://www.laPoste.fr/digiposte (digital safe) & https://laPoste.net/accueil (e-mail); offered by the postal services.
https://FranceConnect.gouv.fr/ is the online auth provided by the administration.
chii
6 days ago
I don't want a semi-gov't authorized service like this. Because its existence means services would want to mandate it (even if they don't truly need it), and force users to identify themselves directly - may be even across services (by matching their email address, which now must be unique as it is identity-linked).
I personally sign up to all online services with a different email each. I would like to be sure that my identity is hidden behind an alias for all services, so that they cannot be linked together. And if i want multiple accounts (for better or worse), i should be able to achieve that end.
throwaway290
6 days ago
Australia is working on zero knowledge proof. The end service only knows that you are legit/of age/etc (only what it needs) because gov service confirmed it, but does not know who you are
bouncing
3 days ago
And what does the Australian government know? Could it collect who you identified with?
kmoser
6 days ago
No, thank you. I don't want anybody with a fake ID of me to be able to take control of my email. I want to use my password, I want it strongly encrypted at rest, and I want to be able to reset it remotely any time of day, without waiting for the USPS office to open.
terribleperson
6 days ago
Is a fake ID going to fly at the post office, where they can scan them? Also, I was imagining they'd want more than just an ID.
edit: Also also, they have to go into a physical post office and be observed trying to steal your account. Given how it's quite possible to steal accounts via social engineering, this seems like an improvement in security, not a reduction.
kmoser
5 days ago
I don't want a government entity, or really any entity I'm not paying directly for their services, to be the gatekeeper between me and my accounts.
The social engineering attack surface of my account currently consists of a handful of support contacts at my ISP, who have been trained to deal with computer security. If you allow any USPS employee to access your account, you've suddenly increased the potential attack surface by several orders of magnitude.
nine_k
5 days ago
(1) Your USPS-provided email should neither be mandatory nor the only acceptable email. It could be an extra convenience, and a low-friction way to get a reasonably secure email for first-time / technically unsavvy users.
(2) An entity you're directly paying to may go out of business, sometimes due to circumstances beyond their control. At least state-sponsored entities don't do it so abruptly in most of the "civilized world".
bouncing
3 days ago
The account recovery process for commercial email providers usually involves you photographing your ID. Presumably the post office, in person, would be far less likely to be fooled.
alberth
6 days ago
To get a RealID drivers license in the US, which will be required to board a plane soon, requires all of the above and more.
It’s a government in-person KYC.
tbrownaw
6 days ago
> which will be required to board a plane soon
Assuming that this time the deadline doesn't get pushed back at the last minute again like has kept happening so far.
loeg
5 days ago
RealID requirement for domestic flights (still) isn't happening, just like it hasn't happened since it was first announced for requirement in 2008.
eesmith
6 days ago
Not 100% required, even for adults.
Those without acceptable identification may complete an identity verification process and face additional screening. https://www.tsa.gov/travel/security-screening/identification
bombcar
5 days ago
Everyone should experience this at least once - it’s eye opening.
I did it involuntarily because I forgot my wallet once, and decided “well, I’ll either get through and in my way, or I’m too late to drive home anyway and will miss” - and it worked fine.
Even crossed back into the USA without my passport a few times. Just additional screening and bitching is all (at least if you’re a US citizen; membership in the Empire has its perks!).
FireBeyond
6 days ago
The irony with that is that if someone undocumented wanted to leave the country, this requirement could potentially hinder that.
I also don't really want to have to carry my green card around everywhere. Just one more thing that can be lost.
alberth
6 days ago
How would it?
To travel internationally, a passport is required (not drivers licenses).
FireBeyond
5 days ago
I might have been being more simplistic than I needed to be, because there are other travel methods, but I was more meaning, "Not everyone lives next door to an international hub" (so might need a connecting domestic flight).
chrisweekly
6 days ago
Passport will also work
imoverclocked
6 days ago
I’m not sure I trust USPS to get all of the ins/outs of email spam/security/ux right. Google has spent a lot of resources to get Gmail to where it is today, starting from scratch (or OSS) seems like a big ask.
Maybe we just ask for an open authentication system instead? Leave the email part to someone else… and maybe the open authentication can plug a crypto app/email/phone backend for recovery once it is setup. Heck, given that’s it’s the USPS, they will probably offer a snail-mail recovery option (for better or worse.)
ww520
6 days ago
That takes mail spamming to the next level. (I'll show myself out...)
weikju
6 days ago
Now you lock out the rest of the world until they can implement this and federate identities between countries.
scubbo
6 days ago
That's not a problem. Many systems and services have launched geolocked to certain countries before later expanding (Google Voice, for one).
KronisLV
6 days ago
> Government provided digital IDs would solve a lot of this.
Over here in EU, we have something like it - you get an ID card that has two PIN codes that you can use with a card reader and some software to digitally sign documents and such: https://www.eparaksts.lv/en/ (of course, there's also a mobile version)
In addition, there now are services where you can log in to your bank account, confirm payments, or just log in to your government portal account with a two factor app, the account on which is based on your identity: https://www.smart-id.com/
So if I make a payment online with my card, I'll have to authenticate through either a code calculator (physical piece of hardware) or the phone app with codes that I've chosen, to confirm it. Same for logging into various sites, for example, for paying my utilities.
Works pretty well and if I lose my ID card, then I can get a new one, issue new certificates for the apps and continue where I left off (with the old ones being revoked). I might need a backup phone too, though, since not being able to confirm my payments if my phone breaks is pretty stupid (though I guess Revolut/PayPal/whatever still work as expected, unless I only have my OTP codes for those on said phone).
SAI_Peregrinus
6 days ago
My wife works in a city clerk's office. They provide (among other things) vital records services for the city. Like getting birth certificates.
To get a birth certificate, you must provide government photo ID with a name matching that of one of the names on the certificate you're trying to get. So you can get your own, or your child's, but not some random other person's.
Lots of people were born before RealID driver's licenses. Some of them went by names other than the names on their birth certificates, and thus are unable to get new copies of their birth certificates using the government-issued photo ID they currently have. E.g. I've got a grandfather who went by Sam his entire life but was apparently named Harold. His driver's license had Sam as his first name. If he had lost his birth certificate, he would not have been able to obtain a new copy legally using that driver's license! This still happens to people. Also sometimes house fires or similar disasters happen, and people lack the ID needed to get new government-issued ID.
tsimionescu
6 days ago
These things can be solved too, but in a more complicated process. Typically some lawyers and a judge need to get involved, get some people to testify that you are this same person, and you will be issued new ID.
WhyNotHugo
5 days ago
How did he get a driver's licence with the name "Sam"? Don't you need some form of judicial process to change your name on this kind of thing?
user
5 days ago
quectophoton
6 days ago
It certainly is an alternative we can at least think about.
On one hand, the certs you'd use to login to websites wouldn't even need to include any personal info at all, just a valid signature from a CA that the website knows how to verify. And the certificate wouldn't need to be the same for every website, it could be one you generate for a specific website.
On the other hand, a lot of thought would need to be put into how expiration/renewal and revocation would play into this.
Of course there should be an evaluation of the ways this could go wrong if someone from the gov misuses this CA, and how that compares to someone from your current email provider misusing their permissions.
But if nothing else, something I really want is to just be able to have an email address like `random_id@my_country.my_country_tld`, to at least have an email address where I don't have to worry about being locked out, so that I can give freely to ISP, bank, grocery delivery websites, other local companies, etc. Most of this stuff I wouldn't even mind receiving as postal mail anyway. And if shit hits the fan, I can recover access to this email account by walking to an office and identifying myself.
layer8
6 days ago
Having only a single such address also means you can be blacklisted forever, in addition to being tracked across services.
quectophoton
6 days ago
What I had in mind was more like randomly generated addresses as needed, all of them linked to your (one) mailbox. Like Apple's "Hide My Email", but without needing a "main"/"canonical" email address because it would be unnecessary anyway (because you would be logging in to your mailbox with your own certificate).
But even if that single-address limitation were the case, the kind of places I would give it to already require knowing my national ID number anyway, so the two particular things you mention are already the status quo.
In other words, stuff that is already tied to having a verifiable citizenship.
jks
6 days ago
Estonia has this: <https://e-estonia.com/solutions/estonian-e-identity/id-card/>
Finland tried to copy it, but the Finnish card (while based on the same technology) is used very little. Finnish banks already had their own OTP solutions, which they started offering for authentication on other web sites, so no-one wanted an extra authenticator on top of that. This of course means that you get phishing emails pretending to be from all sorts of government services, where the goal is to get your banking credentials and take your money.
Since then, mobile phone operators added their own authentication system based on credentials residing on your SIM card <https://mobiilivarmenne.fi/en/>. You prove your identity when getting a mobile phone contract and can then use that to log into many sites.
jpalomaki
6 days ago
Yes. I would very much like to tie certain accounts to my government issued digital identity and allow that as the only recovery method.
ozr
6 days ago
I haven't heard a compelling argument that anything needs to be fixed with email-based auth patterns. It is imperfect but not bad, and every proposed alternative seems to be worse.
The article seems to lean into security and usability concerns.
On the security front: the weak-point is still the human. If you hand over your credentials to someone nefarious, well.. you handed over your credentials to someone nefarious.
Usability isn't convincing me either. One of the great things about email is that it really is the lowest-common denominator, as another commenter mentioned above. (Almost) everyone, from kids to the most tech-inept luddite have some sort of email.
JonChesterfield
6 days ago
One flaw is I'm pretty sure a lot gmail account is lost forever. Contacting Google to retrieve access would not go well. Related is that if you try to self host email your messages are unlikely to reach anyone.
jerf
6 days ago
Self-hosting outbound email is hard.
Self-hosting inbound email is trivial. Anybody will send email to any random domain, they're just not willing to accept it from random sources.
And the latter is what is relevant for password recovery.
I self-host inbound but use established servers for outbound through my ISP and have had no trouble with that setup for a while. Forwarding to people through my domain has gotten a bit more challenging lately but I've got it working well enough to satisfy gmail so far. (The advantage with forwarding is you only have to convince one server to accept it, not everyone in the world, and there's some crypto stuff involved now that involves trusting some keys, not just a domain or IP, which also helps a lot.)
witrak
5 days ago
>Self-hosting inbound email is trivial. Anybody will send email to any random domain, they're just not willing to accept it from random sources.
That is simply not true. I have self-hosted email service and starting about 1.5 yr ago some big email services don't deliver emails to my server anymore. And there are many similar cases reported...
So one can say that even if an independent email service is willing to accept email traffic from any sender it does not guarantee that customers of all other services can have delivered their emails to addresses at the service.
JonChesterfield
6 days ago
That seems a great compromise. I hadn't registered the distinction in direction. Even without organising the forwarding part there are plenty of organisations that email me password resets that I don't need to send email out to.
JadeNB
6 days ago
> Self-hosting inbound email is trivial. Anybody will send email to any random domain, they're just not willing to accept it from random sources.
In terms of authentication, this is not entirely true. It's less common these days, but I used to have a lot of trouble with sites rejecting my attempts to create accounts with e-mail addresses from my disposable-e-mail-generator of choice.
elric
6 days ago
Just yesterday I tried to register for a service using one of my own domain names with self hosted email. The confirmation mail arrived, but as soon as I clickes the link I was told that my email address wasn't allowed.....
Not sure what kind of crap some folks are smoking, really.
FireBeyond
6 days ago
> from my disposable-e-mail-generator
Well, I suspect those are more specifically blacklisted.
ozr
6 days ago
I'm not saying there aren't flaws, I'm saying none of them happen at a rate significant enough to be worth switching to another system (with an entirely new set of flaws).
ristos
6 days ago
It exists for US citizens at least: login.gov (https://developers.login.gov/oidc/getting-started/)
It has it's pros and cons, maybe more pros if you factor in that the biggest issue isn't authentication really, it's the fact that all of these private companies accrue everyone's sensitive info, which can be abused by any actor, private or public. If data were kept on the client side, and synced to other machines through P2P like WebRTC, then maybe this wouldn't be such a big deal.
joncfoo
6 days ago
Unfortunately login.gov is only available for use by companies doing business with the US government.
capitainenemo
6 days ago
Also login.gov isn't a government issued digital ID. It's just a centralised authentication platform for government use, much like using google or apple for authentication.
It supports the usual options for multifactor (TOTP, text, yubikey/other hardware auth/PIV cards) but for most users it probably ends up being SMS. At best TOTP.
JumpCrisscross
6 days ago
> Government provided digital IDs would solve a lot of this
A lot of what? It seems like the worst of all worlds, given that ID would not only unlock some highly sensitive things, but also be difficult to change and tremendously revealing.
iknowstuff
6 days ago
Nah the government could just give a website a unique id per real user per website, without revealing who the user is. Merely verifying that they are the same person as last time.
user
6 days ago
alkonaut
6 days ago
It does solve a lot of this. Some have gov’t issued IDs, others have a hybrid public/private system where banks issue the ids. But yes, a de facto standard electronic ID is almost unthinkable to not have. How else do you interact with authorities or healthcare? I used e-ID since long before smartphones, I can barely picture what it would be like to log in to handle taxes, benefits medicine recipes or doctors appointments if it worked any other way.
DANmode
6 days ago
Humans understanding the basic concept of public/private keys,
wanting a Yubikey or similar,
and/or being able to use basic tools to make a key,
would also help.
But I'll take the government-led method as a Plan B, if it works.
JadeNB
6 days ago
> Government provided digital IDs would solve a lot of this. Yes, they may have their own problems, but outsourcing the action of identifying individuals to the government seems valuable and less prone to "lock outs" like Google and friends.
Sadly, the US government goes the other way and contracts out verification (to government websites!) to an invasive private company.
j45
6 days ago
I'm not so sure how many ppl would leave a key to their house, or a pin to their bank account with the government. Or a bank.
Identity is relatively solved, there are just lots of sacrifices made in security in the name of convenience.
Fingerprints as consent to login, Facial recognition as consent to login... seems more like a username, than a password, or a username+password.
cyberax
6 days ago
Clear in the US can do that: https://www.clearme.com/for-your-business
It's not exactly a government service, but Clear is trusted by the government enough to allow their customers to bypass the airport screenings.
lotsofpulp
6 days ago
Screw Clear and screw the US government for allowing more privatization of public infrastructure.
9cb14c1ec0
6 days ago
How about a bank-provided digital id that you get when opening an account by walking into a physical bank location and providing your photo ID? It would tick the "less prone to lock out" problem without placing even more power in government hands.
dalke
6 days ago
Bank provided causes problems with people who don't have bank accounts. Here in Sweden most people use bank-provided electronic ID called "BankID".
Quoting "Foreign citizens in Sweden blocked from BankID after several banks roll out new rules" https://www.thelocal.se/20220117/foreign-citizens-in-sweden-...
> “We have been working systematically for six months to get residence permit cards, then a personal number, then a Skatteverket national ID card, and finally bank accounts. To our shock, we were just told by ICA Banken that the Skatteverket National ID – the only one available to non-citizens – is not a valid source of identification for BankID.”
BankID causes problems because it isn't designed for the interests of the whole population. For example, it requires proprietary software which only runs on Microsoft Windows, macOS, iOS, or Android, with hardware verification and Google services.
This makes it unacceptable to free software advocates, and to privacy advocates, and to national data sovereignty advocates .. the total population of which is so small as to not affect the banks' commercial interests.
One thing I learned recently is how the US can, with its control over the SWIFT banking network, tell banks in other countries to shut down the account for a local citizen who the US has designated a terrorist. At least that's what I gather from the news I read after two leaders of the biggest neo-nazi group here in Sweden were designated as terrorists by the US.
If the goal is to keep power out of government hands, don't look to highly-regulated banks which are subject to the whims of multiple governments.
scrollaway
6 days ago
We have this in Belgium and it’s really not that good. It created a pattern of companies relying on people having an account at certain banks; which when you’re either immigrant or unbanked is unlikely and shuts you out of certain businesses.
It’s been phased out for the government provided login system which is much better but not exactly simple for laypeople to set up. On top of this, integrating with it requires an extensive certification process, it’s not just an open API.
jks
6 days ago
Banking credentials are used a lot in Finland to sign into other services. This means you get phishing emails saying "your medical test results are available" or "you're getting a tax return" where the actual goal is to get into your bank account.
user
6 days ago
aucisson_masque
6 days ago
> Government provided digital IDs
Oh man, that sounds like a terrible idea privacy wise. Every website would make use of it to track it's user.
eaglemfo
6 days ago
The german gov ids actually have a way to issue pseudonymous tokens where websites can only see that you are the same person as last time. You can't make 2 accounts on the same site if sich things are unwanted. You can't link accounts across providers.
How it works under the hood? No specific idea. I wonder if its sound.
rangestransform
6 days ago
The problem is the government can then definitively associate all your accounts with your real identity
noAnswer
6 days ago
How does the government know which token a ID card generated? The ID card itself generates (for each service a different one) and encrypts it. Not even the card reader can read it. It is a encrypted channel between the card and the ID-server for the site/service. The pseudonym function does not identify a person but a card.
user
6 days ago
jack_pp
6 days ago
If it identifies the card and the govt can identify you by your card then isn't it by definition identifying the person?
noAnswer
6 days ago
The government doesn't know which card a token from a "pseudonym function" belongs to. The government can identify a person when the ID function was used, of course.
Again, it is a random token the card generates internally for each service. It is non transferable! If you get a new ID card, you can't use it login to whatever you used your old card for. (You would need something else... say an email :-) to tie the knot back to the old identity or whatever.) Which makes this function, the pseudonym function, very bad for random accounts (Edit: meaning longer lasting online identities like forums or whatever). I guess eaglemfo didn't knew.
It's more for like "yes, yes, I'm an adult, now give me this pr0n movie which I pay for with my anonym prepaid card" kind of deals.
taneq
6 days ago
I read this as tongue-in-cheek at first (since most web sites do their darnedest to track their users, and having a log-on kind of requires this anyway).
A centralized authentication system like this wouldn't need to be a single consistent UUID per person which was then passed around. Presumably you'd have a central login to authenticate you to the system, and then the system could create separate 'id' tokens per web site or whatever that the user logs in to.
pennomi
6 days ago
I think it makes sense as the master recovery account. Then you use a secondary account for everything else.
eaglemfo
6 days ago
Wasn't there a recent sidechannel attack on Infineon cryptography chips? The EU passports likely use the Infineon chips.
dilyevsky
6 days ago
ID.me kinda already does this. They integrate with IRS, SSA and bunch of local government stuff
easton
6 days ago
Login.gov is the US Government’s homegrown solution, which also does it. It’s not one account <-> one citizen though, which you’d probably want in a real government id system.
rocqua
6 days ago
identification is different from authentication. But authentication at least as a backstop, can generally be decently outsourced to government.
Not so much in the US though. They have no national registry of what citizens actually exist.
throwaway237289
6 days ago
[flagged]
crooked-v
6 days ago
Unfortunately, "they just don't get access anymore" is the usual pattern with major email providers like Google, as many people who have had a phone lost or stolen and then been locked out of their accounts forever can attest to.
ReptileMan
6 days ago
>Phone numbers are more common and durable, but the security of phone numbers is leagues below that of a flagship provider email account.
With the - "we banned your account for no reason, and you have no way to appeal and we don't even tell you why we banned you" flagship provider email account caveat.
hgomersall
6 days ago
It's an interesting design problem to have panel of peers attest an individual's identity. It could be made fairly seamless if there was a common system in which a suitably distributed authentication secret could be recombined under instruction from the relevant party. Can it be made to work for normal humans? I daresay we have the ingenuity to design something...
jlund-molfese
6 days ago
Apple’s Recovery Contacts are a similar idea. The main difference is that just one can help you recover your account, but it doesn’t seem too hard from a UX perspective to make 3/5 recovery contacts required to unlock an account.
kfrzcode
6 days ago
The Decentralized Recovery (DeRec) Alliance has recently launched to solve this very problem. Dr. Leemon Baird gave a talk last year on how this works at a higher level [0]. The alliance is comprised of members from the Algorand, Hedera, Ripple crypto communities but the application of proper DeRec would be certainly applicable anywhere you have any type of secret; in fact I believe you can be a DeRec 'helper' right now. There's a robust primer on the protocol published as well [1], here's a pull-quote:
> Decentralized recovery is a method of safeguarding a user's secret by distributing shares of that secret among multiple helpers, who store their individual share on their local device in order to help the user recover that secret in future. The shares are constructed under a threshold secret-sharing scheme (e.g. Shamir's secret sharing scheme), with a chosen threshold (defaults to half) -- at least three helpers must be present in order to use the protocol. Should the user lose access to their device, they can recover their secret data by retrieving the previously-distributed shares from at least half of their helpers. For successful recovery, the user only needs to recall the identities of half of their helpers and authenticate with them in-person.
[0]: https://www.youtube.com/watch?v=AcF4abPoveM
[1]: https://github.com/derecalliance/protocol/blob/main/protocol...
simonw
6 days ago
Some day someone is going to produce a fantastic heist movie about breaking this kind of scheme - five different characters, each of which need to be scammed in different ways to obtain their piece of a shared secret.
Sadly it's quite possible this will be a dramatized version of a real-world event. We've already seen quite a few messed up crimes to steal keys to steal crypto. Secret sharing just means you need to kidnap a few extra people.
kfrzcode
6 days ago
But in fact, in order to kidnap these people you'd also need to know these people, and know they are assigned to be part of the derec network. With DeRec all the helpers don't need to know about each other at all. And you may not know how many helpers a given helper has behind them. It's actually much much more difficult to do the heist-and-interrogate-with-a-pipe-wrench approach if you don't know who to beat up, nor how many of them need to authenticate.
Edit: OT but while I have a glimpse of your attention, kudos in order!! I love datasette and basically everything you write is highly useful to me!
hgomersall
6 days ago
I came up with a similar general approach about 10 years ago, but lacked the time or inclination (and probably knowledge, frankly) so I'm very pleased this is being pursued.
kccqzy
5 days ago
Of course it works. I was aware of such mechanisms appearing in the Chinese social media app WeChat years ago. In fact I would say it's a great fit for any kind of social media app that involves interacting with peers.
However the utility is probably nil if there're no social features to begin with.
efitz
6 days ago
We could also leverage trusted third parties for this purpose, for example, banks or DMV or Walmart.
However, there needs to be a fiduciary interest by the third-party (eg liability for identity theft, etc) in order to incentivize them to avoid fraud. It is not clear that there would be enough profit involved to offset the liability.
unilynx
6 days ago
except that those instructions will be handed out by phishers
EVa5I7bHFq9mnYK
4 days ago
Everything is vulnerable. Lost my email when email provider (openmailbox.org) closed, with no chance of recovery. And with it lost a 28-years old domain.
People have lost Gmail accounts over some YouTube comment.
Lost my phone couple of times and was able to restore authy from backup ok.
gerdesj
6 days ago
Auth apps are crap - each one pretends to be unique and authoritative.
TOTP secrets are a string, not just a QR code that can only be seen once and never again - the QR code merely encodes that string! That string can be used in multiple places to generate codes. KeepassXC can do it and that can be shared. I've seen loads of organisations and sites with an elderly mobile phone that has the TOTP auth app on it. Normally MS Authenticator.
To add insult to injury, MS Auth can only have one account per email address (id@realm/whatever you want to call it).
PrivacyIdea can do email based TOTP with a PIN. That works well but does involve a two stage login with an email delivery in the middle.
I totally agree with you: the only useful delivery mechanism available is email. PGP was a nice idea and authenticator apps need to have their owner's heads bashed together to get proper interoperability sorted out. Trying to silo people in your "cloud" without interoperability with others is so sad and needy. If you don't have absolute confidence in your offering then you are shit!
boneitis
6 days ago
A little off-topic from the matter of adoption and usability by the greater masses, but I personally prefer these RFC 6238 TOTPs that I have the choice to take into my own hands, as opposed to internet-required, server-side based like my banking app and Okta.
I have a copy of all my TOTP generators (minus my dev Okta account) in a common authenticator app and an offline copy stored in an offline password manager, further replicated with an encrypted backup service.
I was able to create my offline copy in the first place thanks to a rooted phone to export what I already had up to that point out of the authenticator app.
Of course, the discussion starts to morph when we bring in the "un-phishable" software passkeys.
firesteelrain
6 days ago
I thought the Authenticator apps were great until I upgraded my iPhone and the apps lost all of my Authenticator setups. Good thing it wasn’t super critical.
unethical_ban
5 days ago
I agree, for personal use cases, RFC standard TOTP that can be backed up and managed by the user is the ideal balance of security and availability.
Enterprise TOTP apps like Okta and MS Authenticator have some enhancements. Push notifications are convenient when you have to access things many times a day. More importantly, push notifications with a number-matching confirmation reduces the chance of TOTP poaching, since the user themselves are interacting with the service requiring auth.
In enterprise environments, there should be a restore process for a lost phone or authenticator. Some kind of backup code with voice/manager approval, or coming into a physical office to reset credentials. This isn't available for regular people/regular retail services except maybe banks, but banks can't even do regular TOTP correctly.
tzs
6 days ago
> To add insult to injury, MS Auth can only have one account per email address (id@realm/whatever you want to call it)
When this was discussed [1] on HN a few weeks ago, I don't recall anyone reporting reproducing it. Several people, including me, reported having many accounts in MS Authenticator that have the same email address with no problem.
The otpauth URI that is encoded in a TOTP QR code looks like this:
otpauth://totp/LABEL?parameter_list
The LABEL is supposed to serve as a unique identifier for the account. It has the format "Issuer:Account". The "Account" part is required. The "Issuer" is optional (and the ":" omitted if the issuer is not present).
The parameter list is an & separated list of name=value pairs. It includes the "secret" parameter which gives the TOTP secret. An optional parameter is "issuer", which should match the "issuer" part of the label if that is present.
It sounds like what is happening is that there are some sites who do not include the "issuer" part the the label, and they let the user use a user provided email address as the account name.
If a given user uses two such sites and provides the same email address to both, then there will be a collision. If they also do not include an issuer parameter an authenticator app has no way to know just from the data in the codes that they are from different sites.
jerf
6 days ago
I'm increasingly coming around to the idea that in reality, there's only one factor, at least as far as the Internet is concerned: Something you know. There's different ways of knowing it and various difficulties involved in knowing it, but "something you are" is only every a fancy way of presenting something you know (because if you know it, you can generally forge it with reasonable effort) and "something you have", over the Internet, is just "something you know but is pretty difficult to directly extract".
TOTP was what really kicked me into thinking this way. They tried to make it "something you have". They tried to lock it behind apps and pretended really hard that it wasn't just a particular shared secret... but it is. It's just something you know.
The rule is, if it could be stuck in your password manager, it's a thing you know. That includes even things like Yubikeys, which are things that can be cloned and stuck in a password manager. They're just really, really hard to clone, and that's a valid step up from "a password". I'm not saying that the differences between all these "things you know" are irrelevant; they matter a lot. Having a password + a TOTP is a legitimate step up from having just either one alone. I'm just saying that analyzing things in terms of the other two factors isn't particularly relevant.
bscphil
6 days ago
I don't think this is right. If there's a shared secret like a TOTP seed, that's in theory a "something you know", but if I don't know it, then who does? The point of "something you have" is that you own a device that "knows" it for you, and you never even need to see or expose the underlying secret, you just copy a token proving that the device you have knows the secret. I think that does count as an additional factor.
Of course if someone is memorizing the TOTP seed and generating the proof on the fly every time, then there's no shift in factor, but no one is doing that. And if they're saving the password on the same device that stores the TOTP code, then we're back to one factor, but now it's just 2x "something you have" at that point.
jerf
4 days ago
"that's in theory a "something you know", but if I don't know it, then who does"
An attacker. Your knowledge is much less interesting that the knowledge the server has, which is what the attacker can obtain. Grabbing a TOTP key out of a database is not materially different than a password.
TOTP's different characteristics mean it's harder to intercept, but passwords tend to be stolen nowadays moreso than intercepted, if only because you can intercept only one at a time but can steal the entire database.
The different characteristics mean it can add a bit of utility to a normal password, but I think it's less night-and-day than it was presented as.
lxgr
5 days ago
> That includes even things like Yubikeys, which are things that can be cloned and stuck in a password manager. They're just really, really hard to clone, and that's a valid step up from "a password".
That's reductionist way past the point of being a useful model of authentication factors.
By that logic, even biometric factors are "something you know", as you can always (with a lot of effort) physically replicate a fingerprint/retina/genome you have a sufficiently high fidelity recording of.
jerf
4 days ago
"By that logic, even biometric factors are "something you know","
You clearly mean that as a reduction to absurdity, but, yes, I mean exactly that. Pretty much said so.
It is "reductionist" if you insist the only valid framework is "what have have/know/are", and you view what I'm saying as the intersection of what I'm actually saying and that model. I am claiming the have/know/are is reductionist, and to a large degree outright wrong, because it is focusing on the wrong thing. Look at it the way I'm looking at it and the authentication questions become richer and easier to understand.
Unfortunately, it also means that there's more things that are either hard or impossible than the have/know/are methodology promises, because two of the things that methodology promises effectively don't exist. (Unless you are controlling physical access, and willing to spend a lot of money on hardware and human verification of the correct use of the hardware.) But since I believe that is an accurate reflection of reality, blame reality, not the model.
lxgr
3 days ago
I suppose then we have to agree to disagree.
While the "something you x" model has many limitations (and I practically disagree with some regulatory bodies on what does and does not constitute a "true" expression of one of these factors), I don't think that these limitations refute it in the abstract.
kalleboo
6 days ago
The way I see it, the main security benefit of TOTP is it's a very long, high-entropy password that is guaranteed to never be re-used.
marcosdumay
6 days ago
Yes, if you don't control the hardware at the user's end, the only factor you can get is "something you know".
All the things around improving web authentication are just about people not having to memorize that something you know and protecting it against eavesdroppers.
rahimnathwani
6 days ago
If the answer is "they just don't get access anymore" or "a panel of their peers attests to them", your fantasy authentication system also needs a fantasy species of sentient beings to serve as users, because it won't work for humans.
It won't work for 99.99% of services, but it can work if your service is huge. WeChat uses a mechanism like this, and it works well.8organicbits
6 days ago
I'm not familiar, which part of the comment does WeChat implement?
rahimnathwani
6 days ago
A panel of peers.
rakkhi
6 days ago
Maybe we should support logging in with an OTP to email for many more systems than we do currently? Combined with conditional access and MFA its actually not bad.
No password to remember and supports this "pattern"
lxgr
5 days ago
Sure, but please make it optional.
I've seen a couple of enterprise/corporate services switch to the "OTP via email" pattern (usually as mandatory 2FA), and I hate it, because there's no way for me to autofill that email OTP, unlike for e.g. WebAuthN or TOTP.
AlienRobot
5 days ago
This is my gripe with 2 factor authentication: it increases security and as a second factor also increases the risk of you losing your account.
nfw2
6 days ago
Can you expand what you mean when you say the security of phone numbers is leagues below email? If someone can gain access to someone's phone, it seems like they would gain access to their email as well.
efitz
6 days ago
Mobile phones identify themselves to the mobile network through a number called the IMEI. IMEI cloning is not particularly difficult nor does it require exotic equipment. This means that it is relatively easy for an attacker to be able to spoof your phone to a mobile network, for example, to receive SMS messages with one time passwords.
Cloning your IMEI has nothing to do with the data that is on your phone, so if someone clones your IMEI it does not mean that they have access to any of the apps or data that is on your phone.
lxgr
5 days ago
That's completely wrong. The IMEI doesn't play any role in GSM/UMTS/LTE/5G authentication (if it's recorded, that's usually for debugging or tracking purposes).
While there are weaknesses, every mobile phone standard since GSM (not sure about the equivalent for the CDMA world) uses cryptographic authentication, many of which have been subsequently broken, but it's just not true that simple knowledge of a bearer token, transmitted over the air interface, grants you sufficient access to receive somebody else's SMS.
Most practical attacks actually focus on either attacking the core network via SS7 (and making it deliver SMS to the attacker instead of the actual recipient) or on breaking the air interface encryption, which requires you to be physically close to the legitimate recipient while they receive the SMS over the air.
You can change your IMEI to mine right now, and absolutely nothing would happen (other than maybe our phone operator getting mildly confused, if we share one and they're tracking IMEIs for whatever reason).
kjellsbells
6 days ago
IMEI or IMSI? I think it is the subscriber identity that is on the SIM that needs to be cloned, not the hardware identifier of the device (ie its the IMSI that matters, not the IMEI).
SIMs and SIM burners can be purchased trivially on the open market, and cloned without too much difficulty. Although, a social engineering attack on the employee at the cellphone store is a superior method since it automatically gives you a "known good" SIM with the operator's keys, etc.
lxgr
5 days ago
Neither the IMEI nor the IMSI is used for authentication. The IMSI is slightly closer to the truth (while still missing by a mile), but without the per-IMSI authentication key (which is never transmitted over the air interface, whether in plaintext or encrypted), it's useless as well.
nfw2
6 days ago
Thanks for the clarification!
jpalomaki
6 days ago
Phone companied have customer support. This is a weak point, because attacker can use social engineering to gain access to your number.
tptacek
6 days ago
Phone number, not phone.
nfw2
6 days ago
How does an attacker gain access to a phone number without having the phone? Like physically stealing the sim card or something else?
oretoz
6 days ago
As others have mentioned, SIM Swap attacks are very common where the attacker impersonates the victim and convinces the mobile operator to transfer the victim’s phone number (known as MSISDN in telecom parlance) to the attacker’s SIM. If you Google SIM Swap, you will find many instances of it.
From that moment onwards, all the 2nd factor SMS OTP go to the attacker.
There are APIs that are provided by mobile operators via aggregators such as Telesign, Prove, Vonage, Twilio etc. that can be used to check if a SIM Swap has happened recently on that phone number. That API is used by fintech companies and others e.g. when they want to check if a fund transfer is to be allowed or flagged up.
57FkMytWjyFu
6 days ago
Sim swap via pretending to be a clueless customer who lost their physical phone, banking on lax checks at customer service.
Zanfa
6 days ago
The attacker just needs to convince/compromise a single carrier employee to get a new SIM for your number.
fragmede
6 days ago
bribe, coerce, and social engineer a phone company employee into transferring the victims phone number to you, or a technical attack to get the system to send the sms messages to a device you control, without ever touching the victim.
j45
6 days ago
SMS codes for anything are not secure. Convenience over security, maybe.
SMS are as secure as a letter compared to a postcard.
paradox460
6 days ago
And they're rather irritating to boot. TOTP authentication in something like keypass or 1password is very low friction, working automatically in ideal circumstances. Sms based ones are kludgy
j45
6 days ago
Passwords are consent, clicking on a link in an email account that might be open... not always.
Eddieethan
6 days ago
[flagged]