187 replies
23h9m
Email accounts are the highest common denominator in online authentication. Phones are competitive, but people lose phones. Phone numbers are more common and durable, but the security of phone numbers is leagues below that of a flagship provider email account. It makes sense that so many authentication flows work this way.
When designing a "fantasy football" alternate authentication system for the Internet, start with account recovery: what happens when a user loses your fancy authenticator? If the answer is "they just don't get access anymore" or "a panel of their peers attests to them", your fantasy authentication system also needs a fantasy species of sentient beings to serve as users, because it won't work for humans.
This has been my single biggest argument against blockchain/cryptocurrency stuff for years: the "lose your key, lose your wallet" thing is fundamentally incompatible with real users.
Humans need to be able to recover from their mistakes.
I don't know, we carried physical money for millenia. Humans managed that.
Physical money is physically recoverable after lost
No it isn’t. No more than a wallet key.
If I lose $1 note. It’s gone. If I recover it, then it’s no longer lost.
A $1 note being a macro scale physical object enjoys a variety of benefits such as object permanence which provide a baseline level of recoverability. Whereas a wallet key l, being a number, enjoys no such protections.
Of course you may choose to encode your wallet key on paper, metal, or stone granting it properties not unlike a note. However you have now compromised the security of your wallet as well it becomes no mere $1 note, rather it is a note that represents all or a significant fraction of your net worth.
You can encode your bitcoin in wallets of predetermined size, spreading your risk.
But you’re reinventing money with extra steps.
But you gain some desirable properties over traditional money.
Without crypto, you don't have frictionless and permissionless transfers of arbitrary value across international borders.
There's no fundamental property of the monetary system that prevents transfers of arbitrary value across international borders. There's just a large number of financial regulators, border guards, etc. who will throw you in jail if you carry a big block of gold across the border or accept a large wire transfer without filling out the necessary forms. In many countries, the laws governing those forms don't yet apply to cryptocurrencies, but I'm skeptical it will remain that way forever.
For the system yes, a dropped coin eventually reenters the market and a burned bill can be reprinted again. Can't say the same about a crypto wallet. For an individual though, in both cases, a lost wallet is a lost wallet.
While an interesting difference to study, the average person is not going to care about the former case. They just don't want to keep their life savings in an asset as easy to loose as their pocket money.
If you drop your wallet in a bar, there's a chance you can recover it by returning to the bar and searching for it, by the bartender or a patron returning it to you based on the address or a number in your wallet, etc. Physical money really is not the same, even for the individual.
Money occupies physical space, so for most of history there was a pretty low cap on how much you could bring with you at once, which placed a cap on how much a single mistake could cost you.
That cap has always and still does exceed the median worth.
Bring to where ? Are you mapping the crypto wallet concept to the physical wallet concept as a mobile storage concept ?
All your money is the limit, however you store it.
Currency was traditionally made of precious metals which often gave them a rather high starting point of value. It also made them inflation resistant meaning the real value only grew over time. For instance in the Roman Empire an aureus [1] was worth 25 denarii (prior to inflation) and was about 2cm in size, so roughly the same size as a dime, made of pure gold. And a denarius was worth about a day's wages. So you could comfortably hold decades of wages in a small coin purse. And as inflation ravaged the Empire a single aureus gradually came to be worth thousands of denarii.
[1] - https://en.wikipedia.org/wiki/Aureus
This is what transit payment cards in Japan at least do, you can tap to pay most places but there’s a cap of 20k yen you can add to your card, so there’s a cap to how much you can lose.
you didnt need to bring a case of cash to buy anything before the 20th century
You didn't lose your entire savings if you lost your wallet, usually.
Perhaps micro wallets should be a thing where your wealth is distributed across many keys mitigating some loss.
At which point I gained the problem of having to keep track of all of my microwallets securely, hopefully in a way that survives my phone being lost, a house fire, or my untimely death, leaving the wealth to inheritors. All while, at the same time, not ending up behind a single key that has access to all the information to those micro wallets.
Quickly you end up in a situation that either starts to look like how financial companies keep their most high risk keys, or end up outsourcing the whole thing to something that quickly starts to resemble your bank.
So ultimately it's just like cash: Fine for small amounts. Risky, but maybe livable for somewhat larger accounts, or a giant headache that will probably bite you when you start looking at lifetime savings.
If I’m having trouble juggling a single ball, why would it help to add more balls into the mix?
Banks have been a thing almost as long as money.
And the notion of credit has been a thing even longer than both money and banks. You don't need to carry money around for every little transaction if people know you're good for it someday in the the future.
Yeah and it sucked which is why we invented better solutions.
What most bitcoin fans seem not to understand is that for the vast majority of people, transactions being reversible by authority figures is desirable.
Yeah, but if I lose the physical 100$ I am carrying, that doesn't prevent me from accessing the rest of my cash stored elsewhere.
I've never lost access to the rest of my cash stored elsewhere.
Yes, by evolving banks to solve some of the problems of lugging around lots of cash and/or stuffing it in a trunk in your house. And assuming you are known at your bank and/or can (eventually) prove your identity there, you don't have the same "lost wallet" problem being discussed here.
Yes and people quickly realized that there is an amount they don’t want to carry around. No one carries their life savings and few would even keep it in a safe in their house.
You're allowed to store your key at the bank if this is an issue for you. It's less secure than memorizing it, but obviously equally as secure as your bank account is.
It is not equally secure, if bank loses you money you have recourse, if bank loses your key (a fire, a flood) it's gone.
You can store it in two or N places. Or bank can do this for you.
More places is more opportunities for the baddies to get it.
Shamir it.
I don't understand why this was downvoted. In case it's not clear: (S)he's saying to split the key into multiple shares that can be used to reconstruct the key if you have a large enough quorum. Then store each share in a different place. As long as you don't lose too many of the shares, you'll be fine. And one baddie is NOT enough to get the key.
Either shuffling those keys stored in N different deposit boxes is overly complicated for a normal person, or it is not overly complicated for a moderately dedicated baddie either
Unless the "baddie" in this case is the government, why would it be easy for anyone to obtain access to multiple secrets stored in multiple boxes/banks?
Multisig is a pretty common setup for crypto and there is software that makes it easier.
please wrap the whole thing as a trustworthy product
"Mom, I already told you: you have to generate a key pair, split the private key into three parts using Shamir' secret sharing algorithm, then give each part to three banks. Whenever you want to use it, you have to go collect it from each of those banks---but DON'T write it down anywhere---and perform your transaction"
And to think the conversation started with an observation that people can't even remember one password.
I stay away from everything crypto but I don't see the difference. In both cases if they didn't make it right you'd go to the courts and make your case that they are at fault and owe you compensation.
In the first case, bank deposits are insured. In the second case, safe deposit boxes are not insured.
They're just different things. The FDIC insurance is for if the bank itself goes insolvent and they literally don't have enough money to cover their depositors' balances anymore. There's no reason a safe deposit box would be affected.
A fire, a flood, a robbery...
Is a bank deposit box not insured against those things? I've never really thought about it but always assumed they would be
Yes, they are different things. A safe deposit box wouldn't be affected by the banks insolvency.
A safe deposit box may be affected by other things and if those things happen they don't have to "make it right", if you go to the courts and make your case you may find that they are not at fault and you are not owed any compensation.
The history of crypto says, "Good luck!"
There is a long history here of once trusted institutions turning out to be fraudulent.
I might be mistaken, but are not several "traditional" banks offering crypto wallets for customers? Is there a realistic chance this kind of bank is going to steal their customers' crypto and going (at least, next to criminal investigations) bankrupt over it?
Sure, they could. Would that be any different from how a bank could steal funds from a traditional deposit account?
By making a bank the custodian of your crypto wallet, you're placing your trust in them and should have similar legal recourse you would have had with a fiat deposit.
I am not sure if you are objecting. Definitely you need to trust your bank if you are going store your crypto with them. I just do not see any large traditional bank stealing their customers' crypto and hoping to get away with it.
As far as I know all the cases of stolen crypto have been newly founded companies with their only business being your crypto. That is quite unlike the other kind of bank.
Maybe instead of a crypto brokerage holding your wallet, there can be a "key bank" which uses those more expensive methods of attestation and you can use it for recovery if you lose your key up to once per year or something. It would be like having your key written down in a safety deposit box at a local or regional bank.
This is the same problem that you run into with secret zero and commonly discussed in context of HashiCorp Vault. At some point you need to store the unlock keys then you need another repository under RBAC to protect that repository. They say to print out the keys and store them offline on paper but how many own a Class 5 safe ?
How many own a lot of books? Just... pick one.
Not following? Do you know what I meant by a Class 5 safe?
https://www.norfolksafe.com/
I don't. And frankly I don't think a safe is a good place to store secrets. It is too conspicuous.
These safes are certified for all kinds of sensitive (GSA recommends them for Classified use from what I have read) use and they are safe.
Ideally, you connect Vault to a HSM if you need that kind of security that’s being described. HSMs are electronic safes
The website says "10 minutes against forced entry". That's not safe.
No safe is safe against a state level actor. No safe is safe against "hit you with a crowbar until you open the safe".
Whatever secrets you have, it's better to hide them than to put them in such a conspicuous place. The only reason one should use a safe is as a plausible decoy...
This isn’t the safe to rule all safes. You have other mitigating factors like access control.
If you have state level actors physically breaking into your facilities then we might be at war
If you have enough books (which doesn't even have to be that many), it's much better to store your secrets in one or more of the books.
Collaborative custody multisig providers have been in business for years. Recently even Block (CashApp etc) has introduced a product with this feature.
By geographically distributing your signing devices you improve both security and reliability. One of those keys can be hosted by a third party to be used for recovery, without providing them any ability to touch your funds without your involvement.
Maybe the key bank could hold your digital money as well. Then we wouldn’t need a blockchain and your transactions could be instant, free, private and reversible.
This would make currency fundamentally incompatible with real users. Reality says otherwise.
Currency in the real world has many, many backups. For example, if I forgot the PIN number to a very old bank account that I later find a long lost relative recently put hundreds of thousands of dollars into when they passed away, I have other avenues to recover access. They might be annoying or require work (getting an affidavit, multiple forms of ID, etc) but it's not irrevocable in the way that a strict definition of bitcoin is.
A bank account is not currency. Cash is. You can still put cryptocurrency in a bank if you so choose.
It's a lot harder for the average person to lose 1 million dollars in cash than in Bitcoin because humans naturally understand the exchange of physical objects.
If I have a duffel bag of money, it is obvious that physical possession of the bills means I can access its value. Anything negating that possession would cost me my money. I should probably keep it away from open flames and water; but it's not going to spontaneously combust. A thief would need to physically take the money in the duffel bag for me to lose the value.
Meanwhile if I store Bitcoin on a USB drive the drive might randomly fail and I lose all my money (because I'm actually storing a key to access it) even though I still have the USB stick. The solution is to back up my key in multiple places simultaneously, which doesn't make sense to most people (how can money be in two places at once?)
If I plug the USB stick into the wrong computer, someone can steal all my money (because they can find out what the key is) without me ever losing the USB stick.
Virtually every human on Earth understands the notions of object permanence and that objects can be exchanged for other objects. This is intuitive from evolution and actual monkeys can comprehend physical currency.[1] I don't see how cryptocurrency can be on that level.
[1]. https://www.zmescience.com/research/how-scientists-tught-mon...
The concept that this file is the password to the money isn't too complicated. The money isn't in two places at once, the file's the password to it.
Except reality isn't so ... digital.
In reality I've found a lost wallet and helped return it to its owner. At least twice, actually. Both times because there was an identifying name in the wallet.
Then there's the time as a kid when we found $60 on the floor at a department store, and turned it over to lost&found. I remember it because the store had a policy that if cash hadn't been claimed for a month, then the person who turned it in got it. Which we did.
If you accidentally burn cash you cannot recover it. The paper in your hand isn't replicated in another place.
Humans have been unable to recover from mistakes since day zero
That is a funny example to use because the US Government has a service specifically designed to help you in that situation: https://www.bep.gov/services/mutilated-currency-redemption
Yes obviously if your money is completely burned then it's gone, but that is generally pretty unlikely to happen. Losing your digital key is many orders of magnitude more likely to happen in my opinion. And there is - by design - absolutely no way to get it back. That makes using blockchain for anything serious completely untenable in my opinion.
It doesn't need to be completely burned to be gone:
"No redemption will be made when (...) Fragments and remnants presented which represent 50% or less of a note are identifiable as United States currency but the method of destruction and supporting evidence do not satisfy the Treasury that the missing portion has been totally destroyed"
Not that unlikely, in my opinion.
Which is (one reason) why most people use a bank account and don't hide their money in big bundle of cash under their pillow?
Accidentally burning money is a very low probably event. Forgetting passwords or any type of memorized secret is the most likely default outcome, and chance only increases with time passing.
For at least 12,000 years, humans have been getting very good at holding on to physical things.
Digital things, not so much. I'm a professional in the field, yet I've lost digital data in the past few years. Normal users who work in other fields? Lost cause.
I've heard that a lot about cryptocurrency, but aren't there plenty of cryptocurrency users who have never lost their wallet and have good personal opsec?
Maybe the issue is trying to force one solution for everyone.
The issue in not trying to force one solution for everyone becomes a blocker when you intend on making some technology useful and essential to everyone, hence, no one seriously gives a damn about crypto anymore.
Even Bitcoin core developers, which should be well above average in understanding crypto and good opsec, have had their Bitcoin stolen.
The claim that most humans are prone to losing keys isn't negated by the existence of some humans that have (so far) been able to keep their keys.
Maybe it's my memory playing tricks, or I've only seen the good articles, but I believe nearly every single article about setting up a self-managed crypto wallet had stressed out the importance of having a backup. Serious ones had even explained the 3-2-1 rule. Then the hype came, with it came scams and pumps-and-dumps and NFTs and whatever, and crypto became a clusterfuck that a lot of people didn't want to touch. Yuck.
That's probably the one thing cryptocurrency communities undeniably got right. Quite unlike the Passkeys, where I've yet to see any official or semi-official demo site that even has a flow for adding a second token (some actual sites do, but not the demos).
We should start teaching basic backup strategies in schools. It's not some advanced rocket science, and it's a knowledge that's useful to anyone who deals with information (that is, literally anyone participating in the modern society).
Also, this user unfriendliness is extremely temporary, because computers and Internet are new (at the scale of societies), and there are plenty of folks who had only started to use them later in their lives. After you lose some file or account (ideally, as a kid, so it's not something serious) you start to understand the old adage about those whose do backups and those who don't do them _yet_.
And yet, for the very longest time, it was the default position for humans.
Government provided digital IDs would solve a lot of this. Yes, they may have their own problems, but outsourcing the action of identifying individuals to the government seems valuable and less prone to "lock outs" like Google and friends.
I think I've said it before, but I want USPS-provided email. To set one up you'd go to a post office, verify your identity in some way, and set up an email. If you forget your password and want to recover it, you'd have to go back into a post office and verify your identity again.
To get a RealID drivers license in the US, which will be required to board a plane soon, requires all of the above and more.
It’s a government in-person KYC.
The irony with that is that if someone undocumented wanted to leave the country, this requirement could potentially hinder that.
I also don't really want to have to carry my green card around everywhere. Just one more thing that can be lost.
How would it?
To travel internationally, a passport is required (not drivers licenses).
I might have been being more simplistic than I needed to be, because there are other travel methods, but I was more meaning, "Not everyone lives next door to an international hub" (so might need a connecting domestic flight).
Not 100% required, even for adults.
Those without acceptable identification may complete an identity verification process and face additional screening. https://www.tsa.gov/travel/security-screening/identification
Everyone should experience this at least once - it’s eye opening.
I did it involuntarily because I forgot my wallet once, and decided “well, I’ll either get through and in my way, or I’m too late to drive home anyway and will miss” - and it worked fine.
Even crossed back into the USA without my passport a few times. Just additional screening and bitching is all (at least if you’re a US citizen; membership in the Empire has its perks!).
Assuming that this time the deadline doesn't get pushed back at the last minute again like has kept happening so far.
RealID requirement for domestic flights (still) isn't happening, just like it hasn't happened since it was first announced for requirement in 2008.
Passport will also work
Germany has PostIdent: you are issued a code, take it to the closest post office, hand them the code (originally this involved printouts) and your ID card and they scan your ID card and enter it into their system where the issuer of the code can then request that info to verify your identity.
This has largely been replaced by videochat for ID card verification where some underpaid person walks you through holding your ID card in front of your smartphone cameras to verify that it's real, not CG, not tampered with and matches your claimed identity.
The critical aspect here is that you don't have to hand your ID card (or a picture of it) to the company that wants to know your identity. The post office or the videochat provider serves as a trusted source of truth.
Or you hold our ID card to your phone and do it on the spot.
https://www.deutschepost.de/en/p/postident/geschaeftskunden/...
https://en.wikipedia.org/wiki/De-Mail also was an attempt
Initially when I moved to Germany I thought it was a bit of a hassle to have to go to the post office for PostIdent; now I actually miss the elegance and privacy of that system in other countries.
The french postal services does that and includes a digital wallet and cloud repository.for instance, my paycheck certificates are delivered on this wallet.
Besides, the french administration is providing its own global scheme for online authentication.
Right now it works for all public services, but it is also open to all willing businesses.
It makes it also very easy to control tightly what kind of information is distributed to various services and businesses.
What are the names of these services, to see how they work, their recovery process and abuse prevention?
https://www.laPoste.fr/digiposte (digital safe) & https://laPoste.net/accueil (e-mail); offered by the postal services.
https://FranceConnect.gouv.fr/ is the online auth provided by the administration.
No, thank you. I don't want anybody with a fake ID of me to be able to take control of my email. I want to use my password, I want it strongly encrypted at rest, and I want to be able to reset it remotely any time of day, without waiting for the USPS office to open.
Is a fake ID going to fly at the post office, where they can scan them? Also, I was imagining they'd want more than just an ID.
edit: Also also, they have to go into a physical post office and be observed trying to steal your account. Given how it's quite possible to steal accounts via social engineering, this seems like an improvement in security, not a reduction.
I don't want a government entity, or really any entity I'm not paying directly for their services, to be the gatekeeper between me and my accounts.
The social engineering attack surface of my account currently consists of a handful of support contacts at my ISP, who have been trained to deal with computer security. If you allow any USPS employee to access your account, you've suddenly increased the potential attack surface by several orders of magnitude.
Now you lock out the rest of the world until they can implement this and federate identities between countries.
That's not a problem. Many systems and services have launched geolocked to certain countries before later expanding (Google Voice, for one).
I don't want a semi-gov't authorized service like this. Because its existence means services would want to mandate it (even if they don't truly need it), and force users to identify themselves directly - may be even across services (by matching their email address, which now must be unique as it is identity-linked).
I personally sign up to all online services with a different email each. I would like to be sure that my identity is hidden behind an alias for all services, so that they cannot be linked together. And if i want multiple accounts (for better or worse), i should be able to achieve that end.
Australia is working on zero knowledge proof. The end service only knows that you are legit/of age/etc (only what it needs) because gov service confirmed it, but does not know who you are
That takes mail spamming to the next level. (I'll show myself out...)
Yes!
Stuff like national ID, banks, ISP, job search websites, doctor appointments, etc, require[1] having an email address, and it feels wrong using gmail and similar providers for these use cases that are already tied to you having a physical presence in that location anyway.
Could be provided by any local company, really, but postal services are not going to disappear anytime soon and they already have a second way of getting in contact with you if there's any issue (registered mail[2]).
Debit cards are already delivered through postal mail anyway, and there's not many things that are more sensitive than that.
[1]: Well, maybe doctor appointments don't require and only strongly encourage, but that doesn't affect the point too much.
[2]: https://en.wikipedia.org/wiki/Registered_mail
I’m not sure I trust USPS to get all of the ins/outs of email spam/security/ux right. Google has spent a lot of resources to get Gmail to where it is today, starting from scratch (or OSS) seems like a big ask.
Maybe we just ask for an open authentication system instead? Leave the email part to someone else… and maybe the open authentication can plug a crypto app/email/phone backend for recovery once it is setup. Heck, given that’s it’s the USPS, they will probably offer a snail-mail recovery option (for better or worse.)
I haven't heard a compelling argument that anything needs to be fixed with email-based auth patterns. It is imperfect but not bad, and every proposed alternative seems to be worse.
The article seems to lean into security and usability concerns.
On the security front: the weak-point is still the human. If you hand over your credentials to someone nefarious, well.. you handed over your credentials to someone nefarious.
Usability isn't convincing me either. One of the great things about email is that it really is the lowest-common denominator, as another commenter mentioned above. (Almost) everyone, from kids to the most tech-inept luddite have some sort of email.
One flaw is I'm pretty sure a lot gmail account is lost forever. Contacting Google to retrieve access would not go well. Related is that if you try to self host email your messages are unlikely to reach anyone.
Self-hosting outbound email is hard.
Self-hosting inbound email is trivial. Anybody will send email to any random domain, they're just not willing to accept it from random sources.
And the latter is what is relevant for password recovery.
I self-host inbound but use established servers for outbound through my ISP and have had no trouble with that setup for a while. Forwarding to people through my domain has gotten a bit more challenging lately but I've got it working well enough to satisfy gmail so far. (The advantage with forwarding is you only have to convince one server to accept it, not everyone in the world, and there's some crypto stuff involved now that involves trusting some keys, not just a domain or IP, which also helps a lot.)
In terms of authentication, this is not entirely true. It's less common these days, but I used to have a lot of trouble with sites rejecting my attempts to create accounts with e-mail addresses from my disposable-e-mail-generator of choice.
Just yesterday I tried to register for a service using one of my own domain names with self hosted email. The confirmation mail arrived, but as soon as I clickes the link I was told that my email address wasn't allowed.....
Not sure what kind of crap some folks are smoking, really.
Well, I suspect those are more specifically blacklisted.
That is simply not true. I have self-hosted email service and starting about 1.5 yr ago some big email services don't deliver emails to my server anymore. And there are many similar cases reported...
So one can say that even if an independent email service is willing to accept email traffic from any sender it does not guarantee that customers of all other services can have delivered their emails to addresses at the service.
That seems a great compromise. I hadn't registered the distinction in direction. Even without organising the forwarding part there are plenty of organisations that email me password resets that I don't need to send email out to.
I'm not saying there aren't flaws, I'm saying none of them happen at a rate significant enough to be worth switching to another system (with an entirely new set of flaws).
Oh man, that sounds like a terrible idea privacy wise. Every website would make use of it to track it's user.
The german gov ids actually have a way to issue pseudonymous tokens where websites can only see that you are the same person as last time. You can't make 2 accounts on the same site if sich things are unwanted. You can't link accounts across providers.
How it works under the hood? No specific idea. I wonder if its sound.
The problem is the government can then definitively associate all your accounts with your real identity
How does the government know which token a ID card generated? The ID card itself generates (for each service a different one) and encrypts it. Not even the card reader can read it. It is a encrypted channel between the card and the ID-server for the site/service. The pseudonym function does not identify a person but a card.
If it identifies the card and the govt can identify you by your card then isn't it by definition identifying the person?
The government doesn't know which card a token from a "pseudonym function" belongs to. The government can identify a person when the ID function was used, of course.
Again, it is a random token the card generates internally for each service. It is non transferable! If you get a new ID card, you can't use it login to whatever you used your old card for. (You would need something else... say an email :-) to tie the knot back to the old identity or whatever.) Which makes this function, the pseudonym function, very bad for random accounts (Edit: meaning longer lasting online identities like forums or whatever). I guess eaglemfo didn't knew.
It's more for like "yes, yes, I'm an adult, now give me this pr0n movie which I pay for with my anonym prepaid card" kind of deals.
I read this as tongue-in-cheek at first (since most web sites do their darnedest to track their users, and having a log-on kind of requires this anyway).
A centralized authentication system like this wouldn't need to be a single consistent UUID per person which was then passed around. Presumably you'd have a central login to authenticate you to the system, and then the system could create separate 'id' tokens per web site or whatever that the user logs in to.
I think it makes sense as the master recovery account. Then you use a secondary account for everything else.
How about a bank-provided digital id that you get when opening an account by walking into a physical bank location and providing your photo ID? It would tick the "less prone to lock out" problem without placing even more power in government hands.
We have this in Belgium and it’s really not that good. It created a pattern of companies relying on people having an account at certain banks; which when you’re either immigrant or unbanked is unlikely and shuts you out of certain businesses.
It’s been phased out for the government provided login system which is much better but not exactly simple for laypeople to set up. On top of this, integrating with it requires an extensive certification process, it’s not just an open API.
Banking credentials are used a lot in Finland to sign into other services. This means you get phishing emails saying "your medical test results are available" or "you're getting a tax return" where the actual goal is to get into your bank account.
Bank provided causes problems with people who don't have bank accounts. Here in Sweden most people use bank-provided electronic ID called "BankID".
Quoting "Foreign citizens in Sweden blocked from BankID after several banks roll out new rules" https://www.thelocal.se/20220117/foreign-citizens-in-sweden-...
BankID causes problems because it isn't designed for the interests of the whole population. For example, it requires proprietary software which only runs on Microsoft Windows, macOS, iOS, or Android, with hardware verification and Google services.
This makes it unacceptable to free software advocates, and to privacy advocates, and to national data sovereignty advocates .. the total population of which is so small as to not affect the banks' commercial interests.
One thing I learned recently is how the US can, with its control over the SWIFT banking network, tell banks in other countries to shut down the account for a local citizen who the US has designated a terrorist. At least that's what I gather from the news I read after two leaders of the biggest neo-nazi group here in Sweden were designated as terrorists by the US.
If the goal is to keep power out of government hands, don't look to highly-regulated banks which are subject to the whims of multiple governments.
It exists for US citizens at least: login.gov (https://developers.login.gov/oidc/getting-started/)
It has it's pros and cons, maybe more pros if you factor in that the biggest issue isn't authentication really, it's the fact that all of these private companies accrue everyone's sensitive info, which can be abused by any actor, private or public. If data were kept on the client side, and synced to other machines through P2P like WebRTC, then maybe this wouldn't be such a big deal.
Unfortunately login.gov is only available for use by companies doing business with the US government.
Also login.gov isn't a government issued digital ID. It's just a centralised authentication platform for government use, much like using google or apple for authentication.
It supports the usual options for multifactor (TOTP, text, yubikey/other hardware auth/PIV cards) but for most users it probably ends up being SMS. At best TOTP.
It certainly is an alternative we can at least think about.
On one hand, the certs you'd use to login to websites wouldn't even need to include any personal info at all, just a valid signature from a CA that the website knows how to verify. And the certificate wouldn't need to be the same for every website, it could be one you generate for a specific website.
On the other hand, a lot of thought would need to be put into how expiration/renewal and revocation would play into this.
Of course there should be an evaluation of the ways this could go wrong if someone from the gov misuses this CA, and how that compares to someone from your current email provider misusing their permissions.
But if nothing else, something I really want is to just be able to have an email address like `random_id@my_country.my_country_tld`, to at least have an email address where I don't have to worry about being locked out, so that I can give freely to ISP, bank, grocery delivery websites, other local companies, etc. Most of this stuff I wouldn't even mind receiving as postal mail anyway. And if shit hits the fan, I can recover access to this email account by walking to an office and identifying myself.
Having only a single such address also means you can be blacklisted forever, in addition to being tracked across services.
What I had in mind was more like randomly generated addresses as needed, all of them linked to your (one) mailbox. Like Apple's "Hide My Email", but without needing a "main"/"canonical" email address because it would be unnecessary anyway (because you would be logging in to your mailbox with your own certificate).
But even if that single-address limitation were the case, the kind of places I would give it to already require knowing my national ID number anyway, so the two particular things you mention are already the status quo.
In other words, stuff that is already tied to having a verifiable citizenship.
My wife works in a city clerk's office. They provide (among other things) vital records services for the city. Like getting birth certificates.
To get a birth certificate, you must provide government photo ID with a name matching that of one of the names on the certificate you're trying to get. So you can get your own, or your child's, but not some random other person's.
Lots of people were born before RealID driver's licenses. Some of them went by names other than the names on their birth certificates, and thus are unable to get new copies of their birth certificates using the government-issued photo ID they currently have. E.g. I've got a grandfather who went by Sam his entire life but was apparently named Harold. His driver's license had Sam as his first name. If he had lost his birth certificate, he would not have been able to obtain a new copy legally using that driver's license! This still happens to people. Also sometimes house fires or similar disasters happen, and people lack the ID needed to get new government-issued ID.
These things can be solved too, but in a more complicated process. Typically some lawyers and a judge need to get involved, get some people to testify that you are this same person, and you will be issued new ID.
How did he get a driver's licence with the name "Sam"? Don't you need some form of judicial process to change your name on this kind of thing?
ID.me kinda already does this. They integrate with IRS, SSA and bunch of local government stuff
Login.gov is the US Government’s homegrown solution, which also does it. It’s not one account <-> one citizen though, which you’d probably want in a real government id system.
Clear in the US can do that: https://www.clearme.com/for-your-business
It's not exactly a government service, but Clear is trusted by the government enough to allow their customers to bypass the airport screenings.
Screw Clear and screw the US government for allowing more privatization of public infrastructure.
A lot of what? It seems like the worst of all worlds, given that ID would not only unlock some highly sensitive things, but also be difficult to change and tremendously revealing.
Nah the government could just give a website a unique id per real user per website, without revealing who the user is. Merely verifying that they are the same person as last time.
identification is different from authentication. But authentication at least as a backstop, can generally be decently outsourced to government.
Not so much in the US though. They have no national registry of what citizens actually exist.
Yes. I would very much like to tie certain accounts to my government issued digital identity and allow that as the only recovery method.
Estonia has this: <https://e-estonia.com/solutions/estonian-e-identity/id-card/>
Finland tried to copy it, but the Finnish card (while based on the same technology) is used very little. Finnish banks already had their own OTP solutions, which they started offering for authentication on other web sites, so no-one wanted an extra authenticator on top of that. This of course means that you get phishing emails pretending to be from all sorts of government services, where the goal is to get your banking credentials and take your money.
Since then, mobile phone operators added their own authentication system based on credentials residing on your SIM card <https://mobiilivarmenne.fi/en/>. You prove your identity when getting a mobile phone contract and can then use that to log into many sites.
I'm not so sure how many ppl would leave a key to their house, or a pin to their bank account with the government. Or a bank.
Identity is relatively solved, there are just lots of sacrifices made in security in the name of convenience.
Fingerprints as consent to login, Facial recognition as consent to login... seems more like a username, than a password, or a username+password.
Wasn't there a recent sidechannel attack on Infineon cryptography chips? The EU passports likely use the Infineon chips.
It does solve a lot of this. Some have gov’t issued IDs, others have a hybrid public/private system where banks issue the ids. But yes, a de facto standard electronic ID is almost unthinkable to not have. How else do you interact with authorities or healthcare? I used e-ID since long before smartphones, I can barely picture what it would be like to log in to handle taxes, benefits medicine recipes or doctors appointments if it worked any other way.
Over here in EU, we have something like it - you get an ID card that has two PIN codes that you can use with a card reader and some software to digitally sign documents and such: https://www.eparaksts.lv/en/ (of course, there's also a mobile version)
In addition, there now are services where you can log in to your bank account, confirm payments, or just log in to your government portal account with a two factor app, the account on which is based on your identity: https://www.smart-id.com/
So if I make a payment online with my card, I'll have to authenticate through either a code calculator (physical piece of hardware) or the phone app with codes that I've chosen, to confirm it. Same for logging into various sites, for example, for paying my utilities.
Works pretty well and if I lose my ID card, then I can get a new one, issue new certificates for the apps and continue where I left off (with the old ones being revoked). I might need a backup phone too, though, since not being able to confirm my payments if my phone breaks is pretty stupid (though I guess Revolut/PayPal/whatever still work as expected, unless I only have my OTP codes for those on said phone).
Sadly, the US government goes the other way and contracts out verification (to government websites!) to an invasive private company.
Humans understanding the basic concept of public/private keys,
wanting a Yubikey or similar,
and/or being able to use basic tools to make a key,
would also help.
But I'll take the government-led method as a Plan B, if it works.
Can you expand what you mean when you say the security of phone numbers is leagues below email? If someone can gain access to someone's phone, it seems like they would gain access to their email as well.
Phone number, not phone.
How does an attacker gain access to a phone number without having the phone? Like physically stealing the sim card or something else?
As others have mentioned, SIM Swap attacks are very common where the attacker impersonates the victim and convinces the mobile operator to transfer the victim’s phone number (known as MSISDN in telecom parlance) to the attacker’s SIM. If you Google SIM Swap, you will find many instances of it.
From that moment onwards, all the 2nd factor SMS OTP go to the attacker.
There are APIs that are provided by mobile operators via aggregators such as Telesign, Prove, Vonage, Twilio etc. that can be used to check if a SIM Swap has happened recently on that phone number. That API is used by fintech companies and others e.g. when they want to check if a fund transfer is to be allowed or flagged up.
bribe, coerce, and social engineer a phone company employee into transferring the victims phone number to you, or a technical attack to get the system to send the sms messages to a device you control, without ever touching the victim.
The attacker just needs to convince/compromise a single carrier employee to get a new SIM for your number.
Sim swap via pretending to be a clueless customer who lost their physical phone, banking on lax checks at customer service.
Mobile phones identify themselves to the mobile network through a number called the IMEI. IMEI cloning is not particularly difficult nor does it require exotic equipment. This means that it is relatively easy for an attacker to be able to spoof your phone to a mobile network, for example, to receive SMS messages with one time passwords.
Cloning your IMEI has nothing to do with the data that is on your phone, so if someone clones your IMEI it does not mean that they have access to any of the apps or data that is on your phone.
Thanks for the clarification!
IMEI or IMSI? I think it is the subscriber identity that is on the SIM that needs to be cloned, not the hardware identifier of the device (ie its the IMSI that matters, not the IMEI).
SIMs and SIM burners can be purchased trivially on the open market, and cloned without too much difficulty. Although, a social engineering attack on the employee at the cellphone store is a superior method since it automatically gives you a "known good" SIM with the operator's keys, etc.
SMS codes for anything are not secure. Convenience over security, maybe.
SMS are as secure as a letter compared to a postcard.
And they're rather irritating to boot. TOTP authentication in something like keypass or 1password is very low friction, working automatically in ideal circumstances. Sms based ones are kludgy
Phone companied have customer support. This is a weak point, because attacker can use social engineering to gain access to your number.
It's an interesting design problem to have panel of peers attest an individual's identity. It could be made fairly seamless if there was a common system in which a suitably distributed authentication secret could be recombined under instruction from the relevant party. Can it be made to work for normal humans? I daresay we have the ingenuity to design something...
The Decentralized Recovery (DeRec) Alliance has recently launched to solve this very problem. Dr. Leemon Baird gave a talk last year on how this works at a higher level [0]. The alliance is comprised of members from the Algorand, Hedera, Ripple crypto communities but the application of proper DeRec would be certainly applicable anywhere you have any type of secret; in fact I believe you can be a DeRec 'helper' right now. There's a robust primer on the protocol published as well [1], here's a pull-quote:
[0]: https://www.youtube.com/watch?v=AcF4abPoveM
[1]: https://github.com/derecalliance/protocol/blob/main/protocol...
Some day someone is going to produce a fantastic heist movie about breaking this kind of scheme - five different characters, each of which need to be scammed in different ways to obtain their piece of a shared secret.
Sadly it's quite possible this will be a dramatized version of a real-world event. We've already seen quite a few messed up crimes to steal keys to steal crypto. Secret sharing just means you need to kidnap a few extra people.
But in fact, in order to kidnap these people you'd also need to know these people, and know they are assigned to be part of the derec network. With DeRec all the helpers don't need to know about each other at all. And you may not know how many helpers a given helper has behind them. It's actually much much more difficult to do the heist-and-interrogate-with-a-pipe-wrench approach if you don't know who to beat up, nor how many of them need to authenticate.
Edit: OT but while I have a glimpse of your attention, kudos in order!! I love datasette and basically everything you write is highly useful to me!
I came up with a similar general approach about 10 years ago, but lacked the time or inclination (and probably knowledge, frankly) so I'm very pleased this is being pursued.
except that those instructions will be handed out by phishers
Of course it works. I was aware of such mechanisms appearing in the Chinese social media app WeChat years ago. In fact I would say it's a great fit for any kind of social media app that involves interacting with peers.
However the utility is probably nil if there're no social features to begin with.
Apple’s Recovery Contacts are a similar idea. The main difference is that just one can help you recover your account, but it doesn’t seem too hard from a UX perspective to make 3/5 recovery contacts required to unlock an account.
https://support.apple.com/en-us/102641
We could also leverage trusted third parties for this purpose, for example, banks or DMV or Walmart.
However, there needs to be a fiduciary interest by the third-party (eg liability for identity theft, etc) in order to incentivize them to avoid fraud. It is not clear that there would be enough profit involved to offset the liability.
Auth apps are crap - each one pretends to be unique and authoritative.
TOTP secrets are a string, not just a QR code that can only be seen once and never again - the QR code merely encodes that string! That string can be used in multiple places to generate codes. KeepassXC can do it and that can be shared. I've seen loads of organisations and sites with an elderly mobile phone that has the TOTP auth app on it. Normally MS Authenticator.
To add insult to injury, MS Auth can only have one account per email address (id@realm/whatever you want to call it).
PrivacyIdea can do email based TOTP with a PIN. That works well but does involve a two stage login with an email delivery in the middle.
I totally agree with you: the only useful delivery mechanism available is email. PGP was a nice idea and authenticator apps need to have their owner's heads bashed together to get proper interoperability sorted out. Trying to silo people in your "cloud" without interoperability with others is so sad and needy. If you don't have absolute confidence in your offering then you are shit!
I'm increasingly coming around to the idea that in reality, there's only one factor, at least as far as the Internet is concerned: Something you know. There's different ways of knowing it and various difficulties involved in knowing it, but "something you are" is only every a fancy way of presenting something you know (because if you know it, you can generally forge it with reasonable effort) and "something you have", over the Internet, is just "something you know but is pretty difficult to directly extract".
TOTP was what really kicked me into thinking this way. They tried to make it "something you have". They tried to lock it behind apps and pretended really hard that it wasn't just a particular shared secret... but it is. It's just something you know.
The rule is, if it could be stuck in your password manager, it's a thing you know. That includes even things like Yubikeys, which are things that can be cloned and stuck in a password manager. They're just really, really hard to clone, and that's a valid step up from "a password". I'm not saying that the differences between all these "things you know" are irrelevant; they matter a lot. Having a password + a TOTP is a legitimate step up from having just either one alone. I'm just saying that analyzing things in terms of the other two factors isn't particularly relevant.
Yes, if you don't control the hardware at the user's end, the only factor you can get is "something you know".
All the things around improving web authentication are just about people not having to memorize that something you know and protecting it against eavesdroppers.
The way I see it, the main security benefit of TOTP is it's a very long, high-entropy password that is guaranteed to never be re-used.
I don't think this is right. If there's a shared secret like a TOTP seed, that's in theory a "something you know", but if I don't know it, then who does? The point of "something you have" is that you own a device that "knows" it for you, and you never even need to see or expose the underlying secret, you just copy a token proving that the device you have knows the secret. I think that does count as an additional factor.
Of course if someone is memorizing the TOTP seed and generating the proof on the fly every time, then there's no shift in factor, but no one is doing that. And if they're saving the password on the same device that stores the TOTP code, then we're back to one factor, but now it's just 2x "something you have" at that point.
A little off-topic from the matter of adoption and usability by the greater masses, but I personally prefer these RFC 6238 TOTPs that I have the choice to take into my own hands, as opposed to internet-required, server-side based like my banking app and Okta.
I have a copy of all my TOTP generators (minus my dev Okta account) in a common authenticator app and an offline copy stored in an offline password manager, further replicated with an encrypted backup service.
I was able to create my offline copy in the first place thanks to a rooted phone to export what I already had up to that point out of the authenticator app.
Of course, the discussion starts to morph when we bring in the "un-phishable" software passkeys.
I agree, for personal use cases, RFC standard TOTP that can be backed up and managed by the user is the ideal balance of security and availability.
Enterprise TOTP apps like Okta and MS Authenticator have some enhancements. Push notifications are convenient when you have to access things many times a day. More importantly, push notifications with a number-matching confirmation reduces the chance of TOTP poaching, since the user themselves are interacting with the service requiring auth.
In enterprise environments, there should be a restore process for a lost phone or authenticator. Some kind of backup code with voice/manager approval, or coming into a physical office to reset credentials. This isn't available for regular people/regular retail services except maybe banks, but banks can't even do regular TOTP correctly.
I thought the Authenticator apps were great until I upgraded my iPhone and the apps lost all of my Authenticator setups. Good thing it wasn’t super critical.
When this was discussed [1] on HN a few weeks ago, I don't recall anyone reporting reproducing it. Several people, including me, reported having many accounts in MS Authenticator that have the same email address with no problem.
The otpauth URI that is encoded in a TOTP QR code looks like this:
otpauth://totp/LABEL?parameter_list
The LABEL is supposed to serve as a unique identifier for the account. It has the format "Issuer:Account". The "Account" part is required. The "Issuer" is optional (and the ":" omitted if the issuer is not present).
The parameter list is an & separated list of name=value pairs. It includes the "secret" parameter which gives the TOTP secret. An optional parameter is "issuer", which should match the "issuer" part of the label if that is present.
It sounds like what is happening is that there are some sites who do not include the "issuer" part the the label, and they let the user use a user provided email address as the account name.
If a given user uses two such sites and provides the same email address to both, then there will be a collision. If they also do not include an issuer parameter an authenticator app has no way to know just from the data in the codes that they are from different sites.
[1] https://news.ycombinator.com/item?id=41275846
I'm not familiar, which part of the comment does WeChat implement?
A panel of peers.
Maybe we should support logging in with an OTP to email for many more systems than we do currently? Combined with conditional access and MFA its actually not bad.
No password to remember and supports this "pattern"
Passwords are consent, clicking on a link in an email account that might be open... not always.
Unfortunately, "they just don't get access anymore" is the usual pattern with major email providers like Google, as many people who have had a phone lost or stolen and then been locked out of their accounts forever can attest to.
With the - "we banned your account for no reason, and you have no way to appeal and we don't even tell you why we banned you" flagship provider email account caveat.
This is my gripe with 2 factor authentication: it increases security and as a second factor also increases the risk of you losing your account.