undefined | Better HN

0 pointslukeschlather5y ago0 comments

It would be better to use a software TOTP authenticator with backups. You could also store multiple encrypted copies of the TOTP secret encrypted with different Yubikeys. I don't know if there's any software that does this automatically and momentarily decrypts the TOTP secret into a secure memory location when you need it. That preserves... most of the benefit of 2fa.

0 comments

5 comments · 2 top-level

dheera5y ago· 2 in thread

Storing copies of a TOTP secret is as good as just having 2 high-entropy passwords and saving multiple copies of one of them in clear text, which is not more secure than having 2 high-entropy passwords and not storing them anywhere, and which is equivalent to just 1 doubly-high-entropy password not stored anywhere.

The fact that you can store copies effectively defeats the purpose of 2FA.

One of the reasons to have multiple YubiKeys is that if I lose one on the street I can just login to all my services with my backup key, disable the lost/stolen key, and buy and register a new key.

Whereas if someone got a hold of your TOTP secret, ehhh ... you might not necessarily know for a while.

jfim5y ago

That really depends on your threat model.

One reason to have multiple copies of the TOTP secret is to not be locked out of accounts should one lose their 2FA token. For example, if one has two copies of the TOTP secret, one of which is in a secure location, and one of which is used for daily purposes, as long as the secure location is reasonably secure, it's not much different than storing backup codes in that secure location.

I do agree with you that having multiple copies of the TOTP secret that can be lost and not noticed isn't a good idea though.

lukeschlatherOP5y ago

I meant backing up TOTP keys is better than:

> to plug this [Yubikey] into a server and control it through USB over IP.

Obviously multiple Yubikeys is the only real solution.

Godel_unicode5y ago· 1 in thread

"better" is a strange word to use when discussing security, everyone's situation is different™. You're making a set of trade-offs between availability (backups) and confidentiality (only using hardware tokens which are tamper evident) which absolutely do not generalize to every case.

lukeschlatherOP5y ago

I'm saying if your hardware token is plugged into a machine that you connect to with USB-over-IP your hardware token is basically security theater and your actual security is whatever secret you use to protect the machine the token is plugged into. So if you're worried about availability but want something like 2fa software TOTP secrets make a better tradeoff.

j / k navigate · click thread line to collapse

0 comments

5 comments · 2 top-level

dheera5y ago· 2 in thread

The fact that you can store copies effectively defeats the purpose of 2FA.

One of the reasons to have multiple YubiKeys is that if I lose one on the street I can just login to all my services with my backup key, disable the lost/stolen key, and buy and register a new key.

Whereas if someone got a hold of your TOTP secret, ehhh ... you might not necessarily know for a while.

jfim5y ago

That really depends on your threat model.

I do agree with you that having multiple copies of the TOTP secret that can be lost and not noticed isn't a good idea though.

lukeschlatherOP5y ago

I meant backing up TOTP keys is better than:

> to plug this [Yubikey] into a server and control it through USB over IP.

Obviously multiple Yubikeys is the only real solution.

Godel_unicode5y ago· 1 in thread

lukeschlatherOP5y ago

j / k navigate · click thread line to collapse