I can't stress this enough, risk of losing (or breaking) your security keys is the number 1 threat when a service (correctly) offers no way to circumvent it's absence.
This is the same for encryption: the number 1 threat is lost encryption keys; the number 2 threat is broken backups; the number 3 threat is stolen encryption keys. Having #1 occur is equivalent to being ransomwared with no way to pay.
In both cases, you need multiple copies, or if you are using non-copyable aspects of security keys like U2F or OTP, then you need multiple backup keys registered to the same services.
It's for this reason that I eventually decided upon pencil+paper secrets in a bank safety deposit box, which can be backed up or even split up in a 2/3 fashion for things super critical.
The yubikey ends up being solely for convenience for less important things(it's easier to press the yubikey physically than it is to bring out my google authenticator app and copy/paste a TOTP).
Agreed that the article goes into extreme technical depth from a security/cryptographic perspective, whereas losing/breaking/being_stolen is actually the vastly more likely scenario.
> It's for this reason that I eventually decided upon pencil+paper secrets in a bank safety deposit box
This is not an option for the vast majority of people. But While we are at it, if the government wants to confiscate your bank locker they totally can and have access to all your secrets. So then what do you suggest?
> This is not an option for the vast majority of people
A bank SD box costs $50/year. Why is this not an option for a majority of people? If anything, it's more accessible to use a bank SD box than being a technical enough person to run code from a GitHub repo.
> But While we are at it, if the government wants to confiscate your bank locker they totally can and have access to all your secrets. So then what do you suggest?
The bank SD box isn't full proof (as any bank employee could take a peek), which is why you'd want to shard the secret into multiple SD boxes. I.e. if your secret is ABC, you could store three secrets of AC + AB + BC, wherein you need only 2/3 to recover the entire secret. This scheme is effectively the same as Shamir Secret Sharing, but way easier to recover.
If your threat level is that the government might confiscate your bank locker, then you're probably at the level that you'd want geo-distributed sharded secrets in privacy-centric countries like Switzerland.
This is interesting, never heard of Bank SD box and the way you describe distributing the secret is novel. Do you have any links to a practical implementation?
But there are actual setups where storage can be encrypted with a Yubikey, and the Yubikey is protected by a PIN that's in your head, and other possible factors, so now we're in $5 wrench territory.
> This is the same for encryption: the number 1 threat is lost encryption keys
This is so true. I worked on v1 of BitLocker. Key management was a much bigger feature than the actual full-disk encryption. I only recently got a Yubikey because I know how easy it is to shoot myself in the foot, and I’m still very nervous about it.
This is the same for encryption: the number 1 threat is lost encryption keys; the number 2 threat is broken backups; the number 3 threat is stolen encryption keys. Having #1 occur is equivalent to being ransomwared with no way to pay.
In both cases, you need multiple copies, or if you are using non-copyable aspects of security keys like U2F or OTP, then you need multiple backup keys registered to the same services.