I want my things protected by a human with a process to unlock/reset/.. given some kind of proof of identity.
Because with 99.99% certainty the person that needs to unlock the account is me, and not an attacker.
Even with a dozen backup yubikeys and spare codes written down I’d still be much more likely to lock myself out than be attacked.
If it’s one thing I have learned the hard way it’s that the most dangerous person in the equation is myself. I won’t trust myself with any kind of security.
> I want my things protected by a human with a process to unlock/reset/.. given some kind of proof of identity.
Anytime you have a human in the loop you have the risk of human failings. I.e., that human forgets to follow critical step X in the protocol. Or that human falls for the attackers emotional sob story and takes pity on the attacker and lets the attacker unlock your account. Or that particular human is amenable to bribery to obtain the outcome the attacker wants.
In fact, many sim swaps have been reported to have occurred because of "human at cell phone store did not follow protocol" or "human at cell phone store was taking bribes".
So having a human in the loop is not an absolute solution to solving the problem.
> Anytime you have a human in the loop you have the risk of human failings. I.e., that human forgets to follow critical step X in the protocol
This is exactly my point. If the risk of an attack is X, the risk of me being that person who fails or forgets a critical step of the protocol (backup yubikey, whatever) is a hundred times higher. So this system of “flawed humans interacting” to me looks like the lesser evil.
I don’t want my things protected by foolproof protocols. I‘m the fool you see.
Bingo. This is why crypto currency won't take off without more humane tech being inserted into the process. People aren't robots. We want many many ways to un-screw ourselves when we inevitably screw ourselves.
That's why I'm bullish on things like Shamir's Secret Sharing and other social recovery tools.
That's how https://jmp.chat/ works, and you can make your phone number as arbitrarily secure as you want with JMP.
Any port-out requests are handled manually - you are contacted by a human to ensure that you made the request. You can ask them to put a verification code on file for you to confirm when this happens if you're concerned about the security of your XMPP account (which itself could use whatever kind of authentication scheme you like).
In practice it seems to work fine with the banks I've tried. There may be one or two that don't accept numbers whose type is listed as "voip", but they are in the minority.
There is also work being done to update the type field of JMP numbers so they appear as "mobile" instead.
Note this is a pretty recent movement in banking security, several months or so. E.g. Wells Fargo did work previous autumn, not anymore. More can be googled.
Type field is interesting. Not sure this can pass the radars for too long though.
Yup, I have the same misgivings. I hate getting locked out, but at the same time, I'm pretty paranoid and want secure passwords, don't leave copies of them around.
So I've been working on a backup plan. Current incarnation is to use a simple Go cli tool with Shamir's secret sharing algo to break a password into N/M shards. The user can then do whatever they please with the shards, give some to their family, friends, attorney, make a pirate map, get an rfid chip, anything you want.
Even with a dozen backup yubikeys and spare codes written down I’d still be much more likely to lock myself out than be attacked.
I am not sure this is true. Most people regularly get phishing e-mails and apparently fall for it.
SMS and TOTP (due to the window of time the TOTP code is valid) only provide limited protection against active phishing attacks, since phishing site can 'proxy' the the SMS/TOTP code besides the password.
I think I would prefer losing access to an account (since I make backups of critical stuff anyway) than my account getting compromised, which could lead to identity theft/fraud, etc.
My ideal solution for an ultimate reset/unlock solution would be to show up and have my DNA sampled. Impossible for me to lose the reset key there, and with appropriate DNA extraction procedures, it is nearly impossible to spoof.
I think requiring you to be physically present and having a human take the sample in a prescribed manner serves as an effective 'password' - unless it's a live sample, the DNA is useless.
I think there's a misunderstanding of what is possible with DNA[0]. We take DNA from dead stuff all the time.
I will agree with "you have to be physically present" is good enough password. This is Yubikey, which works fantastic. The problem with DNA is when it is compromised - you can't throw it away/change it without exorbant effort (bone marrow transplant? and then you're simply taking on someone else's identity? is that identity theft?).
I think people are misunderstanding what is being suggested here. The idea is that, for example, to unlock your bank account, you have to go to the bank where trusted bank employees will extract your DNA and have it sequenced, resulting in you being given access again. Others cannot spoof being you in this scenario because they cannot implant your DNA in themselves.
Carriers have already demonstrated their complete across the board failure to have appropriate security procedures. Your DNA isn't hard to find, you leave it literally everywhere you go.
And do you really want mobile carriers creating a DNA database of their every customer? The same companies that already sell your location data to bounty hunters?
This is where countries like India are going with Biometric Auth plus 2FA (though the implementation has issues). The government provides a public API for sending fingerprint or Iris scan data plus SMS 2FA to authenticate identity with a cost.
Because with 99.99% certainty the person that needs to unlock the account is me, and not an attacker.
Even with a dozen backup yubikeys and spare codes written down I’d still be much more likely to lock myself out than be attacked.
If it’s one thing I have learned the hard way it’s that the most dangerous person in the equation is myself. I won’t trust myself with any kind of security.