The exception is password managers. It’s a very rare tool that makes things more secure and easier.
Your OS probably comes with one, and if not there are cheap or even free ones available.
Comment on We're in a very verify-happy era of technology
solidgrue@lemmy.world 2 months ago
On the matter of information security, but also security in general:
Pick two.
The exception is password managers. It’s a very rare tool that makes things more secure and easier.
Your OS probably comes with one, and if not there are cheap or even free ones available.
That would be fine, I can live with choosing two of those for any given account.
What I hate is when the company offering the service forces its choice on me. I may be reliant on logging into some specific account without access to my phone, but then along comes company X and says “NOPE! Your account security is more important than you being able to access your own stuff. We’re completely on board with locking you out of your own accounts in the name of security.”
To be clear, I’m talking about personal accounts. Those on a network where I’m responsible for preventing a breach are another matter of course.
oberstoffensichtlich@feddit.org 2 months ago
A government issued ID card with a signed certificate on it could do all three pretty well.
Moonrise2473@feddit.it 2 months ago
Ugh no I hate logging in with my government issued id card and that weird custom certificate that needs to be manually installed. Plus i would need to get up, search for my wallet, take out the card and insert it in the reader
vk6flab@lemmy.radio 2 months ago
Do you really trust a Government to keep your data secure?
How is such a card anything other than a universal identification card, which can then be stored by all and sundry as “proof”, right until one of them gets hacked and your card needs replacing … everywhere.
I think I’ll pass.
solidgrue@lemmy.world 2 months ago
The OPM hack a few years ago says they already can’t.
vk6flab@lemmy.radio 2 months ago
…wikipedia.org/…/Office_of_Personnel_Management_d…
oberstoffensichtlich@feddit.org 2 months ago
The government already knows my name and where I live, so if I trust them or not isn’t important.
To alleviate the issue with copied cards, cryptographic signatures and certificates can be used. The certificate is on your card and it’s signed by the government. Your certificate contains a private and a public key. The private key never leaves the card, only the public key. The public key is signed by the government.
So if a service wants to ensure your identity, they will give you a cryptographic challenge. That is then signed using your private key on your card. The service then can verify your signature by using your public key. The service can then verify your public key by contacting a government server. That way you can prove to anyone that you’re in possession of the physical ID card. The private key on the card can be further protected by a pass phrase.
So if someone wants to steal your identity, they would need your physical card and your passphrase.
If your physical card and passphrase gets stolen, you report it to the government and they revoke their signature of your public key. So if a service wants to verify your identity, the government server will reply that the ID is not valid.
This is how SSL and public private key cryptography works in general. The issuing authorities don’t have to be governments.
vk6flab@lemmy.radio 2 months ago
I understand your point. I’m not sure that you understood mine.
Let’s say that we do as you say. To issue the signature, the Government would need to verify your identity, which as you point out, they already can. Here’s the kicker. After verification, the signature is now linked to those same details in their systems. This makes them a massive target. One that they are ill-equiped to deal with.
That’s why I am not a fan of this idea.
dev_null@lemmy.ml 2 months ago
Try to campaign for and get up and running such a nationwide government issued ID system and then tell me how inexpensive it was to do. :P
oberstoffensichtlich@feddit.org 2 months ago
Some countries already have this.
dev_null@lemmy.ml 2 months ago
Most countries already have roads. That doesn’t make them inexpensive, just means the cost was already paid.