Prices will be slightly lower, yes, but not a massive advantage imo. Somehow a reference implementation maybe. Some short term advantages of Solo: open firmware that can be verified by the community. They're working since 10+ years on this problem, and they released a great amount of open source. Without Yubico, we wouldn't have security keys, and we probably wouldn't have these standards. Please let me start by saying that Yubico is NOT the closed/evil.
Users can keep it on their keychain or building access badge that would give physical attackers similar level of access(they can unlock your house keys and steal pii or get in the building with your badge and steal your laptop).Ī user friendly usbarmory for the lay-person! Not only that,you can't phish or some other way social engineer the user to give up the private key. You know what I like about this the most? Minimal user education required,just plug it in,click yes on the app's prompt and press the button on the hsm. Why not make it a general purpose hsm that solves all these security problems. You can already see how much work goes into adopting something like a yubikey. You can use it for banking,voting,signing important documents online,etc. Why can't that same device be used for TLS client certificate storage for every site I visit,storing SSH private keys,trusted root CA store I can use with any device, message(email,signal,telegram,etc.) Encryption,message non-repudiation(think a twitter post or even this comment being signed by my hsm so I can't say 'the hackers did it'). If I am using a hardware security device,why do I need any other form of authentication? I use a yubi everyday and it's nice but I also use TOTP and SMS every day. Here is my thing, simpler security is better security.
Lost the personal hsm? No worries,you wrote down a recovery key on paper and stored it next to your social security card and passport. No need to enter name,address,phone,email,etc., Unless required for the service.
You would optionally associate a username with the public key,but that's it! Imagine signing up to a site or service,all you need to do is allow it to generate a unique public/private key pair on your personal hsm. A personal hardware security device is useful not just for logins but signing messages and encrypting data.
0 kommentar(er)
