Hacker News new | ask | show | jobs
by UncleMeat 2008 days ago
How real is the evil maid threat model where they open up your password manager but don’t have enough time to install a key logger? And even if this threat model matters, 2fa defeats it.

This entire horcrux system feels like cleverness for cleverness’ sake rather than actually addressing a meaningful threat model.
1 comments
wyattpeak 2008 days ago
I don't have a strong opinion on the horcrux system. It's a simple solution to a minor class of threats. Six to one, half dozen to the other.

My issue was that the "whole solution" to the problem proposed by the parent relies on idealised password manager usage which I don't think is representative of real-world use.

link
UncleMeat 2008 days ago
> It's a simple solution to a minor class of threats.

The threat models it addresses are (1) "evil maid without time to download a keylogger", (2) "cloud leak of your password database alongside sites that aren't using any 2fa" and (3) "cloud leak of your password database alongside SMS-based 2fa and a desire to go through the trouble to SIM-swap you".

All of these threat models are handled with TOTP-2FA. (1) is rare. (2) and (3) require your password manager to be compromised but not your application's password database.

In practice, virtually all threats to online accounts are phishing or password stuffing from database breaches. This system does not change your posture against these threats.

People will only follow so much security advice so you need the specific small set of things that you recommend to everybody to address the most common threats and you need the set of things you recommend to more targeted individuals to actually address a wide range of threats. Introducing additional systems that address a subset of meaningful threat models just introduces confusion.

"Use a password manager with autofill to generate unique passwords" defeats credential stuffing and most forms of phishing. This system is worse against phishing since you personally type in the password. "Use a password manager with autofill and a yubikey" fully defeats credential stuffing and phishing. It also defeats the situations addressed by horcruxes.

> My issue was that the "whole solution" to the problem proposed by the parent relies on idealised password manager usage which I don't think is representative of real-world use.

I do agree with this.

link