|
|
|
|
|
|
by ratg13
1485 days ago
|
|
|
>I think what we need is one master key that can be backed up in a offsite location (e.g. safe deposit box, lawyer, parents, trusted friends), and then have all subsequent secrets generated from it, or encrypted with it and stored somewhere publicly accessible. This is a very good point. Essentially what you are describing here is a certificate authority. The Yubikey, in this scenario, just acting as an 'offline CA' It's a very good idea, but requires software being built to accept an authentication hierarchy. |
|
|
Take SQRL[1] for example. It's a login system where you scan a QR code with your phone, then your phone derives a private key based on the domain and a master key, and use that to sign a challenge. Every other device (including offline backups) will generate the same private key, and hence give access to the same account.
[1] https://www.grc.com/sqrl/sqrl.htm