|
|
|
|
|
|
by fmarier
4670 days ago
|
|
|
One thing to note as well is that if a virus steals your email password, then you're a bit screwed too because that can, in most cases, be used to reset your password on other sites. As we've seen with a bunch of high-profile compromises, the email account is already an extremely valuable target for attackers. Another good reason to enable 2-factor auth there! |
|
|
Now say they get your Persona email account, and get the signing material from it once. They can now log in everywhere until that material expires. There's nothing you can do about it. THAT is very different.
There's a small thing you could do to mitigate this, but really only self-hosted email has it as an option: change the email server's keys. You would be able to block logins to any site which has not cached those keys.
But no big provider would do it for you, since it would break everyone's currently-live keys, and from what I can remember they recommend that sites using Persona login cache the keys[1]. So any site you had logged into may very well have cached them, and not even perform a web request, and still allow the malicious login.
--
The only real way to dial back this damage is to limit the lifetime of the original signature. Make it too short and slow internet connections can't log in anywhere, and browsers have to continually request new assertion-signing data. Make it too long and you let attackers try many, many, many more sites.
[1]: I can't find this on the Persona/BrowserID site :/ maybe it was in a presentation somewhere. Anyway, it's inherently cache-able material, and it is a great selling point - server-side web requests are painfully slow.