I feel like this would make a lot of people very mad. It's probably against spec for a number of protocols. The purpose seems like it's to build a single, trusted system that we have absolute physical control of.
But Matt's dead on here. I'm far more interested in how we cope with the out of control situations. Building a token we trust totally, but than having to ad-hoc reinvent a dozen odd recovery schemes on top of that- something there doesn't appear to be any standards for- makes me feel like this is an out of touch, logically-bankrupt security regime we're trying to foist on the world. The idea of security is so appealing, so compelling, that we've secured ourselves into an untenable position.
As a side note,
> The question for me is not: what do I do incase my phone runs out of battery.
I really enjoy the image this popped into my head, of not storing backup house keys somewhere outside, but a backup usb charger somewhere outside the house, or magnetically attached to under your car: so you can get home & charge your phone to let yourself in, or get to your car & charge your phone to get in the car. Maybe the charge-port in cars- which we recently learned this week isn't cryptographically secured- should have a modest rate usb charger out (log into the app to unlock higher-rate power-delivery).
This seems like a recurring theme. Other examples:
* default app sandboxes that don't let desktop apps see your home directory or talk to other apps
* browsers locking people out of websites with self-signed SSL certificates, while completely unencrypted websites get a pass
* Bitcoin / "smart" contracts which remove the possibility of human intervention when a transaction goes wrong
* The perennial insistence that using 'sudo' for everything is not just safer against mistakes but actually more secure than just running as root - as though an attacker gaining access to a sudo-enabled account wouldn't result in immediate pwnage anyway
* Having to take our shoes off in airports
I use a 2fa authenticator with cloud backup for this reason. I know it introduces an additional single point of failure... but I feel like the increased possibility of being hacked is outweighed by the decreased possibility of me locking myself out of absolutely everything through my own human error.
I think the best we can do is to have 2FA that can't be copied and recovery that's difficult to reach for an attacker. Google suggested using an app on the phone for 2FA and a piece of paper for recovery.
I’ve definitely heard of people having to do the kind of cold start Matt is talking about here. They had a bag stolen while bumming around South America, left with nothing but the clothes on their backs. Mostly it just takes time for mail to arrive. A hassle that, as long as you have friends and funds, can be dealt with.
I feel like recovering my digital life after, say, a house fire, would be somewhat more difficult, but as long as I don’t forget every password, I could bootstrap for sure. It does make me wonder if I should get an extra yubikey and store it somewhere offsite…
This didn't surprise me, after having taken one of those "outdoor survival" weekends. Some kinds of dried fungus can be used to transport fire from place to place, in the form of a slow-burning ember that can easily be reignited. Can also be used as tinder to get a new fire started.
According to Ötzi's Wikipedia page [0], there was a second fungus in the 'first known pocket', that was probably medicinal.
[0] https://en.wikipedia.org/wiki/%C3%96tzi#Tools_and_equipment
(Post author here)
