The hardware wallet a.k.a cold storage, is predominantly protecting you from key exposure.
The thought process is if your private key is on an internet connected device there’s always a possibility that it can get compromised.
A hardware wallet will generate a private key for you offline and you can sign transactions in an air gapped fashion. e.g.
You might have a ‘watch only’ wallet on your phone that only has the public keys. When you want to move your funds the watch only wallet will create a transaction that is not signed. It will then display the transaction as a QR code that your hardware wallet can read.
From there the hardware wallet gets the transaction and is able to sign it. Then your ‘watch only’ wallet can read the signed transaction via an QR code from the hardware wallet; all without ever exposing the private keys to an internet connected device.
terraform and AWS’s free tier. Only costs are route53 costs which depending on your setup you can also eliminate.
I’m usually utilizing a static site generator for main site; usually S3 behind a CDN.
Then I’ll typically have my services written in go running serverless behind apigateway. Then locally I just have my services running on a generic http framework.
Hmm, even though LastPass doesn’t have access to your pass, couldn’t a malicious software update cause attacker to view your passwords when it runs since the software ultimately has access?
This doesn’t seem to be the case in this incident though.
Yes, absolutely - a compromised development environment might be the first step towards getting implanted code into shipping software, or getting to a signing environment (hopefully highly isolated, but you never know!), with a view to carrying out a supply chain attack.
That's basically what happened in the solarwinds compromise.
Yes it's possible that attackers could release a malicious client-side update but it would be immediately noticed and an alarm would be raised. Also I believe lastpass's client-side apps are open source, making it even more obvious when something is changed
Air gapped wallets can utilize QR codes to sign transactions. Look into PSBTs (partially signed bitcoin transactions).
Gist is you can create a transaction from any device that doesn’t have your private key … send that transaction via a QR code to your cold wallet, then your cold wallet can sign transaction and create a new QR code for the other device to use.
Woah thanks for sharing your situation. Talking about it to others sounds like a step in the right direction.
One thing to consider is what you are teaching your kids by staying. Kids have a habit of picking up on these things at an early age and can internalize the unhealthy relationship you have as ‘normal’.
Yes, it uses WebAuthn under the hood. Passkeys have technically been available to developers for a while I think but very experimental still. I guess they've begun hitting new milestones.
This is basically the biggest problem with WebAuthn today: the credentials are tied to the browser -- or really whatever application is using WebAuthn, browser or not, name aside -- which means that if you register for a service with Firefox, you have to re-register with Chrome. If the service is designed for it, it might associate multiple public keys to a single "user." So Passkeys are just a pretty natural combination of two things to fix that: "WebAuthn keys, but inside iCloud Keychain." Presumably any apps that integrate with iCloud Keychain can then use them as expected.
Of course you can just export the key material, which in a sense is "all" Passkeys are doing: they're a formalization of how to export and manage those keys in keychain.
But there are still some major issues:
- Enrolling new devices from old ones. This is especially tricky for platform authenticators. For example I register for a website using FaceID on my iPhone, which uses the "platform" authenticator rather than the "cross-platform" authenticator, and now I need to now enroll my Macbook and Windows desktop. They both need new keypairs, because the original account is using a platform authenticator. And the new keypairs might be either platform or cross-platform authenticators. This is especially prevalent on browsers (apps can work around it with a more specific scheme; see below.)
- Similarly: cross-platform software for sharing or syncing credentials. Something like 1password but with WebAuthn support for handling those cross-platform webauthn keys.
Both of those require a lot of software and decision making to get it all working correctly, both on the side of operators and clients. For example, in your own application (not a browser), you could simply use a platform authenticator like FaceID to read a cross-platform WebAuthn credential from iCloud Keychain, which would avert part of problem 1. But in a browser, mac or iphone users would probably like to use FaceID/TouchID, which are only available as a platform authenticator, so you'd have to handle that case of new enrollment.
There are also a million other issues, for example Windows Hello has like a million weird edge cases for how it works in and outside of the browser. macOS seems to be the furthest ahead here with the introduction of Passkeys, and the strong system-wide support for TouchID/FaceID/etc. I do not know what the state of Linux is; presumably you could integrate this with something like gnome-keyring but there's no synchronization service either.
So we're still a ways away from actually eliminating passwords. WebAuthn works today but does need a lot of extra oil to make it smooth, and it's still not a primary authentication mechanism unless you're very careful about your userbase. But Passkeys are a good start and will mean you'll need passwords in less apps, and you'll be able to log in securely more quickly. It's a small but needed step.
> This is basically the biggest problem with WebAuthn today: the credentials are tied to the browser
That's definitely not true. My Feitian ePass for example (very cheap USB dongle that lives with my house keys) works just fine to sign me into GitHub on this desktop PC w/ Firefox on Linux, it works fine via a USB-C to USB-A adaptor to sign in on my Android phone w/ Chrome, and likewise on the Windows laptop I use for work when I needed to access my personal site briefly at Christmas and that was the only laptop I'd brought with me.
If you have credentials tied up in some proprietary system then, yeah, they're trapped in there, and in Apple's case they've decided to make it possible to move the credentials to another Apple device via iCloud.
Yeah, since Apple's (and Google's) soft WebAuthn implementation is designed for syncing across devices, it should also work with many browsers on the same machine.
The thought process is if your private key is on an internet connected device there’s always a possibility that it can get compromised.
A hardware wallet will generate a private key for you offline and you can sign transactions in an air gapped fashion. e.g.
You might have a ‘watch only’ wallet on your phone that only has the public keys. When you want to move your funds the watch only wallet will create a transaction that is not signed. It will then display the transaction as a QR code that your hardware wallet can read.
From there the hardware wallet gets the transaction and is able to sign it. Then your ‘watch only’ wallet can read the signed transaction via an QR code from the hardware wallet; all without ever exposing the private keys to an internet connected device.