More importantly, you just replaced the problems of virtual keys with the problems of physical keys: you can lose them. Recovery is much more difficult than recovery of a virtual key.
With keys such as a U2F key, you can use it for multiple sites (each site will have a site-specific keypair). Most sites allow you to associate multiple U2F keys as well. Since U2F keys typically cost 7 to 15 Euro, it's really not much of a problem to buy one for use and to put one as a backup in a fire-proof safe.
That said, I think it's bad to rely on one factor. If the key gets stolen, security is compromised. The combination of a password and a security token is far more secure. People should just stop memorizing passwords for every site and e.g. use a password manager.
A lot of banks already give them away to their customers because the hardware costs are less than the fraud costs associated with compromised accounts. And in an ideal world, said keys would be general use, not just for logging into the bank's site.
Really? You don't lose (forget) virtual keys? It's a far worse problem. A physical key can always be found if you look hard enough. A virtual key can truly be lost forever.
Ok, but that makes is harder, not easier, to manage virtual keys. And the more copies, the weaker the key (the easier to find). A million is a terrible, terrible idea.
No, I despise passwords. The whole scheme is backwards. I don't want to authenticate myself to the server; I want to authenticate the server to me. Why doesn't it provide the password, and my computer verify it? Why is a fallible human being in this game at all?
Well, yeah. That was a hyperbole. I didn't actually mean that you should go out and make a million copies of your key.
It simply meant to show that it's easier to prevent the loss of a virtual key than it is to prevent the loss of the physical key.
> The whole scheme is backwards. I don't want to authenticate myself to the server; I want to authenticate the server to me.
That's... interesting. My first thought when I read that is that the server is the one with your data and multiple users - so it needs to authenticate you to make sure that you only access your data and don't gain access to other users' data.
A server authenticating itself with you would tell you that you're actually talking to XYZ and not an imposter, but once that authentication took place you'd have access to everything on that server. Including other users' data.
Any authentication is one-to-one. The server authenticates to me, by first knowing who I am (my 'username' not a password), then using a scheme we agreed upon (our shared pair of private/public keys would be fine) to verify electronically that my machine belongs to me i.e. has the right keys.
So we are both authenticated to one another. Except now, we're using sophisticated passwords and Digital Computer Logic to work them out. Instead of my fallible wetware.
To steal a physical key you need to find a person and make him give you the key (and tell a PIN code if it is protected). It is hard to do on a large scale and you probably get beaten or go to jail soon.
And passwords can be stolen remotely using trojan software. You won't even know whether your password was compromized.
I agree the recovery can be a problem but there probably are ways to solve it.
