Hacker News new | past | comments | ask | show | jobs | submit login

For keys used in authentication, I feel like rotation largely just protects against keys being leaked. If you can enforce keys to exist only on a secure element then to me I feel like rotation is no longer needed in this particular scenario. With the exception of the key strength no longer being enough or something similar.

Perhaps I'm overlooking something?




> exist only on a secure element

Do non-technical users know how to operate a secure element? Is that an encrypted home drive on a laptop protected by a weak password?

I appreciate your input, but I still think 2FA is the most secure and usable method for non-technical people. Of course, no SMS (at least outside the US).


There are a lot of commercial solutions out there, but for those of us with macs and without control of our org's IT spend, there's Secretive [1], although it lacks a way to prove that a key is hardware backed.

https://github.com/maxgoedjen/secretive




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: