Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That problem is not specific to SSL client certs. It potentially affects every authentication mechanism (on the same computer). Typing in your passwords? Keylogger. Using a password manager? Stolen passwords. The password database is encrypted and you have to type in a password to decrypt it? Keylogger.

If your system is rooted / infected with malware, you lost. The only solution is to format the drive and start over.

The alternative is to use a 2 factor authentication mechanism that uses a separate device, like your phone receiving a text message. That's a pain for the average user, and certainly not "simpler".



People are very familiar with text messages. Its very easy to explain.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: