Revisiting my digital security model

Digital security is what results from balancing defenses with convenience. There’s no point in completely shielding yourself if accessing your private spaces is difficult; on the other hand, an easy-to-remember password (123456, for example) is almost the same as having no password at all.

This Manual has always leaned toward the shielding side, sometimes making situations unnecessarily difficult when a bad outcome (breach, data loss/theft) is unlikely. In 2024, I made a course correction that I promised to share¹. Here’s that update.

The “eureka moment” came when I realized there was a third element in that security × convenience equation: the human being protected.

Someone politically exposed or dealing with sensitive third-party data, for example, needs a more robust security apparatus. Someone like me? Not so much.

In this reflection, I changed two things I consider most relevant.

The first was abandoning the YubiKey, a physical cryptographic key used as a second authentication factor. Instead of typing that random six-digit code (TOTP, time-based one-time password) generated by apps like Google Authenticator, I would plug in the YubiKey or tap it with the back of my phone to activate it via NFC. I wrote about YubiKey in June 2021.

Abandoning the YubiKey was motivated more by convenience, or rather the inconvenience of using it, from frustrating scenarios (being out and needing to access a site or app dependent on the key left at home) to more routine ones that add up in frustration (the key being in another room of the house).

TOTPs already provide an extra layer of security that’s good enough for someone who isn’t a target of sophisticated actors — me and probably you. And it’s always with me, on my phone and computer.

The second change was regarding TOTPs. Instead of creating and managing them in a specific app, I migrated them to the password manager.

This change goes against best recommendations, because if the password manager is compromised, the barrier provided by TOTP falls with it. It’s somewhat like having two locks on the door and carrying both keys on the same keychain.

The “accepted risk” here is greater than that of dispensing with the YubiKey. I’m aware and agree to continue.

The lock and key metaphor doesn’t account for a more likely scenario than password manager breach: password leaks by the services themselves. That’s what worries me most. Even in this “all eggs in one basket” arrangement, TOTP would remain useful. With the password but without the random code, my account that had its password leaked would remain secure.

In parallel, passkeys are a new proposal to complement or completely replace passwords and second-factor authentication. I’ve already delved into the subject (April 2024) and revised my opinion a month later. I keep following the technology’s development with genuine interest.