Is it bad to have the same 2FA PIN on two secondary profiles?

gk7ncklxlts99w1

Thanks for sharing your setup, it's very helpful. I have a very similar setup to you. I use the same strong passphrase for my LUKS encrypted disks and partitions, and for backup repositories for those same disks (using restic or borg). I also reuse my device login credentials for my computers and laptop. I use an Onlykey which is really handy, I use it for logging into commonly accessed online accounts, and for entering my device logins and disk encryption passphrase. It only has 24 slots, which is better than nothing but I wish there were more. Were I to use a unique passphrase for each disk, and a unique login password for each device, and a unique password for backup repositories and a few veracrypt volumes, it would easily take up all 24 slots. And the Onlykey doesn't really work for unlocking phone profiles (not unless I enable USB data transfer while locked, which I won't).

It sounds like password reuse is inevitable for this use case, without excessively overcomlicating my setup and possibly lead to human error. KISS basically.

ryrona

gk7ncklxlts99w1 I use an Onlykey which is really handy, I use it for logging into commonly accessed online accounts, and for entering my device logins and disk encryption passphrase.

As long as you are aware that if you have your disk encryption passphrase stored on a hardware security key, you have reduced the security of the disk encryption from that of a strong passphrase to that of breaking into the hardware security key.

DeletedUser237

gk7ncklxlts99w1 how insecure is it to use the same fingerprint + PIN

Depends on the settings you chose, it does not immediately scream insecure, but it may be less secure.

Is it bad to have the same 2FA PIN on two secondary profiles?

That's something only you can answer. How easy is it to reconstruct it? How much you value convenience over "maximum" security? Use the phone as you find the most suitable for your needs. Don't get caught into "of you don't do X" you will get popped mindset. People claiming this have no deep understanding and just parrot what they read or heard from "YouTube influencers"...

gk7ncklxlts99w1

DeletedUser237

Don't get caught into "of you don't do X" you will get popped mindset. People claiming this have no deep understanding and just parrot what they read or heard from "YouTube influencers"...

I completely agree and definitely understand it. It's a cognitive fallacy, the all or nothing mindset.

I already came to the conclusion earlier that having fingerprint + 2FA PIN on multiple profiles, along with a duress password on both, is identical in security to having unique 2FA PINs. A unique 2FA PIN would not help in any situation because they would only be able to compromise those profiles under duress (because they need my fingerprint), and a duress password addresses that concern. Actually, there is one scenario where a unique 2FA pin would help - where they observed me entering a PIN for one profile, sever my thumb or knock me out, and then attempt to use the same PIN on another profile. At that point I have bigger problems.

Reusing passwords and passphrases on other things, like LUKS disk encryption and such, is a more complicated scenario.

Small side note: People underestimate reasoning when crafting threat models - and I'm not bashing you or anything here - but it's easy to say "you must identify whether or not this comes within your threat model" but when a person is asking for help in a privacy or security community, what they're really doing is asking for help crafting their threat model, and get feedback on it. Threat models can and should evolve in light of new information. A threat model without being subject to new information is a closed system that can be likened to a paranoid set of beliefs. We need other people to update our threat models - we shouldn't work on it alone.

gk7ncklxlts99w1

ryrona

The hardware security key is very secure, and I protect it with a PIN. It provides a substantial amount of convenience while allowing me to use a stronger passphrase - were I to rely on my memory alone, I would naturally reduce the strength of the passphrase to make it easier to type. Keeping my passphrase saved on a hardware key is not a weakness in my setup, it's a strength.

DeletedUser237

gk7ncklxlts99w1 The hardware security key is very secure

How did you verify this? not challenging you or anything, I did a quick search on them, as this is the first time I heard about them (I have few different Fido compliant keys) but I am always interested in testing stuff like this.

ryrona

gk7ncklxlts99w1 and I protect it with a PIN

So, someone who has access to your hardware security key, and can brute-force your PIN, can unlock your encrypted disks? I guess your PIN is far far shorter than the disk encryption passphrase? Then you have reduced the algorithmic strength of the protection to that of the PIN code. In best case, your hardware security key throttles PIN input attempts heavily, and the actual disk encryption passphrase is encrypted with a key derived from your PIN. In worst case, and the more likely case, the adversary has an exploit against your hardware security key that allows them to extract your disk encryption passphrase, even without knowing your PIN. It seems like most security chips have their security broken within a few years from release anyway, but algorithmic strength of a disk encryption passphrase should be able to keep your data secure for well over 20 years.

I am not saying the security key is wrong in your threat model, as long as you are aware in what way you have reduced the security, and accepts those tradeoffs. That is all.

gk7ncklxlts99w1

DeletedUser237

I cannot verify it 100% because I'm not qualified to audit them. But I have used some common sense and read about how it works and the various technologies they have used. As an example, they use epoxy as an anti-tampering mechanism to protect the HSM (hardware security module). I also have a couple of hardware encrypted USBs, and when I did research for these things (cause they're very expensive) I learned a lot about how these things are built, and OnlyKey would be adopting many of these things.

It also provides plausible deniability if you configure it the right way - there's a mechanism that allows you to hide the existence (or provide plausible deniability for the existence of) a second profile.

I'll leave the rest up to you, this is just what I remember off the top of my head. Realistically, I have no way to verify whether anything I use is actually secure, but OnlyKey is pretty low on the list of my worries. I think the hardware is solid, but my only concern might be their software implementation.

JollyRancher

gk7ncklxlts99w1

As with everything dealing with security, it starts with your threat model.

Ideally, for maximal security, you should use a different strong password for every profile that you only enter when you can ensure no shoulder surfing and 2fa secondary unlock with a 6 digit pin for other circumstances. Using a different pin for every profile.

In practice, set up a high security profile with a unique strong password & pin. Use this for anything you need to remain perpetually secure against well resourced adversaries.

You may also want to do this for the Owner profile.

For less secure daily driver profiles where you are using different profiles to better sandbox/control apps, using the same unlock method(s) for them all isn't really an issue. You should just treat all those profiles as if they are one and assume that if any of them are compromised, all of them are.

gk7ncklxlts99w1

JollyRancher

As I discussed earlier, and I was able to answer my own question, there's no reason to have a unique 2FA PIN for different profiles because there is no realistic attack scenario, assuming I have a duress password enabled, where that would help except where they obtain the PIN and then remove my thumb. Unique primary PIN is a different story.

In practice, it doesn't make much sense to me to organise my profiles based on threat model. Rather, I organise them on use case (I currently have Owner which has nothing in it, a secondary profile which has nearly everything, and another which only has email). Reason is usability. If I create a high threat model profile, what am I going to put in it and how will I use it?

My most sensitive data would be my email and password manager. Lets say I don't use either of those very often - since I'd be using a very strong password or long PIN, and I probably won't be using any 2FA unlock (since that would be pointless unless I was using the profile often), I would need to be able to remember the password/pin for it to be usable but since I don't use it often it will be hard to remember, and I have limited memory bandwidth. I'd be relying on having the password written down somewhere. Another issue is those two apps (email and password manager) maybe shouldn't go together - the profile on which I use for email could be the most susceptible to malware (due to email attachments), which could lead to a compromise of my password manager.

I have to take a more dynamic approach, than just designate profiles by security level.

gk7ncklxlts99w1

ryrona

I'm aware of the things you've mentioned. You've brought up good points. I cannot say how strong my security key is exactly, but my preliminary research was compelling enough. Also, my hardware key throttling pin inputs and an adversary having a workable exploit are not mutually exclusive. I'm fairly certain there is a limit to the number of inputs you can make before the key becomes unusable (either permanently, or for x time, I can't remember). I think it's much more likely that the key is sufficiently protected against the most likely attacks, than a physical adversary finding my key and finding/developing a workable exploit against it.

I'm wondering why you think the "algorithmic strength" (which I'm guessing you mean entropy) would be stronger with the passphrase? I don't believe there's any throttling for LUKS. If you compare the entropy of a strong passphrase with LUKS vs a relatively short PIN on a HSM that does throttling, which one would be better? I suppose it depends on the implementation?

ryrona

gk7ncklxlts99w1 I'm wondering why you think the "algorithmic strength" (which I'm guessing you mean entropy) would be stronger with the passphrase? I don't believe there's any throttling for LUKS. If you compare the entropy of a strong passphrase with LUKS vs a relatively short PIN on a HSM that does throttling, which one would be better? I suppose it depends on the implementation?

Entropy needs to be secret, or it isn't entropy. Assume you have a wordlist that gives 13 bits of entropy per selected word, and you completely randomly using a strong random number generation process selects 6 words from that list, your passphrase has 13*6=78 bits of entropy. The moment you write down your passphrase on a piece of paper to remember it, your passphrase has 0 bits of entropy. There is no longer any uncertainty in what your passphrase is, the attacker who finds the piece of paper knows your passphrase, and will only have to do a single login attempt to succeed.

If you put the passphrase on your security key, it is effectively written down, but behind a lock of some kind. If the attacker can break that lock, they get your passphrase.

Entropy, or algorithmic strength alone, on the other hand, give you a strong proof there are no way the attacker can break into your encryption ever that is faster than trying all 2⁷⁸ = 300,000,000,000,000,000,000,000 possible passphrases you might have selected. Or coercing you into revealing the passphrase.

Exploits against almost any security chip are developed within a few years from the security chip having been initially released. But with entropy, ie a passphrase alone, you can select a passphrase long enough, or with much entropy enough, for it to remain impossible to break into for any number of years into the future you want it to remain secure.

gk7ncklxlts99w1

ryrona

I think you can still say that a password still has the same entropy if written down. Having your password written down does not reduce the cryptographic strength of the password against an attacker that doesn't know what your password is. But that's probably splitting hairs.

I also think it's unfair to compare a password written down on paper to one stored in a hardware key. The difference is one is plaintext, the other is encrypted. More importantly, even if the password wasn't written down anywhere, you can still obtain the password by other attacks such as keylogging or shoulder surfing. Writing down your password doesn't magically make the password insecure, it just introduces an attack vector, one that is exclusively physical. And where you store that password matters. Were I to store my passphrase on a Yubikey (with the static password feature) instead of an OnlyKey, would this be more secure? This question isn't just hypothetical, I'm genuinely interested in whether I should store my passphrase on my yubikey instead.

You say "Exploits against almost any security chip are developed within a few years from the security chip having been initially released", I get the feeling this is a heavy handed generalisation. Are you implying that my 5 year old Yubikey is likely to be insecure?

de0u

gk7ncklxlts99w1 Are you implying that my 5 year old Yubikey is likely to be insecure?

It's genuinely hard to say!!

If/when somebody has an exploit, it might be sold instead of announced. And meanwhile: https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

ryrona

gk7ncklxlts99w1 Were I to store my passphrase on a Yubikey (with the static password feature) instead of an OnlyKey, would this be more secure?

I wouldn't trust either with my disk encryption passphrase. I don't trust the Titan chip in the Pixel phones with it either, and that is a far more secure chip than the two you mentioned.

gk7ncklxlts99w1 I get the feeling this is a heavy handed generalisation.

It is. Different companies put differently much resources into their security chips. Some just take some off the shelf TPM chip and repurpose it, others have their own labs and spend huge amount of money into making their security chips withstand even very advanced attacks.

There is also the fact that security chips that are more popular are more likely to be targeted with attacks, and thus already having a known exploit against them, even if they in theory might be more secure than a competitor.

gk7ncklxlts99w1 Are you implying that my 5 year old Yubikey is likely to be insecure?

Probably. Likely, yes. But I don't know.

The question is also who your attacker might be and how privacy sensitive your files you are trying to protect are. What attacker would actually have access to any existing exploits, and be able to exploit them? Probably law enforcement, governments and large criminal organizations. Probably not your family members or coworkers.

gk7ncklxlts99w1

ryrona

Fair points.

Feel free not to answer this - is there any device you would trust with your disk encryption passphrase?

I have multiple disks and devices, and I protect them all with the same strong diceware passphrase. Were I to rely on my memory alone, it would be very inconvenient to have to type it out every time I connect a disk or boot up one of my devices.

I generally equate encrypting more of my data with being more secure. But in the case of using the same passphrase for multiple disks/devices, there might be reason to only use my passphrase to protect a single device/disk. Every time you enter your passphrase, you expose it. Perhaps a better strategy would be to only use this strong passphrase on one thing, then use a weaker password (or perhaps multiple weaker passwords, saved on an OnlyKey) to protect less sensitive data.

I find it difficult to choose whether to include police/government in my threat model. When it comes to online internet activity (anonymity) I don't. But I am a little more concerned about my physical devices. In my country, it's legally required to provide passwords to your devices if requested by the police. I don't ever want to be in that position, because it is an infringement on my right to privacy, even if the law contradicts that.

ryrona

gk7ncklxlts99w1 Feel free not to answer this - is there any device you would trust with your disk encryption passphrase?

None.

gk7ncklxlts99w1 In my country, it's legally required to provide passwords to your devices if requested by the police. I don't ever want to be in that position, because it is an infringement on my right to privacy, even if the law contradicts that.

You would be forced to give your hardware security device too, and the PIN to it too, in such a case. Generally, you cannot protect your data from the police. In practice, having a disk encryption passphrase would still help in many countries, as you can avoid revealing your passphrase until a court orders you to do it. The police isn't allowed to search your devices without a court order, and for them to get a court order, there need to be reasonable suspicion that there is evidence on your device for a very specific crime that has been committed at a very specific time. It protects against your privacy being breached by police when you in-fact has not committed any crime.

gk7ncklxlts99w1

ryrona

The police isn't allowed to search your devices without...

Depends on the country / jurisdiction. In Australia:

Yes, police can take your phone without a warrant, but only under specific legal circumstances. In Australia, police generally require a search warrant to seize personal property, including phones. However, there are exceptions that allow them to take your device without prior judicial approval.

Source: https://www.farajdefencelawyers.com.au/blog/can-police-search-your-phone

« Previous Page