They do not, but how does the service you’re using know your passkey is secure? For all they know you’re just some gullible user that clicks through every fishing email you get. You’re dumb, weak, helpless, they gotta protect you from this scary world out there, and maybe yourself as well.
They can’t do that if they allow your passkey to be stored anywhere you control. KeepassXC? The second you type in your master password the keylogger will snatch it, and your entire database with it!
Okay, maybe you’re some hot shot cryptographer, you’re using a TKey (think Yubikey, except you have full control), and there’s no way your secret key leaves it even if your main computer is fully compromised. Well, the service doesn’t know that. All they see is your public key and a matching signature.
So, sorry Mr. Security Researcher, we’re gonna have to be safe, and require you to use approved hardware only. Too many (wo)men children out there must be protected, we have no way to tell you’re not one of them, so it’s remote attestation or you’re out. What’ online buying worth for anyway, when you can just cross the ocean?
---
Just so we’re clear, I agree with you here. But don’t forget there are two kinds of passkeys out there: with or without the evil remote attestation. And many companies will push for the remotely attested kind, using the exact argument I used above, except with a straight face.
Or they will just present a false dichotomy: remotely attested passkeys on the one hand, short easy to guess reused everywhere passwords on the other.
> how does the service you’re using know your passkey is secure
That's my business, not theirs. If my password gets stolen, that's my problem, not my bank's. Same deal if my passkey gets stolen. They're welcome to try to educate me on good security hygiene if they want, but what hardware I use to secure my credentials is not something they should get to decide.
On principle I agree with you. And for me I totally want that, in part because I know how to take care of myself and avoid phishing (I got pwned once, but thankfully it was my company’s honey pot, not actual phishing).
Many people aren’t like us. Give them freedom to chose their password without mandating 2FA, and some will lose money to a password database leak & offline guessing. The policy maker knows this, at which point they have a choice: stricter annoying rules with fewer victims, or looser rules with more victims?
Yes, we can mitigate much of this with education, as can we limit vendor lock-in by mandating that the bank does not require any particular device they do not themselves distribute, for free, to their users. (My bank for instance gave me a little device that has a camera, a small screen and a key pad. Upon payment I use the device to scan some QR-code, the device gives me a one-time code that I type, and done.) My point is, some kind of tradeoff remains.
Also banks kinda have to deal with fraud, which presumably costs them money. Stolen passwords mean more fraud, increased costs… that may be incentive enough to enforce stricter rules. And to be honest I’m okay with that, as long as it is accessible. Which in my case means no phone app of any kind.
Come to think of it, there is one law I would pass: for important stuff like banks, no amount of security justifies a lack of accessibility. If I don’t have a smartphone, I should still be able to do online payments. Same if I’m blind. Or both. When I hear all around me about people being utterly unable to do banking, or worse, accessing government online services, without a locked down Android or iOS phone, I’m horrified.
Yes, but that’s not the threat model I was alluding to. The threat model was, you get tricked into executing malware, that will steal your passkey (and your entire password database in fact), and log your master password as soon as you use it.
When the passkey is protected behind an HSM (TPM, Yubikey, Tkey…), even a compromise of your main computer can’t steal it. Attackers can still temporarily log in on your behalf, but they can’t do anything with your passkey as long as your computer is turned off. Which means you can un-pwn yourself out of this situation by reinstalling everything (but do keep your HSM!).
Overall, we have several levels of security here:
- Weak password, (potentially reused everywhere). Fished once, pwned everywhere. Not to mention password database leaks.
- Very strong unique password from your password vault (KeepassXC). Note that with automatic login, password managers may provide good phishing resistance. Manual copy pasta is still vulnerable, but at least you only compromise that one account.
- Passkey stored in your password database. Phishing proof as you say, but falls to a keylogger.
- Passkey sorted in a hardware security module. Can’t be stolen ever, save for a vulnerability in the HSM itself, or, if you haven’t set up a password for your HSM, theft.
Clearly that last option is the most secure. Clearly it would be nice if everyone could do that, though we do need a way to recover from the loss or destruction of the HSM (which in the case of the TPM may mean something as mundane as changing your graphics card). Yet often, other ways are more convenient.
Still, I strongly believe companies should not force people into one method or another. Okay, I could maybe tolerate passkeys being forced on me, but not the remote attestation part. Let me manage my own security, with my own tools (preferably open source), thank you very much. There is one use case for which I may approve of remote attestation: work accounts. Because at this point it’s not about the safety of the customer, it’s about the safety of the company itself. It makes sense then that the company (or government agency) impose whatever stringent restrictions on how to access their network. They do have to provide any required tool (company laptop, company palmtop, company dongle…), same way many companies are required to provide individual safety equipment to any of their employees working in hazardous environments.
Yes, I agree that device-bound credentials (DBC?) are a really big deal here. Just wanted to get the story straight.
When it comes to the notion of requiring DBCs without also requiring remote attestation, how do you deal with solving the problem of virtualized credential devices, e.g. swtpm? If some application wants to leverage DBCs, it will make some DBC API call, e.g. call out to a TPM. However, without some sort of attestation scheme, there's no way to verify who/what is on the other end of that API call.
Maybe it's not important for applications to be able to require DBCs without attestation. But at first blush it seems like a valid thing to want.
> Maybe it's not important for applications to be able to require DBCs without attestation. But at first blush it seems like a valid thing to want.
It’s definitely something I would want, but as you hinted at yourself, if there’s no remote attestation, the user can just use a software TPM. So, a company using passkeys has two choices:
- Enforce DBC with remote attestation. This raises the security floor, but enforces device vendor lock-in, and prevent users from selecting unapproved, but potentially even more secure, devices.
- Do not enforce DBC. This lets users use less secure virtualised devices, but there’s no vendor lock-in, and those who want may use the latest most secure device ever.
Which alternative is appropriate is now a social & political problem. My opinion is that for general computers released to the general public, remote attestation is never legitimate. Even with the best of intentions it is fundamentally uncompetitive, and they make it way too easy to go full Evil Corp. Specialised appliances and employees however are different stories.
---
Anecdotally, I have worked on TPM provisioning a couple years back, and I had to warn my hierarchy that doing it the way they specified, the TPM could be impersonated: we checked the signature of the certificate, but failed to compare the certificate root with the manufacturer’s keys. My boss didn’t believe me, until I showed the production code happily provisioned a software TPM, without detecting the impersonation. (Actually, he didn’t believe me even then, I had to go over him to the security specialist.)
This was totally a case of remote attestation. But I believe this particular case was legitimate, because it was a specialised appliance (electric car charging station), that was meant to process payments, similar to a gas station terminal.
TPMS give you the convenience of short passwords (or no passwords) and the security of long keys.
A chip which you can write to and interact with but can't read is valuable; it lets you enforce conditions which you otherwise couldn't. For example, you can protect your sensitive data with a 6-digit pin, secure in the knowledge that the chip will erase the encryption key after 10 failed attempts. If you had full access to the TPM storage, you could brute force that PIN in seconds.
Run vaultwarden locally. Install bitwarden. Now you have software-only implementation of passkey. Dig into vaultwarden sqlite database and you'll find passkey data there. Extract and save it on disk and you have exportable passkey. See, it's all security theater without remote attestation.
I had an idea to create blatantly insecure passkey browser extension. Maybe I should do that.
Correct. Funny enough though, their corporate structure and the name AG means they do have stocks, but they are not traded and 100% privately owned. For some reason I see this often with German companies, e.g. the German railway. Not sure why that is, although for the railway plausible since they are owned by the state that might eventually want to sell parts of it.
Zeiss and Schott are both owned in their entirety by a foundation that is not allowed to sell shares. Most of the dividends go to larger research institutions in southern Germany (about $80 million to Heidelberg, Stuttgart, Tübingen, Freiburg, Ulm, Mainz, Jena).
I believe the two applicable options to have a company that counts as its own "person" is either AG or GmbH (~= LLC / "limited").
There is also SE which is a EU form for an AG, and various "partnership" forms that involve a partner that's fully liable. Usually, that partner is not an actual person but a "legal person", i.e. another SE or GmbH.
Even if you're not listed on a stock market, you might want to take on investments, e.g. "give me 10 million for 5% of the company" and I assume the latter is much easier with an AG.
An AG corporation has stocks in order to track who owns how much and also attach different economic and voting rights to different classes of stock. The other way to incorporate a limited-liability company in Germany is the GmbH, which tracks ownership directly in the articles of incorporation, but are in other ways subject to way lower management, disclosure and accounting requirements. So the AG is mostly useful if you want it to be easy to change your ownership structure, if you for instance raise capital from new investors, issue employee shares, change cross-ownership within a conglomerate or go public some day.
Why Carl Zeiss is an AG I don't know. The West German Carl Zeiss was re-formed as a GmbH in 1946, but had changed to an AG by 1973. The East German Carl Zeiss was turned into a GmbH during reunification and then split in two. One part merged into the West German Carl Zeiss AG and the other is now called Jenoptik. Jenoptik was converted into an AG in 1996 and went public in 1998. AFAICT Carl Zeiss has been privately owned by the Carl Zeiss-Stiftung since 1889, except of course for the temporary East German part.
AFAIK that’s how incorporated companies work in Europe.
Here in Sweden we have A LOT of companies own and operated by state and local government and they’re all “aktiebolag” which literally translates to “stock companies”. For smaller businesses you can register as a sole proprietor and some other odd structures if you are a group of people. You’ll often see the same thing for non-profits as well.
That's a ridiculously implausible and sensationalized rumor. At most, Microsoft may make a NPU a requirement for OEMs to use the Windows 12 logo on new PCs. Actually refusing to support the existing install base of recent and hughly-capable desktops is not at all likely. It would be far more drastic than the hardware deprecations brought by Windows 11, which were already quite controversial (and loosely enforced).
The benefits definitely do not accrue to you, though. There is no direct or indirect benefit to you supporting the invasion of another country where you can now bomb locals with impunity.
It is pretty obvious the cause, they are just doing their investigation. There is a video of it out there. I will describe it for sensitive people who might not want to actually see it. The car was going probably 100 mph out of a tunnel and understeered into a jersey barrier. The passenger was ejected still in the seat and the car caught fire a few seconds after impact. Bystanders managed to pull the passenger away from the wreck, then the video cut off.
Did you see the speed he was going on a public road? LA drivers are tired of these assholes driving recklessly. It’s gotten incredibly dangerous to drive especially at night after COVID.
reply