5
Smart card/Yubikey labeling - yay/nay? (infosec.pub)
submitted 1 year ago by splendoruranium@infosec.pub to c/infosec@infosec.pub
10 comments fedilink hide all child comments

Now ever since I got a label printer I made it a habit to... well... label everything. It's been the a gamechanger in organizing my stuff.

This habit includes having a tiny label with my street address and mail address on most any item that I loan away or tend to regularly lug around with me as a general reminder of ownership. I forget about and lose stuff all the time, so this gives me some piece of mind with most of my medium-value little gadgets. I believe (and have experienced) that people are generally decent and will return lost stuff to me if it's easy for them to find out to whom it belongs.

Now it has occurred to me that this practice might be detrimental when applied to a smart cards in general and my Yubikeys in particular. After all, shouldn't a lost Yubikey be considered "tampered with/permanently lost" anyway, whether it's returned or not? And wouldn't an Email address on the key just increase the risk of some immediate abuse of the key's contents, i.e. GPG private keys, that would otherwise not be possible?

Or am I overhtinking this?

you are viewing a single comment's thread
view the rest of the comments
[-] stevedidwhat_infosec@infosec.pub 3 points 1 year ago

If you lost your house key what would you do

[-] alex_02@infosec.pub 3 points 1 year ago

Get arrested for breaking into my own house.

[-] splendoruranium@infosec.pub 1 points 1 year ago

If you lost your house key what would you do

Depends on the circumstances. I mean, if forgot them in a restaurant only to get an Email from the proprietor or another customer 1h later to come and pick them up then I certainly wouldn't assume them compromised and change all my door locks. I'd just be happy to have them back.
What would you do?

[-] stevedidwhat_infosec@infosec.pub 1 points 1 year ago

Change my locks because it’s easy to do and prevents additional future stress

[-] splendoruranium@infosec.pub 1 points 1 year ago

Change my locks because it’s easy to do and prevents additional future stress

Out of curiosity: what's the maximum time you'd be willing to leave your house keys out of sight without changing your locks afterwards? Surely at some point the cost in time and money of changing your locks exceeds the utility of (Security-remains-uncompromised times likelihood-of-security-having-been-compromised-by-incident-in-the-first-place)?
I'm uncertain whether I expressed that correctly but surely there's a spectrum here.

[-] stevedidwhat_infosec@infosec.pub 2 points 1 year ago

Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site.

Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc

Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

[-] splendoruranium@infosec.pub 1 points 1 year ago

Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site. Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

Thanks for the input!

this post was submitted on 05 Aug 2023
5 points (85.7% liked)

Information Security

245 readers
3 users here now

founded 1 year ago
MODERATORS
himazawa@infosec.pub