In a frightening what-if, Terence Eden has explored what might happen if he suffered a catastrophic loss of his local computer, phone, tablet, and USB-stick existence in a fire. How bad could it be?
Very, very bad. For the real details, read Terence’s blog article: I’ve locked myself out of my digital life.
Terence is exploring how weak the ‘backup choices’ are when they collapse down to what you practically maintain and hold — if you don’t make this both physically diverse, and secure, then it’s either not actually a backup for some forms of catastrophic loss, or it’s weakening the security boundary badly.
The central premise here is that the set of backup methods most people use are only alternative takes on a central identity rooted in ‘you’ and your possessions. Your possessions (which are typically cast as ‘what you have is who you are’ in security terms) tend to follow you around. Few of us have more than one home, and so ‘keep it in a safe place’ usually means somewhere safe at home.
We’re being asked to manage ‘Two-Factor’ authentication all the time now — one thing you know (like a password) and one thing you can ‘show’ such as a physical key, a logical key on a dongle (or USB stick), a computed value like a one-time code, or a back-up code pre-computed on a list you keep. We’re used to this.
This means that while you may well have a backup password list, you carry it in your wallet. You have a second factor, but it died when your phone was destroyed. Your work-supplied yubikey was burned too. Guess what, work didn’t give you an alternative, and in any case, if you kept it at home, it was lost in the fire too.
We’re all sometimes only one catastrophe away from an awful reality, and I wouldn’t want to conflate the loss of your digital identity for some period with the horrible situation of losing your home, and possibly loved ones in a fire — too many people have suffered loss in floods and fires across the world this year to trivialize their pain. But the added burden of losing your digital identity is scary. For some people, it could be life-or-death if it means you can’t get a visa (can’t prove who you are until the replacement documents are issued) or can’t get medical processes done (lost the records) or can’t register for that degree, complete your application forms, or miss a critical job-saving email.
Terence is exploring a modern dilemma that stems from both our increased awareness of ‘privacy’ as a precious thing, and ‘secrecy’ as a keystone of how trust in identity works — I need to maintain my privacy so I have encrypted information, and I use secure, encrypted password-protected methods to control my digital life and login. If I can’t re-present these values, then the data is just random ones-and-zeros. I am excluded from my own ‘identity’ if I lose the keys to the kingdom.
The lesson I took from this is to make sure my backup plan includes some alternatives that lie outside my immediate location. I have a printout of my password store locker, but I didn’t include a memory stick copy and the letter is sitting in my partner’s office in-tray. Maybe the strategy needs some extra thinking, like giving it to a trusted friend? Or maybe I should ask work to let me keep my one-time recovery password list in the work fireproof safe?
This is a bit belt-and-braces, shoes with a zip and laces, but increasingly I’m concerned my backup strategies all come back to a single point of failure — me.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.