I've been using it for about a year now. Works very well. Only gotcha is that it doesn't really have support for Windows (it's on the issue tracker, but progress has been slow). If you do your work on OS X or Linux you're fine, but if you're a Windows user you're in for a bumpy ride.
Side thought- what an interesting change from the software world 10 years ago. Who would have thought windows support was a lower priority then OS X and Linux. Onward and upward!
In this particular case it's all about Windows not having a decent SSH client. There's PuTTY... and uh... PuTTY. Oh, and you can sort of maybe run OpenSSH through LSFW or Cygwin, or maybe msys, but those all have some serious gotchas associated with them. Basically it boils down to, there's no standard Windows SSH client, and the ones that are available all have a laundry list of gotchas and problems, and that's without even bringing in the various git clients into consideration. OS X and Linux are low hanging fruit, they both come out of the box with a standard and well supported SSH clients.
Yes, I'm aware of the general comments, I was trying to get to the core/specifics. For example, you mentioned multiple times that hardware breaks, can be stolen, the interfaces aren't standard. But all these things are actually true also for your phone: it breaks, it can be stolen (probably much easier than your keys), and chrome extension+push notification I wouldn't really call it more standard than USB.
Again, I'm not trying to downplay Krypton, I like the phone solution a lot, I think it's much more usable than security keys. I use push notifications all the times e.g. via DUO. But I still think we need physical security keys against online attacks, for example as a mechanism to secure your phone itself.
What is the business model here? They release what they purport to be their source code on Github, but under a license that prohibits ... everything (literally the words "All Rights Reserved"). So clearly they want to sell that, and then have the open source community debug it for them for free, which I just don't see happening. With no way to validate that the source code on Github is what ends up in their compiled binaries, I don't see the value to anyone.
Their CONTRIBUTING file does say "We are currently researching what type of license makes the most sense for Kryptonite." On the other hand, that file was last updated on `master` in January 2017.
Both are source available software [0], other than that you can't compare them. Krypton is fully proprietary nothing more nothing less, what RedisLabs did was a complete disservice to the whole open source phenomena without addressing any actual business concerns. They misinterpreted the whole clause thing to somehow say that your software can be both open and closed at the same time (it can't). They could at least had maybe done a minimal research and maybe learned somethings from Suns community source SCSL [1] or other similar liceses from the past and they even didn't bother doing that (the irony that SCSL is now hosted at Oracle speaks for itself).
Right. You could also compile it yourself with the same chainset / toolset the Krypton folks use and compare the binaries. There's probably a way to compare everything but the digital signature with two binaries too... Not sure
If all rights are reserved on the original source code, then compiling the source code can be construed as intent for intellectual property theft, since the right to compile the code was never expressly given to you.
Looking at all-rights-reserved code on a public repository on GitHub is like going to a strip club - you may look, but you can't touch.
On their FAQ page they state that their app is 'public source'. I assume that is so you (or presumably your organization) can audit (rather than debug) it if necessary.
I've not tried it, but they also suggest you can compile your own binaries from that source to get around the untrusted binary problem.
IANAL either but I agree, that is a statement of copyright which is not unusual, but there is no licence and therefore we have no right to copy & use it.
> If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking).
We are granted a license to use it on GitHub by the GitHub ToS.
who are the end users? organizations that outsources this type of security because it's too difficult to do with existing open source and cloud solutions? What sort of liability insurance do you guys have against data breaches and catastrophic failure?
Theoretically it would be possibly to publish a reproducible compile chain, and as long as required provider secrets are provided separately in the package and read in, and there was a way to checksum individual binaries on Android, that would be an interesting step towards providing assurance of what your phone was running while still allowing them to retain maximum control of the source.
I understand that's a lot of "ifs", but even if it was fully open source, it's hard to use it in anyway that's scale-able, since hardly anyone wants to compile it themselves, and hardly anyone can get it on to their phone by themselves in some ecosystems
It sure would be nice to have some process to ensure my phone was running what I thought it was, even if it required publisher opt-in (and even if it requires I trust the phone OS).
Has this been audited? It sure seems like a wonderful/convenient alternative to hardware keys, but something makes me nervous about the phone aspect. I'd love to read more comments here from those more knowledgeable than I.
It doesn't seem this can really be FIDO, because FIDO only defines usb, nfc, and ble security keys.
I'm not saying Krypton is bad, just that you're installing an extension that (I imagine) interacts with a server to send a push to your phone. It's a very different security model than keys, that require no extension and don't interact with any 3rd party.
Update: I'm seeing that my comment is read as negative, and I don't want to give this impression. I think Krypton is great, I use 2FA over push notifications all the times myself. I was just trying to reply to the "has it been audited?" question.
Edit: changed chrome extension -> extension according to comment below.
You're wrong about the interaction model. When you install the client on your phone and pair it with a computer (via QR code) it generates a ssh key. You then need to import the public key into your github (or gitlab etc.) account same as you normally would. Once that's done on the client side there's a SSH plugin that is registered that intercepts the authentication request and pings the krypton server to sign your commit with the private key on your phone (the server relays the signing request to your phone via push notification). Assuming you approve everything on your phone the result is unwound back to your ssh client which finishes the handshake with the server and authorizes you based on the public key you had previously uploaded.
FWIW, its not Chrome-only, which your post might imply.
From the FAQ:
"The Krypton browser extension currently only works on Google Chrome and Firefox.
Safari, and Edge are coming soon."
Also, it supports U2F. From the FAQ:
"Krypton supports any site that supports U2F security keys."
U2F is one of the two protocols supported by the FIDO standard (the other one is UAF). This doesn't say anything about whether this uses FIDO (v1) or FIDO2 though.
I think this is pretty cool from a user friendly PoV. Google Android has something similar. The Facebook app doesn't AFAIK (I quit Facebook so cannot verify), but Battle.net does and so does Microsoft Authenticator. The disadvantage is that you need all these separate apps. I'd rather use just one.
Well, we already know that U2F comes "built-in" in some laptops (which I think defeats the purpose of U2F, but that's another issue).
And phones makers are starting to adopt "hardware security modules" (just Pixel 2 so far, not sure about the new Samsung ones) and Android 9 is giving app developers access to them via API.
So I guess in theory one could turn the phone into an actual "U2F security key," for all intents and purposes?
This is interesting, because at work pretty much all of our logins (including for third-party services) go through SAML, where our IdPs use Duo for two-step. That gives us similar functionality to this, without needing to use a browser plugin. You do need to use an app, though, to avoid insecure SMS or voice.
(Duo does support U2F, but it's not as obvious, because end users have to initiate the setup, and Duo instances that existed before U2F became available have it turned off—instance-wide—by default.)
One thing you could do, assuming work uses Duo and U2F support is on: You could have a singly Krypton install for both personal and work (particularly if you have one mobile device). Then, enroll Krypton as your U2F device in Duo.
I'm kindof surprised that either Duo or LastPass haven't bought out krypt.co yet…
> I'm kindof surprised that either Duo or LastPass haven't bought out krypt.co yet…
Would be the perfect move for LastPass - around the beginning of this year Lastpass started a beta program for LastPass connect [0], however, was suddenly put on hold [1][2], and I think krypt's technology would be the perfect candidate to pull together the app.
I also trust LogMeIn much more than I trust Krypt to not push out malicious binaries, so there's a plus for that.
This is going to change everything for me. You sirs, have cracked the hard problem: how do we make U2F easy enough for users to use without taking away the "something you have" aspect of it.
This is brilliant. I love it!
Now please fix the licensing, make the core open-source, be a bit more transparent, and get audited. It would really inspire a lot more confidence in a tool whose target audience is currently the security paranoid crowd.
That's completely unfair. U2F was from the start designed to be rendered in this kind of form factor. "All" Krypton (and Duo, BTW) did was implement this obvious form factor.
U2F itself, was the hard problem.
And anyway, push 2FA has been around for approx. as long as U2F. It may not be obvious now, but U2F will ultimately die in favor of push. IMHO. (they each have strengths and weaknesses but overall push is better.)
It feels exactly the same to use krypton. You pop up the website that wants auth and your phone dings and you tap a button and there you go. Compared to say, Blizzard's authenticator for battle.net, it does the same thing. You try to log in, it pushes a message to your phone you get a ding tap a button and you go.
But there in lies the difference. With Krypton, the company doesn't own your keys, you so. It's like Fiat vs Bitcoin.. only there's literally no difference in experience.
That's why Krypton is better. It works everywhere U2F (an open spec) is supported, while the proprietary company solution is supported where the company has partnered
Correct me if I'm wrong but I think you're confusing U2F (the open standard) with a second factor of authentication (the thing)
U2F has traditionally been distributed in the form of physical tokens. It's an open standard compared to Duo's.
(The rest is just copied off another comment I made down this thread)
But there in lies the difference. With Krypton, the company doesn't own your keys, you do. It's like Fiat vs Bitcoin.. only there's literally no difference in experience.
That's why Krypton is better. It works everywhere U2F (an open spec) is supported, while the proprietary company solution is supported where the company has partnered
Can anyone comment on their "zero touch is safe" claim (https://krypt.co/faq/)? As far as I understand, tokens like YubiKeys require a touch as an explicit action by the user to prevent authentication without their knowledge. Doesn't a zero touch approach remove a security feature?
You pair your phone and browser and then they can talk. Any time you want to log in through that browser it can talk to your phone and auth you automatically. For someone to exploit this, they'd need access to the computer with your browser.
So if your laptop gets stolen, yes this is a bad idea, but I think most people think that they can just revoke the browser's keys if if the laptop gets stolen and they are way more likely to have their phone stolen anyway.
I was more thinking of malware / some otherwise rogue process. This seems like something that's worth having in the world of fake support remote desktop scams.
1. Wait for user to sign in.
2. Intercept their sign in.
3. User: "Oh, it didn't work. I'll just try again."
4. User tries again and it works. Attacker is also logged in now.
Alternatively, at that point you could just inject JS into whatever website needed 2FA and do everything without the user noticing anything.
It wouldn't matter if they had their laptop stolen unless they also had their phone stolen. The keys are on the phone. Any new auth attempt would require the phone in proximity of the laptop. It connects via Bluetooth, not over the internet.
I haven't researched their claim, but my guess is that with something like yubikey you wouldn't know an authentication has happened. with Krypton, there would be a notification pending on your phone. Possibly you would only be able to authenticate if your phone is unlocked as well.
When Krypton asks you to authorize an access, you can tell it to authorize that single access, authorize the host for three hours, or authorize everything for three hours.
I typically authorize the host for three hours, meaning for the next three hours I don't have to Touch ID in again.
What happens when you upgrade or, God forbid, lose your phone? Do I need to redo everything from scratch like I have to do with my Krypton PGP and SSH keys? That's a no go for me. I'm pretty happy with 1Password already!
I would hope so. Anything less is not secure. (This is one of the basic "problems" with hardware authentication.)
However, the software model allows for pre-arranged cloud sync between multiple devices. Given how Krypton handles PGP/SSH this support isn't there, but there's no technical obstacle.
So, all this fancy security boils down to a notepad again. I am an early adopter of Krypton and I've been sorry so many times that I'm using it for SSH and PGP.
There is. Usability of such a solution would be low.
You just need a device that you tell it some master key, or that can export it for you. eg a true ($$$$$) HSM can do this, exporting keys that can [only] be imported to another device configured for the same security "world".
I think you don't get security. When you make something so hard for people to do, they just won't do it. It's like every website having a different password strength policy, people start reusing the same passwords or use 1Password. I upgrade my phone every year. I won't go thru a billion websites on which I enabled 2FA to swap the device. Also, when you upgrade phones at stores, you don't have both devices together for an unlimited time. If you want better security, then 3FA > 2FA, i.e. two things you have, and one thing you know.
I charge $500/hr for security consulting, 1 week minimums, and am fully booked for months out. I have 20 years in security experience. I'd say I "get it".
I specialize in security UX.
Don't mistake my absolute position on what is secure vs what is usable and what will be used. In general I am a critic of U2F.
All the problems you have stated are real, and you are correct, however the way to overcome them is NOT to have the device keep/use the secret "insecurely". Watch Apple's blackhat talk from last year for some insight into the problem and a usability-friendly yet still secure approach.
It's a hard problem, not one that is going to be solved here on HN discussion.
Security is literally spending resources to protect something. Time is a resource. Space in your brain is a resource.
If I want to secure a city, I spend labor and materials to build a wall. If I want to secure my documents, I spend money on a safe. If I want to secure my emails, I spend brain space and time dealing with passwords.
You can argue that the resource <--> security tradeoff is too expensive and that being insecure is a better choice, but just because something is harder doesn't mean it's less secure. People make that choice every day. When someone reuses a password, they are choosing to not use brain space and instead be less secure.
I think you don't get security... along with other things. There are good ways to spend resources and bad ways. And there is a lot more opportunity to waste resources than utilize them efficiently. Krypton is a very bad idea to start with. It's the poor man's YubiKey. My Android has both Krypton and my Google account. My phone has my identity. If I lose my phone, I lose tons more than if I just lose my YubiKey, which nobody will associate with me and give them means to get into my accounts. I cannot even remotely erase Krypton. In general, it is times worse than a YubiKey, but also times less convenient, and practical. Why would anybody use it?
Plenty of HSMs can export secrets. It's straightforward to have them make a regular export, encrypted such that only the backup HSM can read them.
Edit: You simultaneously made a comment saying almost exactly the same thing, so now I really don't understand why you would say anything less than "redo from scratch" is insecure. Is there an unstated assumption of "if you have no other device"? Because that was not clear at all.
Many websites require a backup two-factor authentication methods such as SMS and TOTP (authenticator 6 digit-code apps) even if you are using a U2F security key such as Krypton. For certain sites that allow U2F only (such as Google Advanced Protection), we recommend having a backup phone with separate Krypton U2F key setup or a physical hardware key that you store securely in somewhere.
We are actively building a robust account recovery service with partners to solve this problem and make U2F/WebAuthn a viable "single-factor" login system. We hope this will remove the need for these backup methods that make your account vulnerable to phishing attacks. We also see this as a major barrier to wide adoption of U2F/WebAuth/2FA so we are eager to solve this problem.
I've been using Krypton for SSH for a while (basically the private key is on the phone and you approve logins using the app, they must have just added U2F recently). Its worked really well and is super simple to setup when logging into a new server.
We haven't audited this personally but I'm lsoking forward to doing so. This looks awesome -- my only problem is that it doesn't solve U2F/WebAuthn on the phone itself, which is still a lot more complicated on iOS than it is on Android (even though overall, I think iOS is a better platform than Android, at least from a security perspective).
On Android it works for any site that uses the standard U2F polyfill and allows the chrome/android user-agent. You can try it on your android phone at https://u2f.bin.coffee.
OK finally found it in the FAQ for those that are slow like me:
Is "zero touch" secure? How is it a second factor if it approves automatically?
Yes, zero touch is safe. The security behind Krypton is established when you pair Krypton with your browser (via the extension) by scanning the QR code. This ensures that only your specific browser will be able to talk to Krypton. Krypton and your browser establish a secure cryptographic channel using keys that only your phone and computer have. There is NO trusted third-party.
Two-factor is simply a way to defend against compromised passwords. If someone knows your password and attempts to login then they'll be hit with a second-factor challenge. Since this attacker is remote and doesn't have access to your browser they won't be able to talk to Krypton.
If they steal password from your browser by, say, installing keylogger, that same keylogger can now also steal the computer side Krypton key. So zero touch does not help against that class of attacks, while normal U2F would.
Ah, yeah I see it now. It wasn't listed in the FAQ which would be useful.
That's a slight bummer because now there's another service dependency in your authentication flow. It's probably pretty rare that SQS will go down, but still is a bummer.
oy. I'd assumed there was a browser-side USB->BLE plugin.
This is horrible. Now the security of it is tied to the security of the stuff they have running in Amazon. Which they probably don't publish source code for? Even if they do, you have no way to know that is what is actually running.
Not the mention reliability and availability concerns.
After investigation, I have to retract my complaint. The browser-side agent is paired with your phone, Apple style. It's not a Google-style arrangement where you pair with Google and Google pairs with you, ie Google is in the middle.
So as long as the source code for both parts (browser-side and phone-side) is there, and you can audit that the code viewable is the code installed, this is pretty solid.
Of course the reliability and availability issue is still there.
Just one gripe: I absolutely do not think it's a good idea to have zero-touch ON by default.
I understand their argument about security vs. usability for laypeople as it's an age old one, but I think that applies better to situations where there's a marked tradeoff in principle.
Tapping just once or reaching for one's phone doesn't detract from usability. Quite the contrary, it's a common sense approach (and teaches common sense security posture) to give one's explicit agreement for authentication, U2F or otherwise.
Otherwise, the intended user base that zero-touch seems to target may end up being the same folks that question why it didn't work out of the box to protect their logins when their laptop gets physically compromised; since they assumed they didn't have to "understand or care about the differences between two-factor, U2F, or web authentication" in the first place, to quote the FAQ.
I don't see much sense using U2F. If you just need a 2nd factor, then TOTP based solutions do it cheaper and easier. FIDO 2.0 is the way to go if FIDO is required.
I just discover a lot of people are in debts and also under credit issues crisis, I was also among them before i met this great
guy that change my life for good. I have about 5 accounts and i have debts in all. I also have 2 chase credit cards and 1 Amex
that are maxed out already. My credit score is about 520 as at then. He helped me clear the debts on my 5 accounts within a
week, He also got the debts on the credit cards done within a week as well. He helped me increase my credit score 850 excellent
within 72 hours. All my accounts are free from debts and i can now use my credit cards peacefully as well. All thanks to the
computer guru. You are worth publicizing for. (NASH89440 @ G MAIL. COM or +1(309)884-0215.
I just discover a lot of people are in debts and also under credit issues crisis, I was also among them before i met this great
guy that change my life for good. I have about 5 accounts and i have debts in all. I also have 2 chase credit cards and 1 Amex
that are maxed out already. My credit score is about 520 as at then. He helped me clear the debts on my 5 accounts within a
week, He also got the debts on the credit cards done within a week as well. He helped me increase my credit score 850 excellent within 72 hours. All my accounts are free from debts and i can now use my credit cards peacefully as well. All thanks to the computer guru. You are worth publicizing for. (NASH89440 @ G MAIL. COM or +1(309)884-0215.
99 comments
[ 3.3 ms ] story [ 175 ms ] threadhttps://www.howtogeek.com/336775/how-to-enable-and-use-windo...
even without that, it is what U2F was always destined to become.
it's especially better than u2fzero. ;)
genuinely curious: why? (disclaimer: I'm working on Solo, the successor of u2fzero)
Again, I'm not trying to downplay Krypton, I like the phone solution a lot, I think it's much more usable than security keys. I use push notifications all the times e.g. via DUO. But I still think we need physical security keys against online attacks, for example as a mechanism to secure your phone itself.
Hopefully other sites support iOS based callbacks soon.
You weren't kidding. :(
"Free as in beer, not as in speech."
You're welcome to pick your own license / source availability terms for your own work.
[0] https://en.wikipedia.org/wiki/Source-available_software [1] https://www.oracle.com/technetwork/java/scsl-1-1-149938.txt
Looking at all-rights-reserved code on a public repository on GitHub is like going to a strip club - you may look, but you can't touch.
>Feel free to compile Krypton from source and run it on your phone and workstation. [0]
[0] https://krypt.co/faq/
I've not tried it, but they also suggest you can compile your own binaries from that source to get around the untrusted binary problem.
You could... Except that, if I'm not mistaken, "All Rights Reserved" doesn't allow you to compile and use the code in any way, including diffing.
IINAL, is that an incorrect reading?
We are granted a license to use it on GitHub by the GitHub ToS.
https://help.github.com/articles/github-terms-of-service/#5-...
They give permission to compile on the website. Otherwise you would be correct.
[0] https://krypt.co/faq/
https://krypt.co/devops/pricing/
you can say the same about all the other open source projects that don't have reproduceable builds.
https://github.com/signalapp/Signal-iOS/issues/641
I understand that's a lot of "ifs", but even if it was fully open source, it's hard to use it in anyway that's scale-able, since hardly anyone wants to compile it themselves, and hardly anyone can get it on to their phone by themselves in some ecosystems
It sure would be nice to have some process to ensure my phone was running what I thought it was, even if it required publisher opt-in (and even if it requires I trust the phone OS).
I'm not saying Krypton is bad, just that you're installing an extension that (I imagine) interacts with a server to send a push to your phone. It's a very different security model than keys, that require no extension and don't interact with any 3rd party.
Update: I'm seeing that my comment is read as negative, and I don't want to give this impression. I think Krypton is great, I use 2FA over push notifications all the times myself. I was just trying to reply to the "has it been audited?" question.
Edit: changed chrome extension -> extension according to comment below.
From the FAQ:
"The Krypton browser extension currently only works on Google Chrome and Firefox.
Safari, and Edge are coming soon."
Also, it supports U2F. From the FAQ:
"Krypton supports any site that supports U2F security keys."
U2F is one of the two protocols supported by the FIDO standard (the other one is UAF). This doesn't say anything about whether this uses FIDO (v1) or FIDO2 though.
I think this is pretty cool from a user friendly PoV. Google Android has something similar. The Facebook app doesn't AFAIK (I quit Facebook so cannot verify), but Battle.net does and so does Microsoft Authenticator. The disadvantage is that you need all these separate apps. I'd rather use just one.
And phones makers are starting to adopt "hardware security modules" (just Pixel 2 so far, not sure about the new Samsung ones) and Android 9 is giving app developers access to them via API.
So I guess in theory one could turn the phone into an actual "U2F security key," for all intents and purposes?
This is interesting, because at work pretty much all of our logins (including for third-party services) go through SAML, where our IdPs use Duo for two-step. That gives us similar functionality to this, without needing to use a browser plugin. You do need to use an app, though, to avoid insecure SMS or voice.
(Duo does support U2F, but it's not as obvious, because end users have to initiate the setup, and Duo instances that existed before U2F became available have it turned off—instance-wide—by default.)
One thing you could do, assuming work uses Duo and U2F support is on: You could have a singly Krypton install for both personal and work (particularly if you have one mobile device). Then, enroll Krypton as your U2F device in Duo.
I'm kindof surprised that either Duo or LastPass haven't bought out krypt.co yet…
Would be the perfect move for LastPass - around the beginning of this year Lastpass started a beta program for LastPass connect [0], however, was suddenly put on hold [1][2], and I think krypt's technology would be the perfect candidate to pull together the app.
I also trust LogMeIn much more than I trust Krypt to not push out malicious binaries, so there's a plus for that.
0: https://www.lp-labs.com/
1: https://judge.sh/VBRJP4n.png
2: https://www.androidauthority.com/lastpass-connect-861342/
This is brilliant. I love it!
Now please fix the licensing, make the core open-source, be a bit more transparent, and get audited. It would really inspire a lot more confidence in a tool whose target audience is currently the security paranoid crowd.
https://github.com/kryptco
Edit: I didn't realize that they publish the source code, but with a non-FLOSS license.
That's completely unfair. U2F was from the start designed to be rendered in this kind of form factor. "All" Krypton (and Duo, BTW) did was implement this obvious form factor.
U2F itself, was the hard problem.
And anyway, push 2FA has been around for approx. as long as U2F. It may not be obvious now, but U2F will ultimately die in favor of push. IMHO. (they each have strengths and weaknesses but overall push is better.)
As far as UX goes it's identical to the user.
That's why Krypton is better. It works everywhere U2F (an open spec) is supported, while the proprietary company solution is supported where the company has partnered
U2F has traditionally been distributed in the form of physical tokens. It's an open standard compared to Duo's.
(The rest is just copied off another comment I made down this thread)
But there in lies the difference. With Krypton, the company doesn't own your keys, you do. It's like Fiat vs Bitcoin.. only there's literally no difference in experience.
That's why Krypton is better. It works everywhere U2F (an open spec) is supported, while the proprietary company solution is supported where the company has partnered
You pair your phone and browser and then they can talk. Any time you want to log in through that browser it can talk to your phone and auth you automatically. For someone to exploit this, they'd need access to the computer with your browser.
So if your laptop gets stolen, yes this is a bad idea, but I think most people think that they can just revoke the browser's keys if if the laptop gets stolen and they are way more likely to have their phone stolen anyway.
1. Wait for user to sign in. 2. Intercept their sign in. 3. User: "Oh, it didn't work. I'll just try again." 4. User tries again and it works. Attacker is also logged in now.
Alternatively, at that point you could just inject JS into whatever website needed 2FA and do everything without the user noticing anything.
I typically authorize the host for three hours, meaning for the next three hours I don't have to Touch ID in again.
By reading the website it seems they are doing the same thing as Duo.
I would hope so. Anything less is not secure. (This is one of the basic "problems" with hardware authentication.)
However, the software model allows for pre-arranged cloud sync between multiple devices. Given how Krypton handles PGP/SSH this support isn't there, but there's no technical obstacle.
You just need a device that you tell it some master key, or that can export it for you. eg a true ($$$$$) HSM can do this, exporting keys that can [only] be imported to another device configured for the same security "world".
I charge $500/hr for security consulting, 1 week minimums, and am fully booked for months out. I have 20 years in security experience. I'd say I "get it".
I specialize in security UX.
Don't mistake my absolute position on what is secure vs what is usable and what will be used. In general I am a critic of U2F.
All the problems you have stated are real, and you are correct, however the way to overcome them is NOT to have the device keep/use the secret "insecurely". Watch Apple's blackhat talk from last year for some insight into the problem and a usability-friendly yet still secure approach.
It's a hard problem, not one that is going to be solved here on HN discussion.
Security is literally spending resources to protect something. Time is a resource. Space in your brain is a resource.
If I want to secure a city, I spend labor and materials to build a wall. If I want to secure my documents, I spend money on a safe. If I want to secure my emails, I spend brain space and time dealing with passwords.
You can argue that the resource <--> security tradeoff is too expensive and that being insecure is a better choice, but just because something is harder doesn't mean it's less secure. People make that choice every day. When someone reuses a password, they are choosing to not use brain space and instead be less secure.
Plenty of HSMs can export secrets. It's straightforward to have them make a regular export, encrypted such that only the backup HSM can read them.
Edit: You simultaneously made a comment saying almost exactly the same thing, so now I really don't understand why you would say anything less than "redo from scratch" is insecure. Is there an unstated assumption of "if you have no other device"? Because that was not clear at all.
What if I lose my phone?
Many websites require a backup two-factor authentication methods such as SMS and TOTP (authenticator 6 digit-code apps) even if you are using a U2F security key such as Krypton. For certain sites that allow U2F only (such as Google Advanced Protection), we recommend having a backup phone with separate Krypton U2F key setup or a physical hardware key that you store securely in somewhere.
We are actively building a robust account recovery service with partners to solve this problem and make U2F/WebAuthn a viable "single-factor" login system. We hope this will remove the need for these backup methods that make your account vulnerable to phishing attacks. We also see this as a major barrier to wide adoption of U2F/WebAuth/2FA so we are eager to solve this problem.
(although I can't access the <teams> section of the app on an iPhone 5SE)
On iOS it works for Google logins, see the blog post here: https://krypt.co/blog/posts/use-google-advanced-protection-w....
Is "zero touch" secure? How is it a second factor if it approves automatically? Yes, zero touch is safe. The security behind Krypton is established when you pair Krypton with your browser (via the extension) by scanning the QR code. This ensures that only your specific browser will be able to talk to Krypton. Krypton and your browser establish a secure cryptographic channel using keys that only your phone and computer have. There is NO trusted third-party.
Two-factor is simply a way to defend against compromised passwords. If someone knows your password and attempts to login then they'll be hit with a second-factor challenge. Since this attacker is remote and doesn't have access to your browser they won't be able to talk to Krypton.
It's listed in their docs.
That's a slight bummer because now there's another service dependency in your authentication flow. It's probably pretty rare that SQS will go down, but still is a bummer.
This is horrible. Now the security of it is tied to the security of the stuff they have running in Amazon. Which they probably don't publish source code for? Even if they do, you have no way to know that is what is actually running.
Not the mention reliability and availability concerns.
ah well, I had such high hopes.
So as long as the source code for both parts (browser-side and phone-side) is there, and you can audit that the code viewable is the code installed, this is pretty solid.
Of course the reliability and availability issue is still there.
I understand their argument about security vs. usability for laypeople as it's an age old one, but I think that applies better to situations where there's a marked tradeoff in principle.
Tapping just once or reaching for one's phone doesn't detract from usability. Quite the contrary, it's a common sense approach (and teaches common sense security posture) to give one's explicit agreement for authentication, U2F or otherwise.
Otherwise, the intended user base that zero-touch seems to target may end up being the same folks that question why it didn't work out of the box to protect their logins when their laptop gets physically compromised; since they assumed they didn't have to "understand or care about the differences between two-factor, U2F, or web authentication" in the first place, to quote the FAQ.
1. sharing a secret (which is bad, and possibly already compromised by the time it reaches your device (phone))
2. permanent attention to the domain. Remember similarities between the cyrillic a and latin a? (phishing, etc.)