<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Dec 5, 2017 at 1:00 AM, Alexandre Anzala-Yamajako <span dir="ltr"><<a href="mailto:anzalaya@gmail.com" target="_blank">anzalaya@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>While I think it is a good advice for browser I don't know that it is valid for keys. Key management is hard. There is no reason to keep 2 sets of keys if you manage them similarly. So basically while we already suck at handling one set of keys you re advocating handling 2 sets of keys separetaly. And then use the second set while it might have very well been compromised.</div><div>Not a good advice IMHO<span class="gmail-HOEnZb"><font color="#888888"></font></span><font color="#888888"><div class="gmail_extra"><div class="gmail-m_3475225556000244054gmail_signature"><span style="color:rgb(34,34,34)"></span></div></div></font></div></div></blockquote><div><br></div><div>I agree that this is not perfect advice. I would backtrack to the "Key management is hard" bit.<br>Key management is situational. Key loss is more difficult than key compromise for most.<br>I have an 84 year old neighbor and I have advised her to put her email passwords on paper <br>in an easy to find place. <br>Her brother's cell phone is a recovery resource for her online accounts he also has </div><div>power of attorney over most of her life.<br>Key management is situational.<br><br>Phones, that is also a tangle, they are used for more and more multi part auth schemes.<br>What if her brother's phone is lost? His and her data is at risk.<br>A phone is a single device and a single battery that is always bouncing off <10% when you need<br>it most. Stolen phones have a market even if it is to scrap and grab the screen for 3rd party repair. <br>I keep all my old phones and have Google, Microsoft and other authenticators active on at least</div><div>one of the old devices.<br><br>A business today needs to think very hard about personal devices that unlock business <br>secrets. As a minimum is there a sturdy locker for each employee big enough to hold </div><div>laptops, expensive stuff or sensitive bits during lunch. How is a personal device's key set transfered </div><div>back to the company.<br> </div></div>I now have chargers in my car for my phone and friends with different plugs. <br><br>I have been keeping a multitude of do I remember things on an encrypted text<br>file. I have been using blowfish2 for low value mumble foo stuff. I like the </div><div class="gmail_extra">handy way vim and its link view allow me to organize and access random cruft that<br>Password Safe (tm) is slightly difficult to work with. I can email myself or </div><div class="gmail_extra">scp the file to multiple devices as needed. Vim runs on an iPhone and an older version<br>of vim with only blowfish runs on Android. <br><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>