Hardware keys work well in place of a phone, and are in some ways significantly more secure depending on how U2F is implemented.
Some of the problem remains: If the user forgets their password the second factor won’t help them, and that includes the backup keys.
I’ve read the letter, and I see the massive problem, but I don’t think it’s been fully solved yet.
Q: “How do we remotely authenticate a single user, in a way that cannot be forged, without relying on their memory?”
There are solutions to every part of that sentence, but I do not know of one that solves it entirely.
They could write their password down, but then they’re exposing themselves to the obvious risk of it being stolen. You could trust the librarian in a 2-of-3 system, but this seems very easy to abuse by the library staff.
Genuinely not sure of how this is solved.
A cryptographically-strong biometric key store at the library (e.g. finger-print or face scanner) that will only authenticate a physically present user and release a FIDO signature that could then be used in a multisig authentication?
Ctrl + F => "bio" and this comment was the only result out of 100+. Surprising!
I think biometrics sounds like the best solution. YubiKeys will get lost/damaged/stolen and then you're back to square one. With biometrics you shift the burden of paying for and managing hardware onto the library and individual users don't need to be responsible for anything.
Of course this doesn't solve the issue of the user who is already locked out, but librarians could at least proactively enroll users who have access to their account in order to prevent the issue from happening in the future.
Some of the problem remains: If the user forgets their password the second factor won’t help them, and that includes the backup keys.
I’ve read the letter, and I see the massive problem, but I don’t think it’s been fully solved yet.
Q: “How do we remotely authenticate a single user, in a way that cannot be forged, without relying on their memory?”
There are solutions to every part of that sentence, but I do not know of one that solves it entirely.
They could write their password down, but then they’re exposing themselves to the obvious risk of it being stolen. You could trust the librarian in a 2-of-3 system, but this seems very easy to abuse by the library staff.
Genuinely not sure of how this is solved.
A cryptographically-strong biometric key store at the library (e.g. finger-print or face scanner) that will only authenticate a physically present user and release a FIDO signature that could then be used in a multisig authentication?