this post was submitted on 05 Aug 2023
1 points (100.0% liked)

Information Security

230 readers
1 users here now

founded 1 year ago
MODERATORS
[email protected]
1
Smart card/Yubikey labeling - yay/nay? (infosec.pub)
submitted 1 year ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

Now ever since I got a label printer I made it a habit to... well... label everything. It's been the a gamechanger in organizing my stuff.

This habit includes having a tiny label with my street address and mail address on most any item that I loan away or tend to regularly lug around with me as a general reminder of ownership. I forget about and lose stuff all the time, so this gives me some piece of mind with most of my medium-value little gadgets. I believe (and have experienced) that people are generally decent and will return lost stuff to me if it's easy for them to find out to whom it belongs.

Now it has occurred to me that this practice might be detrimental when applied to a smart cards in general and my Yubikeys in particular. After all, shouldn't a lost Yubikey be considered "tampered with/permanently lost" anyway, whether it's returned or not? And wouldn't an Email address on the key just increase the risk of some immediate abuse of the key's contents, i.e. GPG private keys, that would otherwise not be possible?

Or am I overhtinking this?

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 6 months ago

Do you have a throwaway email address that could be used instead, not connected to the accounts on that smartcard/yubikey? Perhaps put a phone number or PO box with the message "if lost please call/send to". This worked for me in a major city, where I dropped my swipe badge and transit card. A nice gentleman called me & we met up a block away to pass it back. I then verified the access has not been tampoered with, and asked for new cards (just in case).