“I agree that I am boned.” – Richard Conway, Gunpoint.

I was reading about the recent gmail password dump and, while chasing links, ran across this Lifehacker article on the subject of password security. It suggests the use of password generators and managers to ensure that all sites have different, unguessable passwords. That’s reasonable enough, I suppose, if a bit of a hassle and probably outside the capabilities of the average user. I think I have a better idea: Why aren’t we using ssh-style keypairs for web logins?

I am beginning to think that passwords, as a web security mechanism, are boned by default. They require recognizeable patterns to be memorable, and if they have a recognizeable pattern, password crackers can home on that pattern as soon as they know what it is. If you share them among sites, breaking in to one site compromises your account on others. If you don’t, remembering all the different passwords is difficult to impossible.

Contrast with keypairs: You don’t have to remember anything if you don’t want to. If you choose to use a passphrase, you only need one. Breaking into a site you use compromises nothing. The public key that the site has for you is nearly useless to an attacker; they would need to root your personal machine to get the private one.

Two factor authentication is making some headway, from what I’ve heard, but in my experience it’s a significant hassle, and you still need to manage passwords. I’m envisioning something more like this: You keep a single keyphrase-protected private key on your local machine (or a usb stick, or whatever). You enter it once, when you start browsing for the day. All website logins work transparently. The process would be a bit like using ssh-agent. The passphrase itself never goes out over the wire; websites only have your public key, perhaps signed by a third party like SSL certificates. Even giving your passphrase away for a candy bar is less damaging, albeit still a non-optimal idea.

It even makes life easier for users, who only need to remember one (optional) credential, and no longer need to explicitly log in to individual sites.

Here are some objections I can think of off the top of my head. There are probably more. I can’t be the first person to have thought of this; similar issues are behind the push for two-factor auth, I’m sure:

If an attacker roots my PC, they will get access to everything through one key. This happens all the time.

Yes. They will, and it does. But that is no worse than the situation with passwords; an attacker can pull any cached passwords directly and get the rest by keylogging. If you use a key passphrase, they at least have to keylog to get anything.

What if I move around machines regularly?

Put your key on a USB stick. It’s not a perfect solution, since public computers don’t always allow access to USB devices. I’m not sure what to do about this, but note that the objection applies just as well to password managers.

What if my key is compromised?

You generate a new one and revoke the old one. I’m not sure if this is harder or easier than, say, a password manager’s database getting compromised. I’m not that familiar with the details of how key revokation works for things like SSL or PGP, but it’s probably easier than changing dozens of randomly-generated passwords.