Now ever since I got a label printer I made it a habit to… well… label everything. It’s been the a gamechanger in organizing my stuff.

This habit includes having a tiny label with my street address and mail address on most any item that I loan away or tend to regularly lug around with me as a general reminder of ownership. I forget about and lose stuff all the time, so this gives me some piece of mind with most of my medium-value little gadgets. I believe (and have experienced) that people are generally decent and will return lost stuff to me if it’s easy for them to find out to whom it belongs.

Now it has occurred to me that this practice might be detrimental when applied to a smart cards in general and my Yubikeys in particular. After all, shouldn’t a lost Yubikey be considered “tampered with/permanently lost” anyway, whether it’s returned or not? And wouldn’t an Email address on the key just increase the risk of some immediate abuse of the key’s contents, i.e. GPG private keys, that would otherwise not be possible?

Or am I overhtinking this?

    • splendoruranium@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      If you lost your house key what would you do

      Depends on the circumstances. I mean, if forgot them in a restaurant only to get an Email from the proprietor or another customer 1h later to come and pick them up then I certainly wouldn’t assume them compromised and change all my door locks. I’d just be happy to have them back.
      What would you do?

        • splendoruranium@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Change my locks because it’s easy to do and prevents additional future stress

          Out of curiosity: what’s the maximum time you’d be willing to leave your house keys out of sight without changing your locks afterwards? Surely at some point the cost in time and money of changing your locks exceeds the utility of (Security-remains-uncompromised times likelihood-of-security-having-been-compromised-by-incident-in-the-first-place)?
          I’m uncertain whether I expressed that correctly but surely there’s a spectrum here.

          • stevedidwhat_infosec@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site.

            Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc

            Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

            • splendoruranium@infosec.pubOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site. Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

              Thanks for the input!

  • IrishMASMS@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Do you have a throwaway email address that could be used instead, not connected to the accounts on that smartcard/yubikey? Perhaps put a phone number or PO box with the message “if lost please call/send to”. This worked for me in a major city, where I dropped my swipe badge and transit card. A nice gentleman called me & we met up a block away to pass it back. I then verified the access has not been tampoered with, and asked for new cards (just in case).

    • splendoruranium@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      PO box or phone number are not an option around my parts, unfortunately, but a simple email alias is a rather obvious solution that I’m embarrassed to not have considered.