Now ever since I got a label printer I made it a habit to… well… label everything. It’s been the a gamechanger in organizing my stuff.

This habit includes having a tiny label with my street address and mail address on most any item that I loan away or tend to regularly lug around with me as a general reminder of ownership. I forget about and lose stuff all the time, so this gives me some piece of mind with most of my medium-value little gadgets. I believe (and have experienced) that people are generally decent and will return lost stuff to me if it’s easy for them to find out to whom it belongs.

Now it has occurred to me that this practice might be detrimental when applied to a smart cards in general and my Yubikeys in particular. After all, shouldn’t a lost Yubikey be considered “tampered with/permanently lost” anyway, whether it’s returned or not? And wouldn’t an Email address on the key just increase the risk of some immediate abuse of the key’s contents, i.e. GPG private keys, that would otherwise not be possible?

Or am I overhtinking this?

  • splendoruraniumOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If you lost your house key what would you do

    Depends on the circumstances. I mean, if forgot them in a restaurant only to get an Email from the proprietor or another customer 1h later to come and pick them up then I certainly wouldn’t assume them compromised and change all my door locks. I’d just be happy to have them back.
    What would you do?

      • splendoruraniumOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Change my locks because it’s easy to do and prevents additional future stress

        Out of curiosity: what’s the maximum time you’d be willing to leave your house keys out of sight without changing your locks afterwards? Surely at some point the cost in time and money of changing your locks exceeds the utility of (Security-remains-uncompromised times likelihood-of-security-having-been-compromised-by-incident-in-the-first-place)?
        I’m uncertain whether I expressed that correctly but surely there’s a spectrum here.

        • stevedidwhat_infosec
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site.

          Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc

          Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

          • splendoruraniumOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site. Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

            Thanks for the input!