Now ever since I got a label printer I made it a habit to… well… label everything. It’s been the a gamechanger in organizing my stuff.

This habit includes having a tiny label with my street address and mail address on most any item that I loan away or tend to regularly lug around with me as a general reminder of ownership. I forget about and lose stuff all the time, so this gives me some piece of mind with most of my medium-value little gadgets. I believe (and have experienced) that people are generally decent and will return lost stuff to me if it’s easy for them to find out to whom it belongs.

Now it has occurred to me that this practice might be detrimental when applied to a smart cards in general and my Yubikeys in particular. After all, shouldn’t a lost Yubikey be considered “tampered with/permanently lost” anyway, whether it’s returned or not? And wouldn’t an Email address on the key just increase the risk of some immediate abuse of the key’s contents, i.e. GPG private keys, that would otherwise not be possible?

Or am I overhtinking this?

  • @splendoruraniumOPEnglish
    111 months ago

    If you lost your house key what would you do

    Depends on the circumstances. I mean, if forgot them in a restaurant only to get an Email from the proprietor or another customer 1h later to come and pick them up then I certainly wouldn’t assume them compromised and change all my door locks. I’d just be happy to have them back.
    What would you do?

    • @stevedidwhat_infosecEnglish
      111 months ago

      Change my locks because it’s easy to do and prevents additional future stress

      • @splendoruraniumOPEnglish
        111 months ago

        Change my locks because it’s easy to do and prevents additional future stress

        Out of curiosity: what’s the maximum time you’d be willing to leave your house keys out of sight without changing your locks afterwards? Surely at some point the cost in time and money of changing your locks exceeds the utility of (Security-remains-uncompromised times likelihood-of-security-having-been-compromised-by-incident-in-the-first-place)?
        I’m uncertain whether I expressed that correctly but surely there’s a spectrum here.

        • @stevedidwhat_infosecEnglish
          211 months ago

          Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site.

          Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc

          Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

          • @splendoruraniumOPEnglish
            111 months ago

            Yeah that’s true, it also depends where I left my keys, it’s not just that they’re out of site. Left in high traffic areas, if I were an especially risky individual (c-suite, management, etc), is it normally a high traffic area that was only low traffic due to the time (lurkers waiting to scrape up what they can after it’s quieted down), etc etc Really it’s gonna boil down to how risky I interpret the situation to be at the time, etc

            Thanks for the input!