Pin entry through app on mobile phone (iOS)

[hoijnet]

Missing feature

Allow pin entry through app on mobile phone, with notifications, through bluetooth.

Justification

Compared to #348, an app on a mobile phone is considered relatively secure. Leveraging the BLE functionality, it would be awesome to get a notification on the phone and use face/touch id or fingerprints for login, compared to the current jogwheel function that could be snooped by camera.

I would argue the security model of setting up an approval mechanism could be made more secure and with less hassle compared to the current jogwheel pin entry.

Alarm systems and similar security systems allow pin entry and approval of activities via the mobile phone and/or touch id. The device would become significantly more user friendly (and thus increase security usefulness) with a bluetooth-connected user interface in the phone.

I find that mobile phone security model probably be more trustworthy compared to the pervasive risk of key loggers in current operating systems. Integrating with mobile phone operating system authentication should improve the security posture of such a mobile phone implementation even more.

Workarounds

Use the jogwheel.

[CGuy-1]

... app on a mobile phone is considered relatively secure.

I would disagree with that statement. I was trained in information system security and what you are proposing would significantly reduce the security of the Mooltipass.

The Mooltipass gets much of its security by having the input as part of the physical device eliminating many attack vectors.

I could see one way that would be less dangerous, the Mooltipass implemented Passkeys to bypass entering the PIN on the device. This could be enabled after the user has successfully inserted their card and PIN and the card has not been removed. The passkey could allow the Mooltipass to login without re-entering the PIN. You could use your phone or a Yubikey for this. Having the user enter their PIN just once after the card is inserted and allowing a passkey afterwards until the card is removed would probably be more secure than an app installed.

[hoijnet]

I see your points, they help a lot. I think there are multiple reasons users choose the Mooltipass. I tried going all in on the multipass but it was not a viable option due to the hassle with logins and approvals (tried over months) and had to resort to a dual setup: credentials I'm willing to risk by using a traditional password manager, and other credentials I want to keep on hardware.

Implementing an easier pin entry solution would enable more usefulness of the device.

My personal use case was originally to not process my password database in a general purpose computer due to the attack vectors; and enjoy a dedicated hardware for it.

It proved harder cognitively than I could imagine, passwords must be easy to use, but secure. Some passwords I would like to have protected by physical pin (such as a dedicated store, or configurable per item), but most would just require a phone approval or as you suggest, a yubikey tap (really like that idea, it would be super neat!).

I find the passkeys idea superb, it would help a lot for many cases and could be the mechanism.

If it's for the duration of the card insertion and over the restarts/shutdown, I think it's a great option! That way I know when I remove the smartcard, the device is guaranteed to be locked. I really like that!

[CGuy-1]

I also find the PIN entry to be a long process when it timed out which is why I set the Inactivity Timer to 30 minutes. In the short term they could add extra choices for 60 min, 90/120/Always On, etc. In my case, I work from home most days so I don't worry about it being on, when I leave I just pull the card.

Tapping a Yubikey would be really cool for ease of use.

For my unimportant sites/apps I use a S/W password manager for speed but the two are always fighting each other. I've been using mine daily since the Kickstarter campaign and for important things like banking, email, Amazon, PayPal, work, etc. it's all I use, for random web sites that don't have any personal info I'll use the S/W solution.

[My1]

currently as far as I know my MP generally doesnt ask for PIN unless I pull the card out, Moolticute even has a new setting to disable locking the MP when locking your PC, which is convenient, but obviously needs a level of awareness of your MP.

and yes, passkeys and stuff dont ask for an additional pin