They'll need to be resistant to threats and bribes, so it will be difficult to have these on-site at the library.
I think we've overlooked an option. Note that the article's objection to FIDO keys was financial, not UX. This sort of confirms the hunch I got when first playing with them: "hey, the key metaphor is so strong and intuitive that these might be even better than passwords for people with low tech literacy." I held off on saying anything until their compatibility actually lived up to the hype, which IIRC only happened in 2020 (all major browsers, all major platforms, by default), but it did happen.
As for the financial barrier, yeah, it's wild that these are still $30/ea on Amazon. Can they be bought cheap in bulk? Or does the market need some aggressive new entrants? In any case, they are "near practical" and the shove needed to make them "very practical" is probably 100x smaller than, say, creating a Central Bureau of A12N.
It is not uncommon for unhoused people to lose all their possessions, so even if purchasing multiple hardware security keys wasn't a huge financial hurdle, the recovery model I use (Yubikey on my keychain, two in my safe, mail one to my parents) falls apart for those on the margins of society. If email is an essential service in modern society, recovering access to it from some first principle of identity is essential. I don't have an easy answer for how to do that, but I also don't have a trillion dollar market cap.
That's true, we still need a good last-ditch fallback. FIDO could still save a lot of people from the hard login screen, the phone number gotcha, and the need to become literate in information-keys. Last-ditch fallback becomes a lot more viable at any given expenditure level if it doesn't have to serve as the primary authentication mechanism for half of the library's elders.
The CEO of Fastmail, a company which deals directly with the ID problem as an email provider with customer service, has made some insightful comments on this:
> They'll need to be resistant to threats and bribes, so it will be difficult to have these on-site at the library.
That's why I mentioned things like APP: some people do have a threat model where that's realistic but it's a much smaller number than the people who are inconvenienced by being locked out so it seems like it'd be a net-win for most people to be able to get unlocked easily. There are also ways to mitigate some of that risk like having notifications for all actions with an easy way to report unapproved requests, geographic restrictions, enforced MFA for the civil servant (“tap your FIDO token to approve this request”), rate-limiting, etc. which are all bread-and-butter tasks for one of the major tech companies.
The other thing I think is relevant here is the degree to which things fall back on civic authorities anyway — e.g. Facebook's process where they require scans of your government ID or the various ways you can report a deceased relative. It seems to me like it'd be better to embrace that and work better together rather than pretending there isn't already a fairly large trust relationship.
How about: the library gets a few Yubikeys and offers to let people register their accounts with them as backup? So, if they get into trouble they can ask the library to unlock their account for them?
This essentially grants the librarian what they think they should be able to do.
But the next step would be to figure out how to reduce the risk that this system can be abused.
They'll need to be resistant to threats and bribes, so it will be difficult to have these on-site at the library.
I think we've overlooked an option. Note that the article's objection to FIDO keys was financial, not UX. This sort of confirms the hunch I got when first playing with them: "hey, the key metaphor is so strong and intuitive that these might be even better than passwords for people with low tech literacy." I held off on saying anything until their compatibility actually lived up to the hype, which IIRC only happened in 2020 (all major browsers, all major platforms, by default), but it did happen.
As for the financial barrier, yeah, it's wild that these are still $30/ea on Amazon. Can they be bought cheap in bulk? Or does the market need some aggressive new entrants? In any case, they are "near practical" and the shove needed to make them "very practical" is probably 100x smaller than, say, creating a Central Bureau of A12N.