The portable identity people always, inevitably forget one simple truth: the identity and the means of accessing it should be separable. I've explained them way too many times that a public key is not a viable form of identity. They still keep insisting on using public keys as identifiers.
The fatal flaw of the use of cryptographic keys for identity is that
- Once leaked, it can't be revoked to prevent further unauthorized access and impersonation
- Once lost, it can't be recovered and a new key pair, thus a new identity, is required
This stuff is non-negotiable really. I worked at VK, they have an entire department dedicated to restoring people's access to their accounts. People are terrible with passwords and they will be even more terrible with private keys.
@grishka @cwebber The thing about private keys is that you have to tell people:
- don't lose it ever so make backups
- make sure nobody ever gets to see it
These two things are hard to do together, particularly for non-tech people.