Yep, makes sense. And I get now how it is useful for that. I think it wasn't presented in that way, though (ability to use your Hive account on computers you don't trust), but rather as a new, standard way to log in, which didn't make sense to me as I didn't see how it improves the security of an app making a signing request directly to a wallet like Hive Keychain.
Well, there are many attacks for both desktop and mobile devices, and I would certainly not consider a mobile device as more secure than desktop. You can lose a mobile device, it can more easily get stolen, there are wifi attacks over insecure networks, all sorts of apps require all sorts of intrusive permissions, and so on. The typical protections like drawing a shape or similar to unlock the device wouldn't stop someone from either brute-forcing into your device or simply disassembling it and reading from its disk.
And, as an additional point, if you really care about security, it's not like you can install clean Linux on a mobile device and install only software packages you know and have checked, so that you only have open-source software on your machine and you know what everything does and how it works. This kind of thing is standard if you operate a server. And you would encrypt any sensitive information like passwords, you wouldn't at all store them as plain text. I don't know how you can achieve any of this basic level of security on a mobile device.
You can lose a mobile device [...] disassembling it and reading from its disk
As @stoodkev mentioned in his replies, keys stored in your phone are encrypted twice, first with your wallet password, then with your fingerprint signature. Should someone get access to your phone storage, he would need both your password and finger to decrypt it.
there are wifi attacks over insecure networks
All data traveling between your mobile and the HAS server are encrypted. Even the HAS server acting as a gateway has no idea of what's going on between the App and the wallet storing your keys (keychain)
If like me you had paranoid, you shouldn't use a mobile at all. These things have been designed to share information, not to secure it.
Moreover, you shouldn't use any front-end you didn't create yourself or fully analyze the source code and the infrastructure it runs on.
When it comes to having a little ease of use, sometimes you have to make a few compromises. In this case, HiveAuth may be an "acceptable" solution that, to the extent of what is feasible at the code, protocol and infrastructure level, does not compromise on security. Anyway, That's how I designed it.
Nothing is 100% secure, I guess you need to minimise the risks. If you have to use an untrusted computer, better use your mobile than entering the keys on that computer.
If the WIFI network is being sniffed, it's still OK because the keys are not being transmitted between the wallet and the frontend only the request and the signed content.
As for loosing the phone and the person brute forcing into the device, even if they read the disk, the keys would be encrypted in the local storage of the wallet app, I don't think Hive Keychain stores keys in plain text (@stoodkev let me know if I'm wrong). Some phones also have a protection system where you can remotely wipe the phone or it will self-wipe under brute force.
@arcange can also give more details regarding the security side of HiveAuth.
Yep, makes sense. And I get now how it is useful for that. I think it wasn't presented in that way, though (ability to use your Hive account on computers you don't trust), but rather as a new, standard way to log in, which didn't make sense to me as I didn't see how it improves the security of an app making a signing request directly to a wallet like Hive Keychain.
As @smooth mentioned it, you can't always trust your own computer either: virus, malware, keylogger, hack etc...
Well, there are many attacks for both desktop and mobile devices, and I would certainly not consider a mobile device as more secure than desktop. You can lose a mobile device, it can more easily get stolen, there are wifi attacks over insecure networks, all sorts of apps require all sorts of intrusive permissions, and so on. The typical protections like drawing a shape or similar to unlock the device wouldn't stop someone from either brute-forcing into your device or simply disassembling it and reading from its disk.
And, as an additional point, if you really care about security, it's not like you can install clean Linux on a mobile device and install only software packages you know and have checked, so that you only have open-source software on your machine and you know what everything does and how it works. This kind of thing is standard if you operate a server. And you would encrypt any sensitive information like passwords, you wouldn't at all store them as plain text. I don't know how you can achieve any of this basic level of security on a mobile device.
As @stoodkev mentioned in his replies, keys stored in your phone are encrypted twice, first with your wallet password, then with your fingerprint signature. Should someone get access to your phone storage, he would need both your password and finger to decrypt it.
All data traveling between your mobile and the HAS server are encrypted. Even the HAS server acting as a gateway has no idea of what's going on between the App and the wallet storing your keys (keychain)
If like me you had paranoid, you shouldn't use a mobile at all. These things have been designed to share information, not to secure it.
Moreover, you shouldn't use any front-end you didn't create yourself or fully analyze the source code and the infrastructure it runs on.
When it comes to having a little ease of use, sometimes you have to make a few compromises. In this case, HiveAuth may be an "acceptable" solution that, to the extent of what is feasible at the code, protocol and infrastructure level, does not compromise on security. Anyway, That's how I designed it.
Nothing is 100% secure, I guess you need to minimise the risks. If you have to use an untrusted computer, better use your mobile than entering the keys on that computer.
If the WIFI network is being sniffed, it's still OK because the keys are not being transmitted between the wallet and the frontend only the request and the signed content.
As for loosing the phone and the person brute forcing into the device, even if they read the disk, the keys would be encrypted in the local storage of the wallet app, I don't think Hive Keychain stores keys in plain text (@stoodkev let me know if I'm wrong). Some phones also have a protection system where you can remotely wipe the phone or it will self-wipe under brute force.
@arcange can also give more details regarding the security side of HiveAuth.
The keys stored are encrypted at least once with the PIN, twice if using biometrics.