Why don't PGP and SSH keys see more widespread use as a second factor when authenticating?

Let's check out what PGP and SSH actually offer for this purpose:

  • PGP:
    Client must install PGP software which is not installed by default in the majority of the systems. Client must create a PGP key pair. Then he must send the public key to the server so that the server can use it later for validation. When authenticating with 2FA the server will send a challenge which the client must sign with its private key and send the signed challenge back as response. Of course the client must protect its key against theft, maybe with a password.
  • SSH:
    Client must install the SSH software which is not installed by default in the majority of the systems. Must create key pair and send the public part to the server. When authenticating with 2FA against some web service the client must create a SSH connection to a related server and the server must merge the successful authentication using SSH and the login to the website somehow together, maybe with some additional token the client has to give after using SSH. And oops, there might be a firewall in the way blocking SSH. And of course client must protect key against theft.

Thus essentially both solutions boil down to:

  • initially install some software
  • create a static key pair and publish the public part (this might be integrated into the software for convenience but is currently not)
  • somehow get a challenge from the server and somehow send the signed challenge back. And somehow the server must integrate validation of the challenge into the authentication process. "somehow" because there is no already established process for this which integrates everything with the authentication flow used in web applications.
  • and of course the client must protect its key

The same procedure can be much easier done with a client site TLS certificate. This still leaves creation of the certificate as a major problem (but this is possible within the browser too today) but at least the validation is integrated into the HTTPS protocol already.

Additionally I cannot see how these solution provide a better user experience or integration experience than existing 2FA solutions. They are not easy to use, require additional software, require new ways to integrate with the server side etc. And they do not provide a better security either. So why care and not take the newer solutions which were designed with usability and server integration in mind?

Apart from that the current cheap 2FA solutions make use of a mobile phone. These provide usually a better security architecture than current PC's. And they are an additional hardware device the user must have access to which makes the protection offered by 2FA stronger.


Lack of portability

SSH and PGP are widely used, but they are not web technologies. There has been an equivalent web technology for many years - SSL client certificates. However, this is not much used.

The reason is the lack of portability. If you have an SSL client certificate on your home desktop, it's difficult to move it somewhere else. So you can't login from your work laptop, your mother-in-law's desktop, etc.

There is a portable client certificate solution that has been around a long time and is very high security: smart cards. The private key is stored in the smart card and never released. However, this has mostly seen use in high security applications, such as corporate online banking.

Over the early 2000s there was limited innovation around authentication. Efforts aimed at the mass market, like Microsoft Passport and OpenID, didn't really take off. Most products were aimed at the high-end: corporate VPN access, etc. This is now changing, and we're seeing innovation in mass market authentication. For example:

  • Mozilla persona - Essentially makes a client certificate portable by storing it in the cloud. Years ago this would have been rejected as a crazy idea, but in recent times the threat model is better understood and the benefits are apparent.

  • U2F - Brings the high-security of smart cards to the mass market. The devices are more portable, and it's safe to use one device on many different web sites. So U2F is a technology that nicely fits modern usage patterns - hence it's success.


Because additional auth factors should, ideally, be out of band. Like a phone, or token, or some kind of telepathic message.

U2F is good because you CAN'T extract the private key and it requires a physical touch to the device before it will sign.