This item <http://www.theregister.co.uk/2017/01/26/windows_code_signing_changes/> is about Microsoft adopting some recommendations from the “Certificate Authority Security Council” that code-signing keys should be embedded in special hardware devices, not simply kept as files on a regular computer. Apparently they are also suggesting some yet-to-be-defined “cloud-based service” as an alternative, which raises some questions. One of the commenters linked this article <http://www.pcworld.com/article/2846653/storage-for-spies-how-the-fips-standard-makes-data-extremely-hard-to-steal.html> which gives a good overview of hardware signing key devices that are certified to the various levels of the FIPS 140-2 standard. The idea is not a new one. But like most security techniques that are worth a darn, it can cause all kinds of irritations in practical use.