Comment by the__alchemist

Comment by the__alchemist 20 hours ago

19 replies

View on Hacker News

I'm perpetually worried (and partially prepared) for this sort of scenario, as more of my accounts require 2FA. I dread the day I lose or break my phone, have my items stolen, there's a weather disaster etc. I try to make my hobby repos public and/or backed up in multiple places as a hedge.

commandersaki 16 hours ago

All my digital life is sorted with a password manager that sync's in a cloud (I know some consider this an anti-feature). I guess OP probably had to disclose information to someone (s)he trusts when going to prison and that trust was abused.

Reply View 0 replies
jopsen 19 hours ago

Print out 2FA codes and bury them somewhere.

It's not that hard, and you feel like a proper spy doing it ;)

Reply View 5 replies
  • vorpalhex 17 hours ago

    Please don't depend on this. Paper does not like moisture and soil is full of it.

    Use an escrow or custodian (lawyer, bank, etc).

    Reply View 4 replies
    • thesmok 2 hours ago

      Paper inside a plastic bottle will be fine.

      Reply View 1 reply
      • vorpalhex an hour ago

        Soil is acidic, and soda bottles are meant to keep their seal for a two years, not a decade.

        Reply View 0 replies
    • DengistKhan 9 hours ago

      laminate?

      Reply View 1 reply
      • vorpalhex an hour ago

        Is your laminate rated to be in constant soil contact for however many years you need to hold onto a backup code for?

        Reply View 0 replies
zdragnar 20 hours ago

Yubikey in a safe deposit box is about as good as we can get, at least for the services that allow it.

Reply View 6 replies
  • Arrowmaster 16 hours ago

    The problem with this tactic is the need to go get the Yubikey every time you make a new account.

    Reply View 2 replies
    • e40 an hour ago

      Store only the backup key. It would be crazy to have a single key.

      Reply View 0 replies
    • 1attice 12 hours ago

      Actually, this is now a solved problem. Root-of-trust pattern.

      - Use Bitwarden or similar

      - Set BW to recognize the Yubikey as one (of several, incl. TOTP ('Authenticator') code) second factor.

      - On all other sites and services, generate passkeys (which are essentially virtual yubikeys) and save them in BW.

      - In BW, save the password and TOTP. BW itself, on another device (or in a separate incarnation - e.g. the desktop app when authenticating the browser extension) is now your everyday means of authenticating to BW.

      - BW-stored passkey is now your standard means of authentication for e.g. GitHub, Google, etc

      - Put the yubikey in a safety deposit box

      - Bravo, you have a very professional trust system

      Reply View 0 replies
  • aitchnyu 18 hours ago

    Can we use multiple Yubikeys for a service?

    Reply View 2 replies
    • kameit00 17 hours ago

      I use 2 yubikeys. I registered both on multiple services. So… yes, it is possible. One key is a backup if the other key stops working.

      Reply View 0 replies
[removed] 19 hours ago
[deleted]
Reply View 0 replies
IlikeKitties 20 hours ago

Just do as I do and keep all the 2FA TOTP Codes in your keepass.

Reply View 0 replies
manbash 20 hours ago

Don't you have a 2FA Recovery Code?

Reply View 2 replies
  • georgel 20 hours ago

    Far too many of the critical services (banks) still only offer SMS 2FA.

    Reply View 0 replies