|
Top-level
 The funniest part is that no matter how many security factors we use to replace passwords (two factor auth, passkeys, security keys, etc) there's always a backup that's just another password. #twoFactorAuth #2fa #password #auth #authentication #security #passkeys #webauthn #fido2 #passkey #passwords 8 comments
 @adr I use a USB stick, but I print a paper copy too as a backup in case the flash memory burns out. @schizanon I struggled with this a lot. I wanted to be able to recover my digital life if itโs just me, standing alone, with none of my worldly possessions (house fire, luggage stolen, whatever). Ultimately that means cloud. No way around it. I minimized my risk by using a file-based password manager, and a separately also encrypted e2e sync service. Only I know the password to the file, but a close friend can help me get back into the sync service. (1/2) The main risk vector would be a malicious payload to the password manager or other software on my computer. (2/2) @schizanon There are a couple of exceptions - usually opt-in (like Google's Advanced Protection Program - they make you register a minimum of two security keys, and require active Google intervention to recover if you lock yourself out.) @schizanon I use zero knowledge access. I just make passwords impossible to remember, then reset them with my email every time. Only my email needs to be secure. This is a good plan, right? Right??  |
Gregory's Server
Where do you keep your two-factor auth backup codes?
#2fa #security #twoFactorAuth