Post ACL5pop2C2Rz3G7yvQ by lenzj@fosstodon.org
(DIR) More posts by lenzj@fosstodon.org
(DIR) Post #ACKQWb0VEjosaACuOG by Metruzanca@fosstodon.org
2021-10-13T17:19:24Z
0 likes, 0 repeats
Genuine question:I don't have 2FA on my password manager out of fear that if I loose my phone, I'd lock myself out of everything. I know I should have 2FA, but then to problem is shifted to keeping the backup codes safe.So how do you guys go about keeping your backup codes safe but reasonably accessible?#security #cybersecurity
(DIR) Post #ACKcH5pu2vmX0tci7U by samir@fosstodon.org
2021-10-13T19:31:04Z
0 likes, 0 repeats
@Metruzanca Print them out if you can.
(DIR) Post #ACKdKrioZ5BiLpfdEu by proactiveservices@fosstodon.org
2021-10-13T19:42:56Z
0 likes, 0 repeats
@Metruzanca I keep a separate database of 2FA and account recovery codes / "insecurity questions" that is left unplugged when not used, kept in a safe place. Also don't underestimate the security of a written copy of secrets. Not easy to hack a sheet of paper.
(DIR) Post #ACL5pop2C2Rz3G7yvQ by lenzj@fosstodon.org
2021-10-14T01:02:17Z
0 likes, 0 repeats
@Metruzanca There are apps such as Aegis, that allow you to back up your 2FA in case you lose your phone.https://f-droid.org/en/packages/com.beemdevelopment.aegis/
(DIR) Post #ACLKNzYOCNjZXTX0Cm by PoCampo@fosstodon.org
2021-10-14T03:45:19Z
0 likes, 0 repeats
@Metruzanca I've printed hard copies and stored them away in a safe place.
(DIR) Post #ACMPYdfeaoDhmimkme by Metruzanca@fosstodon.org
2021-10-14T16:18:00Z
0 likes, 0 repeats
@lenzj I use Aegis as my code app but backups don't answer my question. As you still need to keep those backups in a safe location. With "safe" being vague and the examples they give you are dumb. Storing your backups on cloud... That's dumb as if you loose access to your authenticator app how exactly are you expected to access the backups?
(DIR) Post #ACMPcVyl8I6f5TZOsq by Metruzanca@fosstodon.org
2021-10-14T16:18:42Z
0 likes, 0 repeats
@PoCampo what do you define as "safe place" in your home or do you say give them to very trusted friends and family?
(DIR) Post #ACMSBQW3dSd0Biv6aO by kenny@social.kennyqin.com
2021-10-13T20:31:57.496873Z
0 likes, 0 repeats
@Metruzanca my TOTP codes are replicated across multiple devices and backed up to an encrypted drive. My backup codes are stored in my password manager because the odds of needing them is extremely low and I feel confident about the security of my password manager.
(DIR) Post #ACMSBR3jcFZBsAg04u by Metruzanca@fosstodon.org
2021-10-14T16:47:24Z
0 likes, 0 repeats
@kenny this is similar to how I do things. I use an encrypted syncthing folder to replicate things like my backup codes across my devices. But I was still weary about putting the codes to my password manager (and everything else) in my password manager as then if you get access to my password manager you also get the 2FA codes.
(DIR) Post #ACMSDgbYmyDOfKZTbE by PoCampo@fosstodon.org
2021-10-14T16:47:50Z
0 likes, 0 repeats
@MetruzancaSmall home safe. In my case, I wouldn't give it to anyone else.
(DIR) Post #ACMqL7VJZf2R1FjAi8 by SciencePhysicist@fosstodon.org
2021-10-14T21:18:05Z
0 likes, 0 repeats
@Metruzanca I have a backup of my Aegis database encrypted on my home server
(DIR) Post #ACO7oyaDCQkiPwngci by lenzj@fosstodon.org
2021-10-15T12:08:41Z
0 likes, 0 repeats
@Metruzanca I use the setting in Aegis to create regular backups in a chosen folder on my phone. Then I also use #syncthing to automatically keep that folder mirrored to my personal server located at my residence. The other option is to connect your phone to your computer via USB cable and copy over the backup files manually.
(DIR) Post #ACOC1XGcTF6BHOseSe by liberation@fosstodon.org
2021-10-15T12:55:47Z
0 likes, 0 repeats
@Metruzanca1. Save the backup code on an external disk2. Save the backup code on an offline laptop3. Print the code and put into a physical folder