Reflexion on password recovery strategy, 2FA and OTP
Hi,
For years I've been using a password manager to remember my passwords. They are all randomly generated and unique for each services. Great ! Basically the only password I know is my 1Password master password. I feel secured 8-)
I've enabled 2 factors authentication everywhere I could : my Apple account with their proprietary system, Google, Facebook, etc. (with one time password whenever possible, if not SMS). I may mix up 2 factors and 2 steps here, sorry.
Anyway, any access I have to any service depends, at the end, on my phone : 1Password for the password and 2FA / 2 steps to confirm the access.
NOW, what if, while traveling, I suddenly lose my phone ? I won't be able to login to Google or Outlook.com, neither login do Dropbox. Basically I won't be able to contact anyone (no access to email or contacts).
What are your recommandations in this type of situation ? I came to the conclusion that my phone is a single point of failure and losing it would be catastrophic !
Any thoughts ?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I assume that this situation can only happen while traveling, because my home and work computers have a copy of my 1Password vault and I can easily get a sim card replacement in my country.
0 -
I now have the family subscription, but when I used Dropbox, I kept the password for that on a piece of paper hidden. All the paper had was the password, no login, no more info, nothing. You can do this same idea in your wallet or something. No one is going to know what "adjfrhauf1/dskajr" is for.
0 -
I note that Apple suggest having a second trusted phone number, perhaps that of a friend.
0 -
@prime
how does having a family subscription help you in that situation? How would you handle the loss of the phone? I would think that you are the admin of the family (you're prime after all right ;)) So can others still give you access?0 -
@Manaburner I am the admin/family organizer :) and so is my wife. This way if I do lose all my devices or something, my wife can help me recover my data. One of the great benefits of the Family Subscription. I can even make my father in law or someone else a family organizer if my wife and I go on a long vacation as a back up as well.
I note that Apple suggest having a second trusted phone number, perhaps that of a friend.
@danco that's a good idea too, and I made my wife as my back up and I'm her back up on our Apple ID.
0 -
@prime that's nice. I didn't know about the "organizer" stuff. Unfortunately that won't work for me with the individual account.
0 -
I kept the password for that on a piece of paper hidden. All the paper had was the password, no login, no more info, nothing. You can do this same idea in your wallet or something. No one is going to know what "adjfrhauf1/dskajr" is for.
That's exactly what I did before enabling 2FA on my Dropbox account, but now it doesn't work anymore : To access my 1Password vault in Dropbox I have to login first on Dropbox, but the one time password for Dropbox is given by 1Password... it's a no go.
The more I think about this the more I'm convinced that a 1Password account is the solution, provinding that I keep my secret key in my wallet
0 -
@Lemimouth I don't want to talk you into or out of something but you could write one backup code, that Dropbox has given you, also on that piece of paper.
But you're right, the 1Password account has advantages over the Dropbox way0 -
@Manaburner Ah. Yep. In order to have someone be able to assist you in recovering your account should you forget/lose your credentials you'd have to be on a 1Password Families or 1Password Teams membership with multiple organizers/admins:
Recover accounts for family or team members - 1Password Support
provinding that I keep my secret key in my wallet
If you do that my recommendation would be to not have any context along with this information. If your wallet is lost or stolen you may not want whoever has it to know that is your Secret Key. Of course, if that does happen, you can change your Secret Key (which would probably be a good idea anyway).
Thanks!
Ben
0 -
@Ben Yes sure it would be printed somewhere without any context. I could even apply some very advanced cryptography algorithm like replacing the latest character (C instead of B for example) :p
@Manaburner You're right I could write a Dropbox recovery code. But then I would have to download my vault locally, install 1Password, open my vault, which could be quiet complex depending on the situation
0 -
@Lemimouth: Yeah, it definitely adds up. I think a lot of people would tell you that 1Password.com is life-changing in a lot of ways, because it enables things that just aren't possible with the standalone apps and local vaults — recovery, for instance...
But honestly, I get the most value out of how it's streamlined stuff I can totally do myself, but now don't have to — just so much less time and hassle now: backup, setup, and Travel Mode, for instance. Again, I could do all of these things myself before, but not having to spend an afternoon on any of these tasks anymore lets me do other stuff. Cheers! :)
0