Hi all,

Need to pick your brains for a bit regarding best practices for handling of account recovery issues while traveling.

Premise would be that my phone gets lost or stolen, and I may not have easy access to my laptop either, and being in a foreign country I couldn’t easily get a copy of the original SIM to restore via OTP.

Consequently, I also don’t really love the idea of using some password manager with a master password and no F2A.

Under those circumstances, what would you consider the best way forward to ensure accessibility without crippling myself in the process?

The only thing I can come up with is a random subdomain on one of my domains, with random username and random password, where I store an encrypted container containing txt-files. Maybe even further obscured with a random cypher (all numbers / letters shifted x positions to the right or something).

But there’s gotta be other use-cases out there, so I was wondering what you are using?

Ideally something that doesn’t involve another person.

Thanks!

  • satanmat@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    Well that’s kinda the point. Missing your factors is supposed to make it harder.

    So — account recovery code written out, that doesn’t say it is for your account?

    E.g. Apple allows it as a backup to your Apple ID should you get locked out.

    Depends on the syy

    • viking@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Yes exactly, but I still need to be able to access it myself.

      Writing the codes out is one thing, but taking a paper with me on international trips actually increases the risk of it getting lost, damaged or stolen as well; and if someone was to figure out what they are for, that could even increase the potential risk. Hence my question what other people are doing :-)