Hi all,
Need to pick your brains for a bit regarding best practices for handling of account recovery issues while traveling.
Premise would be that my phone gets lost or stolen, and I may not have easy access to my laptop either, and being in a foreign country I couldn’t easily get a copy of the original SIM to restore via OTP.
Consequently, I also don’t really love the idea of using some password manager with a master password and no F2A.
Under those circumstances, what would you consider the best way forward to ensure accessibility without crippling myself in the process?
The only thing I can come up with is a random subdomain on one of my domains, with random username and random password, where I store an encrypted container containing txt-files. Maybe even further obscured with a random cypher (all numbers / letters shifted x positions to the right or something).
But there’s gotta be other use-cases out there, so I was wondering what you are using?
Ideally something that doesn’t involve another person.
Thanks!
I use a very simple “hashing” algorithm that I can do mentally. If I want to log into a service, I “hash” its name, and that’s my password.
Every service I use has a different password, and I don’t have to remember any of them. I have no keyvault that can be stolen.
MFA is still an issue. You’ll need your recovery codes to be accessible, but encrypted.
This is pretty clever actually