I was just thinking about my password manager and use of 2FA. If I lost my phone or what if I get in some accident and have amnesia and cannot remember my master password. What would I do?
Any thoughts on solutions to the problem of losing your phone or some emergency medical condition?
You must log in or register to comment.
Keep it in a fire safe or safe deposit box.
Just follow the 3-2-1 backup rule. 3 copies in 2 different mediums with 1 stored off site.
Also a paper emergency sheet thats been laminated backed up in the same way
Similarly, I have a post-it on my monitor
When you type out your password, does it show like when I type my password? ******* is my password, what’s yours?
Mine is hunter2.
what if I get in some accident and have amnesia and cannot remember my master password
NGL, you’d probably have bigger problems than remembering passwords if that’s the case.
This is true, but it’s worse to have two problems.
https://github.com/cyphar/paperback
The very important secrets get replicated into multiple places using Shamir’s secret sharing.
This includes a backup copy of physical security keys with biometrics inside of them.
bitwarden has a cool takeover option which my gf has, in case I would lose access, and vice versa.
Encrypt it to a thumb drive and split the password up between people you trust in envelopes.
https://github.com/jesseduffield/horcrux
Related software. You can split a file up and only need some parts back to encrypt it.
Any thoughts on solutions to the problem of losing your phone
Having a backup copy of your password manager on more than one device and location.
I have mine on phone, pc and usb drives.
Single points of failure are always a problem.
Paper backup in my sock drawer.
In theory: regular rotated disk backups kept in a safety deposit box.
In reality: a single disk sitting in my dresser that’s super out of date.
either it’s emergency, or OP and this post’s OP have shared minds: https://lemm.ee/post/16530953
I have my master password written on a piece of paper in my desk drawer, but with no references to what it’s for. I guess if someone broke into my house, managed to unlock my computer or my phone and also put two and two together that it’s my master password, they could get in.
But if something happened to me, that password location is known to my family, and my vault has a backup 2FA to my son’s phone.
I have my password database synced multiple places and I use two yubikeys (one as a backup) to unlock said password database and for OTP. This protects me from losing access to anything as a result of a lost/broken device.
It doesn’t help in the case of being unable to perform those functions yourself for whatever reason. Perhaps give instructions on how to access all of that to someone trusted?
I keep all mine in a Keepass file across multiple USB drives that get updated about once a month. Wife has one, one lives at my mothers house, and I keep one on me - at all times airgapped so no risk to have them exfiltrated either. Keepass has some plugins in order to support 2FA as well. This keeps me using unique passwords everywhere, TOTP codes easily accessible, wife can get access to something if she needs; she knows my master password scheme - but is not really a technophile so she doesn’t really want to mess with it unless she has to.
Keepass 2 also has an emergency sheet you can print as well to hide in a safe. It has all of your passwords and master passwords too. Keep another one offsite (plus USB stick with kbdx file) and you’ll be good.
Right now I export it periodically to an encrypted flash drive but I know that isn’t sufficient. I run Vaultwarden and back up all my docker volumes hourly and replicate to S3 nightly.
Theoretically I should be able to recover but I need some off those passwords to do so. Ideally local caching or one of my exports should be sufficient but I haven’t had time to actually test this.
I have one time codes for that
HDD at work.
