29
How do you backup 2FA setup codes/QR codes?
(lemdro.id)
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_[email protected]~
Not a security scientist, but in my interpretation, it's the "categories" of the factors that matter. Ideally, you use some two of three of:
the goal then is maintaining the "only"s.
if you tell someone your password, or they see you type it in, or they beat it out of you with a wrench, it's no longer something "only" you know, and it is compromised.
if you use the same password on two websites, and one website is compromised, the password is compromised.
OTPs from a key fob or yubikey or something are similarly compromised if the device that provides them is left out in public/lost/stolen/beaten out of you with a wrench.
biometrics are again, are compromised if it's not "only" you with access to them - someone scans you face while you're asleep, or smashes your finger off with their wrench.
having multiple factors in the same category, like having two passwords, or two otp tokens, or two finger prints, doesn't significantly improve security. if you give up one thing you remember, it's likely you'll give up more. if one fob from your keychain is stolen, the second fob on that keychain is of no additional help.
you can start shifting what categories these things represent though.
if you write down your password in a notebook or a spreadsheet, they become thing you have.
OTPs can become something you know if you remember the secret used to generate them.
knowing many different things is hard, so you can put them in a password vault. the password vault is then something you have, which can be protected by something you know. so although your OTPs and passwords are in one place, you still require two factors to get access to them.
you still need to protect your "only"s though. and don't put yourself in situations where people with wrenches want your secrets.
Thank you for the detailed response!