this post was submitted on 22 Mar 2024
32 points (92.1% liked)
Privacy
32120 readers
544 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m no expert but I think the best practice is generally to keep the backup codes in a non-electronic format in a secure location, such as on paper stored in a fireproof safe or a bank’s safe deposit box. You wouldn’t forget that location. It’s not a cheap solution, though, and a safe deposit box limits you to the bank’s operating hours only. Using your backup code is typically pretty rare, though.
I would not use the TOTP offered by your password vault, though, especially if the vault backs up to multiple devices or the cloud.
Thanks for chiming in! Non-electronic and secure are going to be interesting things to consider, especially in combination.
Bank safe isnt totally out of the question but I would like to avoid them if I can. Second location wouldnt be impossible but offline doesnt mix in well with that since my family is a mess.
If one was to make a hobby out of this I can imagine peeps putting their secrets in plain sight but make them uninteresting for the uninitiated.
You could encrypt the backup codes with a strong password using something like AES, then print the encrypted data out in hexadecimal or base64.
Honestly this would make for a neat project — build an esp32 or rp2040 based punchcard reader / printer and then print out all your backup codes (encrypted of course by some hardware based code like a set of dip switches) onto custom punchcard tape.
Neat! Now we‘re talking! :))
Jk, but this is actually pretty cool.