Follow

Sigh. That moment when you bust your phone, and then realize everything using 2FA is now inaccessible.

I do have backups of my tokens, but I don't have a spare device where I can restore the backup. Thankfully, my new phone arrives today, and most of my key services are protected by a YubiKey, so I'm not entirely blocked.

@sbanwart It won't help you now, but that's exactly why I screen capture and print on paper the QR codes and keys for such credentials. I store them in a safe in my house. It's saved me several times now.

@ataraxia937 @sbanwart I use FreeOTP+ because it allows you to export your tokens to a JSON file. I'm suprised most apps don't provide any backup feature.

@sbanwart

Yeah, I've yet to come up with an approach to handling 2FA emergency codes that feels like the right confidentiality/availability tradeoff.

@sbanwart

Hopefully you're using a VoIP PBX like Asterisk or Freeswitch or Google Voice, so you can just grab any old phone laying around and in ten minutes get back to business?

Regardless, I Soooo feel your pain!

@sbanwart And to make it even more painful, you store all the back up code in bitwarden and you enabled 2FA on bitwarden.( yeah, that's me )

@sbanwart On Linux at least, you can generate codes from the raw keys using oathtool. Something to use while you wait.

Sign in to participate in the conversation
Fosstodon

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.