I guess many of you use a password manager. I do too. And several credentials stored in my password manager also have 2FA, typically based on an algorithm that has to be seeded with a secret key (like the one used by Google Authenticator). Whenever I have to create a new account with 2FA, I will store the 2FA key in my password manager along with the password for that account. And if the key is presented as a QR code (it often is), I will save that QR image temporarily to disk and include that file in my password manager. This way, if I lose my device for 2FA authentication (e.g. smartphone), I can get a new device and start again with a fresh 2FA app install. If you don't like the idea of storing your password together with your 2FA key: use 2 different password managers, one for your passwords and one for your 2FA keys. And use 2 different master passwords :-)
Didier Stevens |
DidierStevens 639 Posts ISC Handler Nov 1st 2019 |
Thread locked Subscribe |
Nov 1st 2019 2 years ago |
Some TOTP applications are already able to back up TOTP seeds to their cloud storage. E.g. Authy (keeping TOTP separate) and BitWarden both offer this service for free.
|
Anonymous |
Quote |
Nov 12th 2019 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!