Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Before MFA was mandated on every service this was an easy problem to solve. Now when you lose your phone while out and about you lose your ability to log in to even Dave's Speed Cow Milker's Enthusiast Forum unless you're at home with another computer already logged in to various things.


The QR code that you use to transfer TOTP secrets to a new phone, is static. It never changes (unless you add a new service) and it requires no verification.

Do with that information what you will.


If you can have a copy or deployment of your TOTP code accessible (or memorized) at any time then you've solved the same problem already!


Learning my 1Password recovery key took quite a while, but should allow me to do a cold reboot of my digital life.


Yubikeys could be cheaper. In addition to the two I have, I bought two more to store offsite with friends and family for redundancy (with access to my password manager + important email accounts).


With a usb stick form factor I would think Yubikey would be doing more to convince consumers a yubikey will not fail like a usb stick (randomly and from disuse).


Cheaper than learning a recovery key?

Yubikey redundancy is a great idea though


It's something that you never use on a daily basis. Very easily forgotten...


"Now when you lose your phone while out and about you lose your ability ..."

2FA Mule:

https://kozubik.com/items/2famule/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: