Hi all,

Need to pick your brains for a bit regarding best practices for handling of account recovery issues while traveling.

Premise would be that my phone gets lost or stolen, and I may not have easy access to my laptop either, and being in a foreign country I couldn’t easily get a copy of the original SIM to restore via OTP.

Consequently, I also don’t really love the idea of using some password manager with a master password and no F2A.

Under those circumstances, what would you consider the best way forward to ensure accessibility without crippling myself in the process?

The only thing I can come up with is a random subdomain on one of my domains, with random username and random password, where I store an encrypted container containing txt-files. Maybe even further obscured with a random cypher (all numbers / letters shifted x positions to the right or something).

But there’s gotta be other use-cases out there, so I was wondering what you are using?

Ideally something that doesn’t involve another person.

Thanks!

  • Goku@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    Keepass db syncd on cloud with multiple devices, 2FA using email instead of mobile number.

      • Goku@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        I use an email client which saves my password and I don’t need to enter it. But the keepass db can also store your email password for you.

        • Darkassassin07
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          11 months ago

          That’s the problem.

          We’re discussing accessing your accounts without prior access to a pre-authorized device.

          If you don’t have a device that’s already signed into your email, you can’t get into your passwords at all. Email is locked with a password stored in your password db, your password db is locked with your email. Without one or the other signed in already, you’ve locked yourself out of your own accounts.

          • Goku@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            Keepass db doesn’t use email 2fa, its just a file you store on your device

            I store it on all my devices so if I lose one I still have several others.

            I use nextcloud to keep them syncd but you can use any cloud (google drive, icloud, one drive, Dropbox, etc)

            • Darkassassin07
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              That’s still gaining access through a device that’s already signed in/has your password db.

              If you do not have access to a device that’s already signed into your accounts/has a copy of your password db; how do get in?

              Presumably you’re smart enough to not have password only auth on a public facing nextcloud instance if it stores your password db…

              This is the scenario we are discussing. The fact you store you db on other devices is entirely irrelevant.

              • Goku@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                My nextcloud instance uses fail2ban and I use a >32bit strong password.

                Assuming I lose my phone and my laptop and my personal computer and my nextcloud instance I would be screwed.

                Since I host my own mailserver I would be able to create a new mailserver with a new password though and recover any accounts with a new email.