After everything that has happened with Raivo over the last few days it’s reminded me that I need to go through my accounts with 2FA enabled.

However, how do others keep things organised? My main 2FA app is Proton Pass but I’ll be adding Ente Auth as a backup alongside my Yubikey. In the past I saved a copy of the QR codes when setting up 2FA but I’d occasionally forget to save new ones.

Does anyone have a good system for saving either the QR code or setup code (not actually sure what it’s called) for future use?

EDIT: the code I’m referring to is the initial secret code used to setup the 2FA

Final Edit: I’ve settled on saving the QR codes into a folder that is setup as a git repo.

  • Jeena@jemmy.jeena.net
    link
    fedilink
    arrow-up
    1
    ·
    6 months ago

    Yeah I agree. I wonder how people make it real 2FA when the 2FA app is on the phone and they also log in in the phone.

    • UID_Zero@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      My phone has a passcode, so does my password manager and my MFA app - all different passwords. Those are the only ones I need to remember, so it’s not too bad.

      Probably not ideal, but to break that someone needs to A) physically get my phone, B) unlock my phone, C) unlock my pw vault, and D) unlock my MFA app. I’m fairly confident in my setup.