Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What happens when you lose your phone then?

Do you have recovery code printed out? Do you carry them with you? If you do then what's the difference between this and a password?



Not the parent, but I write recovery codes down and store in a safe at my home.

The difference compared to a password is that these recovery codes are single use, used only in exceptional cases and physically airgapped. On the other hand my password is multi use, is used daily by me and in the event of a breach will be exposed to the attacker.

I will know if someone steals my recovery codes. I'll have no idea if someone gains knowledge of my password though.


I keep a second outdated Android phone secure with all my TOTP on it for now, plus I have another person I trust who I share my codes with.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: