In the case of a USB stick: This seems like the equilavent of writing passwords on post it notes - easy to lose/forget or may just not work 10 years down the line when its needed. In the case of Dropbox: The most likely reason I’ll need the security codes is if I lose my phone - but then I wont be able to access Dropbox anyways because I have 2FA enabled there too so those recovery codes will all essentially be lost. Therefore the most likely way I’ll have a compromised account is if someone compromises lastpass - in which case 2FA would be pointless if the security codes were also stored there.
So I doubt anyone’s going to be able to guess or brute force a password to one of my accounts. In the case of lastpass: My passwords are all random strings about 20 - 30 characters long (based on the services password policies).
I can think of 3 options:Īll of them seem to have their respective pitfalls though: I’ve recently started using 2FA on a bunch of services and I’m not sure how to best store the recovery codes.
0 kommentar(er)
