Ancestors

Written by Frank on 2025-01-31 at 13:08

Hey #infosec people, what is your solution for MFA that is recoverable and mostly disaster resistant?

Consider that many services allow you to only add 1 MFA token.

Prefs/reqs

• ideally no 3rd party service

• can use private cloud storage though

• don't store MFA with regular creds

• can be (on) a device (app or physical)

• MFA can survive device dying or disappearing

• backupability is a pro

• Linux compatible if applicable

• can ideally be inherited and used after owner's (un)timely demise

=> More informations about this toot | More toots from fschaap@mastodon.social

Written by Skyglobe on 2025-01-31 at 13:33

@fschaap personally I use TOTP with Aegis ( https://getaegis.app/ ) on Android and KeepassXC ( https://keepassxc.org/ ) on PC. Both allow backing up and exporting the TOTP configuration and do not depend on third party servers for storage.

=> More informations about this toot | More toots from skyglobe@hostux.social

Written by Jeremy Baumgartner on 2025-01-31 at 14:38

@skyglobe @fschaap I do this, but the KeePassXC vault for TOTP tokens and backup data is separate from my password vault, and requires my Yubikey token to open. It's purely meant as a backup to Aegis.

=> More informations about this toot | More toots from jjbaumgartner@infosec.exchange

Written by Frank on 2025-01-31 at 14:42

@jjbaumgartner @skyglobe Yeah, 2 vaults is an option. What is your backup plan for the Yubikey? Multiple ones added and one in a safe?

=> More informations about this toot | More toots from fschaap@mastodon.social

Toot

Written by Jeremy Baumgartner on 2025-01-31 at 16:48

@fschaap @skyglobe No backup for the key.

=> More informations about this toot | More toots from jjbaumgartner@infosec.exchange

Descendants