I have the recovery information for my password manager in my fireproof safe. Oh. This article does a really good job of highlighting a fear of mine, which is that, in my efforts to lock down my...
I have the recovery information for my password manager in my fireproof safe.
Sadly, the fire-proof safe wasn't lightning-strike safe and is now obliterated.
Oh.
This article does a really good job of highlighting a fear of mine, which is that, in my efforts to lock down my personal security, I might have ended up laying the groundwork to eventually lock myself out of everything due to an unforeseen accident.
Also, I missed the significance of the "Imagine" at the beginning and it wasn't until the end of the article that I realized the author was talking about this as a hypothetical rather than an actuality. I read the entire article with the emotional weight of such a devastating loss hanging over me, feeling downright awful for the author, his wife, and their cat.
The trick is to have a hole only you can effectively shove a proverbial finger in. A mother's maiden name, one password committed to memory, something. Heck, my company uses one team-acessible...
The trick is to have a hole only you can effectively shove a proverbial finger in. A mother's maiden name, one password committed to memory, something.
Heck, my company uses one team-acessible account for each client for a SHTF moment so that even if/when everybody is locked out, somebody can get in and fix things.
Well, even as fiction this was helpful. It inspired me to make sure I have backup codes printed for my primary email address and password manager, between which I can recover all the rest. I'd...
Well, even as fiction this was helpful. It inspired me to make sure I have backup codes printed for my primary email address and password manager, between which I can recover all the rest. I'd have to lose my phone, wallet, and fireproof safe all at once. If that happens, I probably have larger problems than not being able to access the internet.
However, they provides multiple points where they clearly don't have any idea how bureaucracy works. The post office would happily set up a forwarding address for them. The insurance company would send out an adjuster to look at the smoldering pile of wreckage. The bank will, with some time and encouragement and talking to a person, allow them access to their account without the account number if they provide a number of pieces of information, including their embarrassment about setting their mother's maiden name to a string of characters. Their phone carrier could likely be convinced as well, with time and effort and talking to a person.
There's definitely less and less traction for engaging with a human to gain access to digital life, but the author's concerns break down as soon as they talk about the intractability of interacting with people to solve these issues. It's clear they know technology well, but not bureaucracy.
Well... I like what 2FA promises in theory, so I do still use it, but never with a phone. I use a USB key. But this article does make me think about ways I should prepare myself if my whole house...
Well... I like what 2FA promises in theory, so I do still use it, but never with a phone. I use a USB key. But this article does make me think about ways I should prepare myself if my whole house were destroyed, including the computers and 2FA objects in it.
You can back up 2FA codes. Some services that let you set up 2FA on your account will also retain the codes, so a process to recover your account is available, if not guaranteed to be successful....
You can back up 2FA codes. Some services that let you set up 2FA on your account will also retain the codes, so a process to recover your account is available, if not guaranteed to be successful. The number of services that do not retain your code seems to be limited in my experience.
I most certainly dislike the gamble and have been hurt by this before. No thanks. I do have recovery codes for essential services which force me to use 2FA.
I most certainly dislike the gamble and have been hurt by this before. No thanks.
I do have recovery codes for essential services which force me to use 2FA.
Biometrics. As part of the work from the FIDO alliance, the #BigTech companies will start to roll out a variety of authentication options, including device biometrics, that can be used instead of...
Biometrics. As part of the work from the FIDO alliance, the #BigTech companies will start to roll out a variety of authentication options, including device biometrics, that can be used instead of a password, universally, across websites (we, of course, have biometrics for local authentication already).
Apple is ahead of the curve here, and you can look at Apple Passkey as an example of what this would look like, but the rest of the members that support FIDO will start rolling out similar features.
While biometrics are a pretty good solution, they do have one major legal drawback in the US. A password is something you know, so you cannot be legally compelled to share it with law enforcement....
While biometrics are a pretty good solution, they do have one major legal drawback in the US. A password is something you know, so you cannot be legally compelled to share it with law enforcement. Since biometrics are just a part of you, and fingerprints especially are routinely taken, anything secured in that way is much more easily accessible to law enforcement. Whether that matters to you depends on your threat model, but given that the best move in the US even for law abiding citizens is not to talk to the police, it's a difference worth being aware of.
I have the recovery information for my password manager in my fireproof safe.
Oh.
This article does a really good job of highlighting a fear of mine, which is that, in my efforts to lock down my personal security, I might have ended up laying the groundwork to eventually lock myself out of everything due to an unforeseen accident.
Also, I missed the significance of the "Imagine" at the beginning and it wasn't until the end of the article that I realized the author was talking about this as a hypothetical rather than an actuality. I read the entire article with the emotional weight of such a devastating loss hanging over me, feeling downright awful for the author, his wife, and their cat.
The trick is to have a hole only you can effectively shove a proverbial finger in. A mother's maiden name, one password committed to memory, something.
Heck, my company uses one team-acessible account for each client for a SHTF moment so that even if/when everybody is locked out, somebody can get in and fix things.
Well, even as fiction this was helpful. It inspired me to make sure I have backup codes printed for my primary email address and password manager, between which I can recover all the rest. I'd have to lose my phone, wallet, and fireproof safe all at once. If that happens, I probably have larger problems than not being able to access the internet.
However, they provides multiple points where they clearly don't have any idea how bureaucracy works. The post office would happily set up a forwarding address for them. The insurance company would send out an adjuster to look at the smoldering pile of wreckage. The bank will, with some time and encouragement and talking to a person, allow them access to their account without the account number if they provide a number of pieces of information, including their embarrassment about setting their mother's maiden name to a string of characters. Their phone carrier could likely be convinced as well, with time and effort and talking to a person.
There's definitely less and less traction for engaging with a human to gain access to digital life, but the author's concerns break down as soon as they talk about the intractability of interacting with people to solve these issues. It's clear they know technology well, but not bureaucracy.
2FA strikes again 🤷. I opt out whenever I can, and will keep doing so for as long as I have the option.
Well... I like what 2FA promises in theory, so I do still use it, but never with a phone. I use a USB key. But this article does make me think about ways I should prepare myself if my whole house were destroyed, including the computers and 2FA objects in it.
Every object can be lost, stolen, or burnt to a crisp 🤷
You can back up 2FA codes. Some services that let you set up 2FA on your account will also retain the codes, so a process to recover your account is available, if not guaranteed to be successful. The number of services that do not retain your code seems to be limited in my experience.
I most certainly dislike the gamble and have been hurt by this before. No thanks.
I do have recovery codes for essential services which force me to use 2FA.
I'm not sure what you want to hear. How carefully you back up your own data is a personal choice and responsibility.
I'm not looking for any specific response, I'm merely expressing my general dislike for 2FA as a user. But thank you for your response.
Oh, my bad. Hopefully authorization is figured out in the future, and we get something you can use.
I hear many people advocate for using 2fa for security. Is there a another good option that's more secure than passwords but without this 2fa risk?
Biometrics. As part of the work from the FIDO alliance, the #BigTech companies will start to roll out a variety of authentication options, including device biometrics, that can be used instead of a password, universally, across websites (we, of course, have biometrics for local authentication already).
Apple is ahead of the curve here, and you can look at Apple Passkey as an example of what this would look like, but the rest of the members that support FIDO will start rolling out similar features.
While biometrics are a pretty good solution, they do have one major legal drawback in the US. A password is something you know, so you cannot be legally compelled to share it with law enforcement. Since biometrics are just a part of you, and fingerprints especially are routinely taken, anything secured in that way is much more easily accessible to law enforcement. Whether that matters to you depends on your threat model, but given that the best move in the US even for law abiding citizens is not to talk to the police, it's a difference worth being aware of.
I don't know, but I'm not saying yes to a key that may lock me out of my possessions which are held by entities which are unreachable and "un-suable".