• 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: June 10th, 2023

help-circle

  • I actually try to use authenticator apps as little as possible. Having to unlock your phone and open the app each time is too much hassle.

    Instead I have four Yubikeys, not security keys, that I store my OTP 2FA codes on. One for personal codes, one for work codes, and the other two as backups for the first two. The backups protect me from hardware failure, the keys being stolen, or lost. One downside of the backup plan is having to scan the QR code twice, once per Yubikey.

    Each Yubikey can store 32 OTP codes on the smart card part of the Yubikey. The 32 code limitation is why I have personal and work codes on separate keys. I did run into this limit.

    This isn’t the cheapest solution. In addition you could argue it also isn’t the most secure, but that depends on the attack vector and circumstance.

    With this setup I can use the Yubico Authenticator desktop to copy and paste the codes into the browser. While mobile I can use the mobile form of the same app. Also all my Yubikeys have NFC, so I can use that method if I want instead of just USB.

    As mentioned in a different comment I highly recommend not storing 2FA codes in password managers like Bitwarden. It creates an all eggs one basket problem, which is exactly what 2FA codes are trying to avoid.