![]() ![]() My solution has been to always create new unique lies for the answers. ![]() I dislike it when sites do this, since after you have given that datum out to a half dozen sites, it becomes a threat surface for an attacker. Many sites also give you "recovery questions", like your mother's maiden name. You need to save this! We will get back to that in a moment. This is a one-time cantrip that replaces and then disables 2FA during login. Of course, that means the 2FA problem now extends to your LP account as well as all the TOTP seeds.įor every one of your 2FA secrets, you usually get a "backup code". ![]() With the Yubikey you can create very strong 2Fa on the vault itself with FIDO2, and I encourage you to do that. This is an intelligent and thoughtful concern, but I think you have more options. My goal is to have multiple ways to get back into my account if my phone dies. If it involves buying a handful of yubikeys, so be it I guess I'm trying to prepare for the worst, because I came pretty close to getting locked out of my life when my phone died, so I'm trying to come up with a better plan. I know what I'm proposing isn't as secure as only using the yubikey, because my phone could theoretically be compromised, but my goal is to have multiple ways to get back into my account if my phone dies.Īlso, when enabling a yubikey, does this disable the option to bypass 2FA with SMS? I'm wondering what the plan is for a lost/broken yubikey. ![]() I'm wondering if this is possible: I would like to continue using the authenticator app, but then have a yubikey as a backup, but I don't know if adding a yubikey disables other forms of 2FA. Recently my phone stopped working, so I was fortunate enough to put my SIM card in another phone and recorded my LastPass account with SMS authentication. I use the LastPass mobile authenticator app. ![]()
0 Comments
Leave a Reply. |