undefined | Better HN

0 pointsFrenchDevRemote3y ago0 comments

we've been told for decades to "not write passwords on postits" and we're really back to square one...

0 comments

lxgr3y ago

It's not a password, it is a secondary, single-use recovery second factor.

Carrying that around in a wallet doesn't make you any more vulnerable to physical attackers than carrying your Yubikey on a keyring, and it's much more secure against remote attacks than SMS-2FA (where you can fall victim to SIM swapping, number porting attacks etc).

charcircuit3y ago

ideally the paper would be in a safety deposit box / safe and not stuck to your monitor.

FrenchDevRemoteOP3y ago

If it fits your need to have it a fixed location, then yes.

But he talked about traveling.

IDK about you but I don't travel with a safe in my backpack

lxgr3y ago

Just put it in your wallet and/or luggage. Without your account name and password, it's useless to any potential thief.

1 more reply

j / k navigate · click thread line to collapse

0 comments

lxgr3y ago

It's not a password, it is a secondary, single-use recovery second factor.

charcircuit3y ago

ideally the paper would be in a safety deposit box / safe and not stuck to your monitor.

FrenchDevRemoteOP3y ago

If it fits your need to have it a fixed location, then yes.

But he talked about traveling.

IDK about you but I don't travel with a safe in my backpack

lxgr3y ago

Just put it in your wallet and/or luggage. Without your account name and password, it's useless to any potential thief.

1 more reply

j / k navigate · click thread line to collapse