undefined | Better HN

0 pointsalsdfjkslfheu3y ago0 comments

what's your key backup/recovery strategy?

0 comments

4 comments · 1 top-level

rgreen3y ago· 3 in thread

recovery is easy. i'm a customer of all these companies so i have faith i'll be able to convince them i'm me if it comes to that. and i keep a handful of hardware keys to make self-recovery easier if i lose or break one. most of my practices are to mitigate risks i personally know how to mitigate, and doing it while causing myself as little headache as possible. being able to auth using touch id on my personal laptop is great for day to day usage.

microtonal3y ago

Also, if you use iCloud for passkeys, Apple has has a procedure to regain iCloud access with a recovery contact:

https://support.apple.com/guide/security/account-recovery-co...

(No, that doesn't mean that the contact has access to your account, the encryption key is split between the contact and Apple by the device.)

crote3y ago

So I assume you do not consider, say, your Github or Google account to be high-value? Plenty of tech companies have simply started to refuse recovery if you lose all your 2FA keys.

rgreen3y ago

What do you do without 2fa if your account is taken over? I’m trading that risk for something more in my control. Yeah it would suck if I lost all my hardware keys, my laptop, and paper backup codes, and additionally I couldn’t get support from anyone.

j / k navigate · click thread line to collapse