The article mentions the father having recovery codes in a safe. For those of you who do use MFA with recovery code access if the MFA device is lost, how do you store your recovery codes?
Say I have MFA enabled to send me an SMS when I log into my email.
I am abroad, and my phone gets stolen. I need to log in to my email on some other device and re-access my boarding passes, maybe communicate about my upcoming radio silence. But I can't access my account without the code sent to my phone...
I print them on paper and snail mail them to my sister and parents. I lose my yubikeys (I store TOTP secrets here, not my phone), I can call them internationally and have them ready me the seeds (or send me a picture, at which point I roll them all over).
I've also done it where I sent them a YubiKey with my secrets, then set it up so I can access a computer remotely (via ssh, rdp, etc...). I have to call them to insert the key into the machine, so if the machine gets compromised, there's not much risk, as it's only plugged in if I call them to do so (and tell them to unplug it X minutes later).
Interesting! I think I read about a person who had a "only turn on this machine if I ask you to" situation, where that computer would boot, automatically connect to a network and allow for connections to the secrets store, in a situation like you describe.
Of course, that requires maintenance and checks it would work in a real life situation, that network configurations haven't changed, the parents are present and compos mentis, etc.
I have my backup codes in a file that's encrypted using a key derived from a passphrase that's over 50 characters long (not the same passphrase used for my password manager), that I've memorized. It's stored in cloud storage, on an account created just for that purpose. The account is protected with a (different) password that I've also memorized, and that account doesn't have any kind of MFA on it.
Since access only requires 1) internet access, 2) a common, publicly-available decryption program, and 3) stuff in my brain, I can gain access to it under pretty much any situation where I'd need access to it.
A potential downside is that if I ever had to access and decrypt the file on hardware I don't trust, I'd have to revoke and re-issue all my backup codes, and come up with a new long passphrase to protect the new file, which is a huge pain to do.
This is of course not perfect security, but I think it's fine for my purposes and threat model.
Aren't you afraid that you are going to forget a passphrase that you don't regularly use? That's my main concern with your approach (I have thought about it and didn't do it because of this fear)
I do regularly use it, just for something else that has a similar security level. I know it's generally bad to reuse passwords, but I do this specifically for the reason you've brought up: it'd be a disaster if I forgot the passphrase.
This is obviously not perfect security for that reason and a few others, but it's good enough for me.
Say I have MFA enabled to send me an SMS when I log into my email.
I am abroad, and my phone gets stolen. I need to log in to my email on some other device and re-access my boarding passes, maybe communicate about my upcoming radio silence. But I can't access my account without the code sent to my phone...
That's my worry with this thing.