WingNews logo WingNews GitHub [2]
top | item 14658148

Ask HN: Where should I keep my recovery codes (Google account for exemple)?

12 points| asadlambdatest | 8 years ago | reply

Not sure if this is the best place to ask this but: Like everybody, I have alot of online accounts, which all require passwords. I have 3 google accounts and each one comes with 10 recovery codes. Now my question is this: Where should I put them? somewhere in my house? In my password manager app where all my passwords are stored? I try to secure my accounts as much as possible with different password, and 2 steps verifications, but the recovery code is the last layer of protection for an account and I want to keep it in a safe place. Thanks! Edit: word

15 comments

order
[+] drunkenmonkey|8 years ago|reply
Convert the code to a numbering using modulo arithmetic. Take a movie file, and encode black frames for a full minute for every number in your set. Burn the movie to a DVD and add it to your household collection.

If you need to recover the recovery code, watch the movie with a notepad handy.

[+] ezekg|8 years ago|reply
This is the answer I was expecting from HN. Thank you.
[+] bblough|8 years ago|reply
I keep mine in my password manager, which is sync'd across all of my devices. That way, if I lose access to my 2FA device, I can still get into my accounts, even if I'm traveling.
[+] marcc|8 years ago|reply
Doesn't this make 2fa less secure for you? Assuming your password and your recovery codes are in the same place, that's only one factor auth.
[+] kasey_junk|8 years ago|reply
Physically secured storage. Either a safe deposit box or a fire safe in your home.
[+] runamok|8 years ago|reply
I just implemented this. Ultimately I want to have 2 USB sticks with veracrypt on it with the recovery files in the volume.

For now I just zipped them up in an AES-256 encrypted zip file. Keep one in the fire safe and maybe one in my car or work.

[+] seanwilson|8 years ago|reply
On paper somewhere you keep in several places? You never know when your mobile or laptop is going to break or get lost for 2FA. It's not likely an attacker is going to steal your note of these and know your login.
[+] gregjor|8 years ago|reply
Written in my passport, mixed in with visa stamps. Hard to tell what they might mean if you don't know what to look for.
[+] shincert|8 years ago|reply
You've just told the whole world. Not so hard anymore.
[+] ioddly|8 years ago|reply
I wrote them down, put them in an envelope and in my safe deposit box.
[+] kuroguro|8 years ago|reply
Crypted archive stored in an unrelated backup service?