Hacker News new | past | comments | ask | show | jobs | submit login

Permanent backup codes are a thing. You can generate those at any time. It's a UX problem, not a technical one.



I'm intrigued. The problem: you want to secure your access codes. The solution you appear to be proposing: permanent backup of your security codes somewhere.

But... how do you authenticate to this backup of your codes? It can't be through the same method that these codes unlock for you. Right?


> It can't be through the same method that these codes unlock for you. Right?

That depends who you're warding against. Any attacker sufficiently motivated has access to everything you have access to, so in theory, nothing is safe. If you're warding against MITM for example, logging in with an OTP code is enough, you don't even need a password. If you're warding against malware, then the OTP seed should be on a different (airgapped) machine. In both those scenarios, assuming you don't have a webcam, a post-it note with your backup codes is sufficient.

But yes, ideally the codes should be on a different machine, or at the very least in a different safe (eg. two separate KDBs with a different passphrase). And to answer your other comment, yes, they'll usually be safer on paper under your mattress.


Print them on paper and store them in a drawer in your house. That way it's legally protected more strongly and is immune to hacking.


Have we really resorted to "hide it under your mattress" as the best we can do for security?


For last chance backup it's a great way to handle it.

I have a waterproof, fire resistant chest that important papers live in. In the event of a disaster like a house fire, where my phone and tokens would likely be destroyed, it's a "Plan B" option. In the event of an accident or other event that results in my untimely demise, my wife or other loved ones can also access that chest and get backup credentials to access accounts with critical information.

The other nice thing about the analog world is that the legal path is well worn and understood. An online, service-based resource could be shutdown at any time and custodial disputes are either impossible or driven by some arbitration process on the West coast (I live on the east coast). Accesses to physical goods is clearer, and disputes get resolved by a local judge.


Excellent points. I'll add that physical safes and human-level protections have been standard in INFOSEC since Schell et al invented it as a formal field. All the early SCM for high-assurance systems was basically safes, locked rooms, and vetted people. Black programs (SAP's), like NIPSOM manual, also depend on such methods at some point.

Cool thing is that there's less laws of physics trying to break your security model if you take transistors, wires, and wireless comms out of your implementation. Paper without a line of sight has excellent security properties against remote attackers. :)

Note: Your point on the legal angle is wise and rarely made. I probably need to bring it up more often myself with these ridiculous rulings on privacy & data protection.


For awhile I ran a really large email system for an enterprise with lots of different lines of business -- right after the change in Federal rules of civil procedure that made email the best place to hunt for evidence in litigation. At the same time, we were working with archivists on some of the issues around preserving documents -- the ODF vs Microsoft format thing was a hot item at the time.

That really opened my eyes to the often ignored downsides of electronic media. In the US, we have constitutional protections around our "papers" in our homes, but third party doctrine dramatically weakens the protections around all sorts of things.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: