I have seen people answer this with secret splitting, where they store the encryption key separately from the physical backups, and a few people know where both are. If you encrypt the backup and bury it under a tree in the back yard, you're similarly screwed: WHICH tree did you bury it under, and WHAT was that encryption password? If you need a username/password to log in to a cloud service like Google Drive, you're back where you started, aren't you? One contentious topic is how to prepare and store the backup. a house fire) you have, well, a backup of your backup. You want multiple locations so that if you lose any single copy (i.e. One of your backup items should be details on getting into the vault itself, including the email, master password, backup code, and TOTP seed (if applicable). You should have multiple copies of your vault stored external to LastPass, in multiple locations. The bottom line to all of this is BACKUPS. Otpauth://totp/Reddit:LetsPracticeTogether?secret=XXX&issuer=RedditĪgain, for TOTP to unlock your vault, you need another copy external to the vault. If you decode the QR code, it's a string like For 2FA on the vault itself, you will want a copy of this external to the vault itself.more on this later.įor TOTP seeds, you should save those seeds in your vault as well. Save this in the Notes section in your vault. To begin with, you almost always get a "backup code" when you enable 2FA. 2FA reduces the risk of unauthorized disclosure but INCREASES the risk of getting locked out of the resource.ĢFA is a good thing, and you should use it, but you always need make preparations when you enable it. First, you are smart to be thinking about this.
0 kommentar(er)
