Jump to content

What If You Lost Your Phone and Computer? Worst-case scenario


jmckimm

Recommended Posts

I use 2 Factor Authentication plus a password manager (KeePass file in Dropbox) for most of my online services. I have encrypted my phone and laptop. I use a backup service for my files and I have two identical local backups. I feel pretty good about my setup. 

However, I've thought about a worst-case scenario. What would happen if I lost my phone AND laptop simultaneously (or they were stolen)?

My phone is needed for 2 Factor Authentication, and thus, I would not be able to access Evernote, Dropbox, Gmail, etc., because of the long, complicated passwords from the password manager.  I use Republic Wireless for my phone service, so I would need to buy a new phone, wait for it to arrive and then activate it so I could complete the 2FA process. I would be temporarily locked out of many online services.

I am wondering what the best backup plan would be for a worst-case scenario? I've thought about changing my Evernote password to something strong that I can remember. I guess I would have to copy some of my main passwords over to a note and keep them updated. I've also thought of porting my cell number to Google, and thus could buy a pre-paid phone, and have my number directed there temporarily.

I am wondering if anyone has thought of this. If you have 2FA enabled, and temporarily lost everything, do you have one point of access that would allow you to maintain online access as normal?

 

Link to comment
  • Level 5*
11 minutes ago, jmckimm said:

I am wondering what the best backup plan would be for a worst-case scenario?

Evernote haas backup codes.  Details at https://help.evernote.com/hc/en-us/articles/208314238-How-to-set-up-two-step-verification

You have web access to your data

I store a copy of my password list in Evernote (encrypted)

Link to comment

True. In this scenario, we're talking about a worst-case scenario. 

Pretend you're traveling and just lost everything. Your phone, laptop, etc. Evernote web access would require 2FA or the backup code you mentioned. How would the backup code help you if you lost everything? Unless one memorized it.

In this example, perhaps the one-point of contact should be Dropbox. One could have their Evernote backup code in that. 

I know this is a some-what ridiculous scenario, but it could happen.

I am wondering if someone has thought this through. Thus, if someone lost everything, they could simply access a computer at a library and do business as usual. What would be the optimal solution? 

Link to comment
  • Level 5*

As @DTLow said,  there are backup codes,  and my password service - which is Bitwarden - has all my complicated passwords,  plus a very long admin password that's actually an "artfully" edited version of a line from my favourite poem.  I can remember the line,  so which letters are other characters is a decoration that's pretty easy to add. 

If I lost everything I 'could' go into a library - though I might have to burn the desktop afterward to clear all my confidential data - but my preferred option would be my own 'backup' laptop (less installing),  or a new purchase.  Access to the internet on my own device (I also have a VPN with logins via Bitwarden) gets me secure connections,  and the rest will build from there.  Likely to be messy and very annoying,  but (I think) disaster-proof...

Link to comment
47 minutes ago, gazumped said:

my password service - which is Bitwarden - has all my complicated passwords,  plus a very long admin password that's actually an "artfully" edited version of a line from my favourite poem

Thanks gazumped. This seems like an excellent idea. I have not considered Bitwarden. Their Web Vault with a long admin password that is easily remembered can be a one-point of contact solution for a worst-case scenario. 

Even their web copy points at this: "Stuck without any of your devices? Using a friend's computer? You can access your Bitwarden vault from any web enabled device by using our web vault." 

It seems like it makes sense to transfer all of my passwords from KeePass to Bitwarden. 

Thanks again.

  • Like 1
Link to comment
  • Level 5*
2 hours ago, jmckimm said:

In this example, perhaps the one-point of contact should be Dropbox. One could have their Evernote backup code in that. 

I use my password manager as my one-point-of-contact. As per @gazumped, I use Bitwarden

It stores passwords and secure notes

Link to comment
28 minutes ago, DTLow said:

I use my password manager as my one-point-of-contact.

Yes, this does seem to make the most sense. I've been using KeePass integrated with Dropbox. It works well, but would cause a slight headache in the worst-case scenario. Bitwarden's web vault would work better in that case.

Link to comment
  • Level 5

I use 1Password, that has a master container in the web.

It allows to store the one-time-codes used for override mode of 2FA-accounts. If the codes are dynamically produced by an Authenticator App, the numbers will show in the 1PW- app as well.

Because I have a permanent copy of my stuff in iCloud, I would just have to get a new iPhone, and could restore any stolen or destroyed device within hours.

Who does not want to put all eggs into one basket may file the override codes printed on paper in a safe place.

Link to comment
  • Level 5*

I use LastPass.  There is a sort of default backup in that the encrypted password file is synced to all devices on which you use LastPass.  On a new device, add the LastPass extension and you are ready to go.  Assumption on my part I suppose, but that encrypted by the known to me only password file sits in the web somewhere for this to work.

Belts and suspenders you can find the file in the bowels of AppData if you want to back it up.  In my case it is a 3 MB file located in 

C:\Users\%username%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\databases\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0\

FWIW.

Link to comment
  • 3 weeks later...
On 8/14/2019 at 11:56 AM, jmckimm said:

If you have 2FA enabled, and temporarily lost everything, do you have one point of access that would allow you to maintain online access as normal?

I have my account codes encrypted and backed up in "the cloud" should that happen. You could also use Bitwarden which stores your OTP account codes.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...