John  

πŸ‘ Don't πŸ‘ sync πŸ‘ MFA πŸ‘ secrets πŸ‘ to πŸ‘ the πŸ‘ cloud πŸ‘

- Don't put them in your password manager, no matter how convenient that may be. In the unlikely event that someone gets into your PW DB you *don't* want to also give them all your MFAs.

- Don't sync them with a third-party app/service, which automatically becomes a priority target.

- And DEFINITELY don't sync them in an already-high-value account, like your Google account.

retool.com/blog/mfa-isnt-mfa/

1+
John
Follow

Personally, I keep my secrets on a pair of Yubikey hardware tokens using the Yubico Authenticator app. I keep one token with me and the other stays locked in a fire safe as a backup.

play.google.com/store/apps/det

Β· 1Β· 0Β· 2
"We Be The Humans"  

@john_b

I do similar. OnlyKey(s), duplicate at lawyers, office safe.

1
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…