How Do You Secure Your Account/2FA Recovery Data

Hello, all! Brief background to explain my question… I currently use Bitwarden to manage just about all of my passwords. I also use Bitwarden as my TOTP 2FA generator. (I am considering adding multiple apps for TOTP, I just haven’t done it yet.) — Anyway, I’m curious about recovery methods people use in case they can’t access their password manager and/or TOTP generator for whatever reason…

At the moment, I currently export my Bitwarden vault maybe twice a month, and I use an encrypted 7Zip file to keep it safe before I move it around to other devices or cloud storage. I also get all of my 2FA recovery codes and bundle them up together in a separate 7Zip archive, also encrypted.

The reason I’ve been doing it this way vs something like GPG-ing the files, is that so far, 7Zip archives have been the most consistent and easily accessible way to encrypt a bundle of files that I might need to access on anything from Linux to macOS to Windows or even my phone. There’s integration into system file archivers or just 7Zip as a GUI app. Which takes the guesswork out of having to figure something out in the CLI with GPG.

All that being said, I really just am wondering how many ways people might handle this operation. Maybe there’s something that I’m missing that’s even easier while still being safe. A high priority for me is that it’s never specific to a single platform. In an emergency I want to be able to access it on any device no matter what.

How do you all secure your recovery information?

1 Like

In several ways, but in the end in an emergency, there’s the encrypted usb sticks with everything i need in case of an emergency. (just don’t forget to update them regularly. :grinning:)

2 Likes

It sounds dumb but I also have some sheets of paper securely saved that also have all the 2FA recovery data, just in case the electronics die.

2 Likes

Oooh that’s a good one. Didn’t think about that before. Thanks for the tip!

1 Like

I use BitWarden for my daily password management, periodically I import all of that info into KeePass so I have an offline version of my info for emergency use and backup.

With the KeePass database I put that in a password protected zip file which is then placed into another password protected zip file to obscure what file type is inside the original.
I also keep text files with relevant things like recovery keys, seeds and so on which get the same zip in zip treatment.

That zip files are placed on a couple USB sticks (1 backup stick kept with a family member offsite) inside small hidden Veracrypt volumes, so anyone finding or stealing the drives would think they were standard drives and at worse just format everything. For convenience I keep a folder on each drive containing the 7zip, Veracrypt, Bitwarden, Yubikey manager/authenticator installers as well as other random apps and things to hide the importance of those ones. That would allow me to stick the USBs in anyone other machine and get my data if needed.

It’s a bit of a convoluted system but it works for me, I’m okay jumping through some hoops to protect and recover important info.

1 Like