Yesterday, I accidentally removed an authenticator app from my phone. Fortunately, I have another copy of the app on a different device. It made me realize how easy it is to lock myself out of my accounts. Do you think it’s a good idea to create a Windows VM with an Android emulator on it and install copies of all my authenticator apps, this will not cause any security issues?
why not consolidate your auth apps?
i use selfhosted vaultwarden (with backups ofc) for everything, except for vaultwarden, which is protected by authy . and authy can be backed up easily
Sane MFA apps explicitly disallow their data from being backed up. That would be a massive attack vector if it was possible.
You should be backing up your secrets to some type of app like Vaultwarden or KeePassXC.
And you shouldn’t need to VM host an android OS just to have a secondary means of authenticating. There are plenty of apps out there that support adding your secrets.
Vaultwarden, Bitwarden, KeePassXC, or hell, a Yubikey 5 device and then use Yubikey Authenticator.
How do you back up your secrets? Do you have to do it at the time you first see them?
That is the reason why I don’t self host my password manager: my 2FA passwords are in there, very conveniently and independently of any other device. I trust 1Password with that.
I trust 1Password with that.
Oops. https://www.darkreading.com/remote-workforce/1password-latest-victim-okta-customer-service-breach
So? No customer data got leaked. And even if the vaults would get leaked (which they didn’t), they are 2FA encrypted.
2fa is not encryption.
Instead of an android emulator, you could self-host a 2FA web app like https://github.com/Bubka/2FAuth