yuyu on Nostr: So, GitHub suggests storing the 2fa recovery codes in your password manager. However, ...
So, GitHub suggests storing the 2fa recovery codes in your password manager. However, this kind of has the worst properties:
In case an attacker gets access to my password manager, they can use the recovery code to take over my account, so the second factor is useless.
In case I lose access to my password manager and 2fa secret (like I did yesterday), I can not use the recovery code to regain access to my account.
How do you store your recovery codes?
In case an attacker gets access to my password manager, they can use the recovery code to take over my account, so the second factor is useless.
In case I lose access to my password manager and 2fa secret (like I did yesterday), I can not use the recovery code to regain access to my account.
How do you store your recovery codes?