LUGBZ Discourse Server is UP
Hi LUGBZ,
for some services I started using OTP, at the moment FreeOTP on Android.
Now I am afraid what could happen if I lose the device or if it just breaks.
What is you backup strategy, to be able to access all your services,
which you secured through OTP, after a break or loss of your device?
I am looking for a strategy to avoid disasters 
Thanks for any suggestion!
Patrick
attachment.htm (722 Bytes)
Patrick Ohnewein wrote:
Now I am afraid what could happen if I lose the device or if it just breaks.
Most services provide you with a series of scratch codes when you set
OTP up on each web site. The codes can usually displayed again at a
later stage from your account page.
For those services that don't give you scratch codes, have a look at
their password recovery help page. Some sites use an alternative email
address, some use phone numbers. Make sure these details are up to date.
What is you backup strategy, to be able to access all your services,
which you secured through OTP, after a break or loss of your device?
I keep the scratch codes along with all my passwords in a gnupg
encrypted file.
Thomas
Hi Thomas,
Most services provide you with a series of scratch codes when you set
OTP up on each web site. The codes can usually displayed again at a
later stage from your account page.For those services that don't give you scratch codes, have a look at
their password recovery help page. Some sites use an alternative email
address, some use phone numbers. Make sure these details are up to date.
Thank you for this information! I will check the websites.
What is you backup strategy, to be able to access all your services,
which you secured through OTP, after a break or loss of your device?I keep the scratch codes along with all my passwords in a gnupg
encrypted file.
I see. Thank you.
At the end this means, there is no need for a backup of the OTP app data
itself. It seams also to be impossible to restore a backup on a
different device.
Thank you for this valuable information!
Best regards,
Patrick
attachment.htm (1.73 KB)
Patrick Ohnewein wrote:
At the end this means, there is no need for a backup of the OTP app data
itself. It seams also to be impossible to restore a backup on a
different device.
Hi Patrick,
this is the conclusion I came to. To elaborate, the OTP application I
use (Aegis) has the option to backup the vault on the cloud or to
download it as a file.
The former does not appeal to me (YMMV) and I can see the latter as a
quick way of importing all accounts at once. But I would see this as an
additional measure for convenience, and definitely not as the main (or
only) way to recover the 2FA tokens; always keep an direct, independent
way to regain access to your online services.
Thomas
Hi Patrick,
andOTP seems to have quite a good backup option\.
Cheers
Andreas