I’m trying to plan for potential lockout situations between my password manager and 2FA app and was hoping to get some advice. Here’s my current setup
Bitwarden protected by master password to access any password protected by 2FA code from Ente to login to the vault on a new device. Once logged in, 2FA is not needed periodically backed up to my NAS
stores all passwords for every online service I use
stores passwords for all services I self-host on my NAS
Ente Auth (iPhone) backups of recovery codes on my NAS backups of all codes on my NAS
2FA codes for all online services
NAS VPN access outside of network can SSH in – SSH key backed up in Bitwarden self-hosted File Browser, and can view files via web interface – password for this stored in Bitwarden
stores backups of Bitwarden passwords & 2FA Codes (among other things)
Obviously, there’s a lot of inter-dependency here.
The most likely situation I can see happening is that I lose my iPhone (physically, or it dies on me). If this happens, I could be in a tough situation:
If I’m already logged into Bitwarden on another device (ie Laptop), I get the passwords for my NAS file browser and access the 2FA backup codes
If I don’t have access to my laptop (i.e I’m traveling) then I’m in a tough spot – I can’t access my NAS because the passwords are in Bitwarden. I can’t login to Bitwarden on a random device because I need the 2FA code, and I lost my phone
I see a few solutions to this problem:
Since Bitwarden is so important in my flow, I should add another 2FA method to Bitwarden (ie Yubikey). This way, if I lose my phone or I’m traveling, I still have an alternative for my accessing my Bitwarden, and therefore, getting to my server to get backup 2FA codes for other services
The NAS is another choke-point. It may make sense to use a passphrase that I can remember to access it. This way I don’t have to rely on BItwarden
As a final resort, having emergency info written down somewhere in my home (ie a safe) would be useful – master password, bitwarden recovery key, etc
I did this and it saved my life. I bought a biometric thumbprint yubikey (if someone steals it I’m not concerned). I was using Raivo OTP when their bug wiped all of my 2FA, including Bitwarden. I nearly locked myself out of everything if it wasn’t for my backup key.
The key saving factor here is that backups should be independent of one another. Specifically, the failure points should be isolated from one another. For example, having 5 backups on a phone means you have a single point of failure (SPOF), which is the phone. Having all backups in the same location is also another SPOF. Deciding your acceptable level of risk for backups depends on your threat model.
Its possible my yubikey could have broken and then I wouldn’t have had a 3rd failsafe. Nowadays, I periodically export Bitwarden to Proton Drive encrypted, so worst case is I may have a slightly stale backup (better than being completely FUBARd).
Your set up feels too complicated for me but here’s what I do since you ask:
I have a very strong randomly generated password memorized. I use that password to open Ente Auth (with no 2FA) in which I store my Proton Pass 2FA with email ID, and my strong randomly generated Proton password in the notes section. This way, I really only have to remember by Ente Auth account username and password while even my password manager’s credentials are safely stored.
This may not be the best way to do it but I have it set up this way because of a redundancy where if I end up losing access to all my electronic devices, security keys, and everything else - I can always get a new computer and get access to all my accounts no matter what happens.
Another way I used to do it is this: I still store my Proton 2FA in Ente Auth but I do use the same but strong randomly generated password that I have memorized for Enete Auth and my Proton Pass. This would also give the same redundancy I value.
Also, I get to access Ente Auth on any computer and browser which is fantastic. You don’t even need a phone to get your 2FA info or any other account details you may have stored within it.
I consider this system a fool proof for my threat model and I’m sure this would apply to a lot of people’s threat model. And it’s also a unique way of setting it up that I haven’t heard anyone suggest before but this is what I cam eup with and it works well for me.