First of all, although I have been reading this forum for some time now, this is my first post, so please excuse me if I make any mistakes.
When setting up my password manager + email + 2FA, I encountered a dilemma. In my threat model, I am considering the rare possibility that (for example) while traveling abroad, I might lose my phone and need to access my password manager to log into the necessary accounts. In this case, despite having memorized the passwords from the password manager and 2FA, when I log in to Ente Auth from an unknown device, it asks me to enter the code that has been sent to my email (even though I have email verification disabled).
So, I find myself in a situation where I need the code in my email to access Ente, and I need the code in Ente to access my email.
Any ideas on how I can solve this? Is there an alternative that allows cloud storage, with a separate password that I can access from any device without having to log in to my email?
Typically, when you set up TOTP 2FA (randomly generated code), you are given a set up backup or recovery codes.
You can try memorizing one of them and that will let you bypass the TOTP 2FA once.
You’d also usually need to select “use recovery code” when prompted for the usual 6-digit code.
Every account has 2FA, and your model assumes you’ve lost access to every account while only guaranteeing access to one factor (memorized passwords)
You’d either need:
guaranteed access to the TOTP generator, or guaranteed access to a recovery code
The ability to access one account with password alone (turn off 2FA)
Add a different second factor to one account, like a physical yubikey, and guarantee it’s on you at all times
One option: keep an encrypted TOTP backup on accessible 1 factor cloud storage, memorize the encryption password, download it onto something like Aegis to access your accounts