Multi-Factor Failure

As you pull into your driveway, you realize that your garage door is broken and you can’t get in. What do you do?

Simple you say, I park and use my front door key to let myself in and then manually open the garage door from the inside.

But what if you don’t have a front door key with this set of keys?

Well that’s fine, my parents live five minutes away and I’ll grab the backup key they have so I can get in.

Great! Okay, now lets apply this to your digital life! You’ve gone through and have followed all the best personal cyber security plans out there and you feel secure. You have strong unique passwords on each account. You even have multi-factor turned on. You’re feeling good and safe, and you probably are.

But what happens when your secure setup is missing a few tools through something unforeseen? What happens if your phone with your Google Authenticator is stolen? Or you get a new phone and mistakenly wipe your old phone before transferring your multi-factor? Or you lose your keys along with your Yubikey?

How do you regain access to your carefully constructed and guarded digital life?

These are the questions you want to ask yourself BEFORE you have to have the answers.

The central point of most of your digital life is most likely the email address that your password manager is linked to, so lets start there. In most people’s cases, this is gmail.

1. Memorize your main Gmail username and password. Yes, you want secure passwords, especially for sensitive accounts, but its important that you be able to actually use the account. Because of that, sometimes you’ll need to actually memorize the occasional password. Make it long, but easy for YOU to remember.
2. Save at least one set of multi-factor backup codes from your Gmail somewhere you can easily reach in the event of being locked out of your account. Write it in your planner in a way that’s easy to obscure. Tell the set of numbers to your mom and ask her to write it on fridge. If you’re really wanting to be secure, print it off and put it in a safety deposit box. The great thing about backup codes is that they completely worthless without the service, username, and password. Seeing 8 numbers scribbled in the margin of the month your dog was born isn’t going to tip anyone off.
3. Memorize your Lastpass (or other password manager) username and password. Once you have access to your gmail, you can then go to the Lastpass website, and using your username and password, click the link to disable your Yubikey or other multi-factor you no longer have. This will send an email to your Gmail and allow you to bypass multi-factor on Lastpass.
4. Ensure each service in Lastpass (or other password manager) has backup codes saved alongside it. This final piece of the puzzle will ensure that you can get back into every service that you have multi-factor on, and then reset the multi-factor for that service.

With this above backup plan, you can regain access to your Gmail without having access to your password manager or multi-factor key, then pivot to gain access to your password manager, before pivoting back to every other service. Your accounts are still safe and secure from anyone who isn’t you, but you now have a backdoor into the center rooms of your digital kingdom.

Stay safe out there.