But very few organisations have that amount of capability and I have nothing stored in my accounts that is worth that capability. In essence someone has to both get my 1Password password, 1Password secret key and either compromise my phone (for Authy) or my phone number (to recover 2FA backup codes via Dropbox SMS recovery), or my computer (for direct Dropbox access). I have my 2FA backup codes in Dropbox, which itself is behind 2FA. It checks for an active device so that if you have only one device active and do a reinstall you can still activate. If you don't have Authy in multi-device mode it will be impossible to activate another session, and if you do activate another session while in multi-device mode Authy will check if any other devices are active and if so will ping those devices with a verification request. You just give Authy a relatively simple password, and don't save it anywhere.
0 Comments
Leave a Reply. |