There’s a fire or gas explosion or earthquake or something, and you need to leave all those behind. What do you do?
> Oh, everyone else is just hoping they never lose their phone? Really?
I would be very, very surprised if that’s not what the vast majority of the population is doing. Many people have a phone as their _only_ computing device, and no printer, and don’t really understand why they should be carrying around scrawled codes in their wallet.
I guess the right answer is that I have the backup codes carefully preserved.... off site! In case of natural disaster. Every time I sign up for a new account, I print out the backup codes, and take them to an off-site secure storage location, which of course i have... somewhere.
There's no way 90%+ of internet users are doing that.
I'm not even going to pretend I have any chance of doing that.
> I have the backup codes carefully preserved.... off site
Yeah f no. Most people just screenshot their backup codes and put it in a Google doc somewhere in plain text, at best. And at worst, they go "what the hell are these codes" and close the window.
Which, security-minded folks would know, is effectively equivalent to just writing passwords down in plain text.
Nobody thought to put even a tiny speck of product management into this system.
Although not as safe as a printout, I keep codes encrypted on a couple of flash drives, one stays in a drawer and one that's always on my person with my keys, yubikey etc. Haven't needed the codes thus far but feels like a decent compromise.
There’s a fire or gas explosion or earthquake or something, and you need to leave all those behind. What do you do?
> Oh, everyone else is just hoping they never lose their phone? Really?
I would be very, very surprised if that’s not what the vast majority of the population is doing. Many people have a phone as their _only_ computing device, and no printer, and don’t really understand why they should be carrying around scrawled codes in their wallet.