I'm still looking forward to 2fa devices that can be backed up or copied or otherwise actively replicated.<p>I feel like this would make a lot of people very mad. It's probably against spec for a number of protocols. The purpose seems like it's to build a single, trusted system that we have absolute physical control of.<p>But Matt's dead on here. I'm far more interested in how we cope with the out of control situations. Building a token we trust totally, but than having to ad-hoc reinvent a dozen odd recovery schemes on top of that- something there doesn't appear to be any standards for- makes me feel like this is an out of touch, logically-bankrupt security regime we're trying to foist on the world. The idea of security is so appealing, so compelling, that we've secured ourselves into an untenable position.<p>As a side note,<p>> <i>The question for me is not: what do I do incase my phone runs out of battery.</i><p>I really enjoy the image this popped into my head, of not storing backup house keys somewhere outside, but a backup usb charger somewhere outside the house, or magnetically attached to under your car: so you can get home & charge your phone to let yourself in, or get to your car & charge your phone to get in the car. Maybe the charge-port in cars- which we recently learned this week isn't cryptographically secured- should have a modest rate usb charger out (log into the app to unlock higher-rate power-delivery).
Three kinds of shibboleths: something you know, something you have, and something you are. Password, key/hardware token, and biometric. Or, as the joke among security folks goes, something you lose, something you forget, or something you no longer are (ever get a cut on your index finger?).<p>I’ve definitely heard of people having to do the kind of cold start Matt is talking about here. They had a bag stolen while bumming around South America, left with nothing but the clothes on their backs. Mostly it just takes time for mail to arrive. A hassle that, as long as you have friends and funds, can be dealt with.<p>I feel like recovering my digital life after, say, a house fire, would be somewhat more difficult, but as long as I don’t forget every password, I could bootstrap for sure. It does make me wonder if I should get an extra yubikey and store it somewhere offsite…
> (Dried fungus?)<p>This didn't surprise me, after having taken one of those "outdoor survival" weekends. Some kinds of dried fungus can be used to transport fire from place to place, in the form of a slow-burning ember that can easily be reignited. Can also be used as tinder to get a new fire started.<p>According to Ötzi's Wikipedia page [0], there was a second fungus in the 'first known pocket', that was probably medicinal.<p>[0] <a href="https://en.wikipedia.org/wiki/%C3%96tzi#Tools_and_equipment" rel="nofollow">https://en.wikipedia.org/wiki/%C3%96tzi#Tools_and_equipment</a>