That's easy to backup. You can even print it and bury it in a sealed box in the garden or put it in a book or whatever. It depends who you are protecting against.
That means you're one natural disaster away from losing everything.
As much as it can "weaken" security, an electronic backup is still recommended for most
Maybe I'm being dense (probably), but where would you save it?
iCloud? No, that doesn't work - you need the key to access iCloud.
Some other cloud storage service? No, that doesn't work - you need your phone to generate a token for access and your phone was destroyed in the same fire as the paper backup.
Seems like the safe choice is a lock box at a bank or similar. Or a fireproof safe at home.
But safety deposit boxes are a good choice too, just be careful to balance your own convenience. If you can't easily update your backups, you're really unlikely to include new accounts in them
You definitely don't need your phone for access. I use Yubico security keys for everything like this. I have several of them that are on all my accounts and I don't keep them in the same place.
Of course, a code like that can be in multiple places, possibly where it won’t be recognized as such.
The conventional way to do this would be encrypt it with a symmetric cipher keyed from a password or passphrase. I've been using an unconventional approach where the secret you have to memorize is an algorithm rather than a password/phrase. Programmers might find an algorithm easier to memorize than a passphrase.
Here's an example of this general idea. The algorithm is going to be a hash. This one will take a count and a string, and output a hex string. In English the algorithm is:
hash the input string using sha512 giving a hex string
while count > 0
prepend the count and a "." to current hash and apply sha512
I'd pick a count (say 1969) and a string (say "one giant leap for mankind"), actually implement that algorithm, run it on that input and string. That would give me a 512 bit number. I'd take "3FAEAB4D-BA00-4735-8010-ADF45B33B736" and turn it into a number too (by treating at as 36 base 256 digits). I'd xor those two numbers, print the result in hex, and split it into 2 smaller strings so it wouldn't be annoyingly wide.
Then I'd save the input count, input string, and the output:
1969 one giant leap for mankind
ed428dffa23f4f14ae2a7b7e842019fc11b5726d726b96c11ec266758be67cb0
f2a78a320a85df809afe83c6c7840e2d175cceadb455260735405cd047459cc9
I could then do a variety of things with the "1969 one giant leap for mankind" and the two hex strings. Put then in my HN description. Include then in a Reddit comment. Put them on Pastebin. Take a screenshot of them and put it on Imgur.
To recover the code from one of those backups, the procedure is to implement the algorithm from above, run it with the count and string from the backup to get the 512 bit hash, take the 512 bits of hex from the backup, xor them, and then treat the bytes of the result as ASCII.
Then delete the implementation of the algorithm. With this approach the algorithm is the secret, so should never exist outside your head except when you are actually making or restoring from backup.
When picking the algorithm take into account the circumstances you might be in when you need to use it for recovery. Since you'd probably only be needing this if something so bad happened that you most of your devices and things like your fireproof safe, you might want to pick an algorithm that does not require a fancy computer setup or software that would not be in a basic operating system installation.
The algorithm from this example just needs a basic Unix-like system that you have shell access to:
#!/bin/sh
COUNT=$1;
shift;
KEY=`/bin/echo -n $* | shasum -a 512 | cut -d ' ' -f 1`
while [ $COUNT -ge 1 ]; do
KEY=`/bin/echo -n $COUNT.$KEY | shasum -a 512 | cut -d ' ' -f 1`
COUNT=`expr $COUNT - 1`
done
echo $KEYFinding somebody’s will doesn’t give you access to any of their data or funds.