I didn’t say I’ve been pwned in my posts, although it has happened to me via password reuse in the past when I was younger. Services like HIBP are very useful to see which services have had password databases stolen so you can then go and update your passwords.
Perhaps ‘taking it personally’ isn’t accurate, but I do work as an IT professional and 2FA is a core part of securing any digital environment, so seeing someone advising against it just feels wrong. Any serious enterprise, private, public, government, military etc all make extensive use of 2FA.
If you have your own methods to circumnavigate this (you don’t, it’s just risk reduction not elimination) then cool, all I’m saying is you probably shouldn’t advise strangers on the internet to adopt your alternatives when a very established and easy to use primary method exists.
I initially wasn’t going to go into any of it nor have I released everything I have in place (I bet you can understand why). I don’t expect people to change nor do I believe I implied I wanted them too. If someone is okay with using 2FA for their games by all means.
My initial post was just my gripe with 2FA and gaming platforms in particular it was never meant to be all that deep.
We both know if someone is paranoid enough there are great and extensive lengths people can go to to protect their data/digital assets. I wouldn’t recommend all that much for merely a game account.
Never understood the need to not write your password down.
I mean if you work at a public space where a lot of people have access to, yes surely then i would understand it.
But both at my home and at my workplace, if someone would have access to my book of knowledge, the place were all my passwords rest, the biggest problem would NOT be that they now have my passwords, it would be that they got access to that.
I keep all my private login information for everything in a book, and that book is in a wallsafe in my home. The access to that safe is shared with people i have trust in (my relatives).
Should i be unlucky and get into an accident or whatever, they can then cancel subscriptions/delete accounts etc. without the problems that arise if you dont have the login informations.
It’s just bad practice. A password is meant to be a secret, as soon as you record it somewhere in plain text that is not also locked behind other very reliable secret/password methods (aka, a password manager) then your password is no longer a secret, it’s compromised. A wall safe is fine as long as the access is controlled, and I guess you can trust family (up until you can’t?). It also depends heavily on you following your process of opening the safe, using the book, then putting it back and locking reliably every single time. You’re also trusting everyone you’ve granted access to the safe to perform the same actions and handle the data with care and not create copies.
Every second that book is not locked in a safe is a second of your entire digital life being exposed to anyone within arms reach. I’m aware this sounds paranoid, but it’s the reality of the matter, you should always consider worst case when it comes to account security.
Getting into the habit of recording passwords in plain text on paper in a private setting just increases your chances of doing the same thing in a public setting, hence ‘bad practice’
Typically any account access can be granted by support teams in the event of death/incapacitation, I’d never advise to record passwords and compromise account security just to set yourself up for an easy post-death handover.
I understand the logic behind it.
But im not keeping big secrets in my private life that are protected by a digital login.
Even if i would forget to keep the book in the safe (which i dont, since i normally just write in passwords, and dont use it to read them up (i have memory for that)) the bigger issue at hand would be that someone managed to brake into my house to get access to the book.
Im far more concerned about the chance that someone would manage to access my gun safe, then i am about someone finding out the login to a research site im subscribed to.
Well, no. My habit of doing certain very private things in private does not increase my chances of doing the same things in a publice setting.
Surely it can be granted by support teams. But if you ever had the “joyful” experience of doing so like i had, you might think different about it.
Just proving someones death can be a big issue, depending on where you´re living, and doing so with companys outside of your homecountry (im not a US citizen) is pure pain.
On top of that, before you cancel anything you got to know what there even is to cancel.
I fully understand all of your counterpoints, it does not however make it good practice. You can (and will) continue to do what you do, as many millions do around the world, it does not however mean that it’s a good way to go about securing your digital accounts.
A digital password manager secured with a single very strong and secret master password + modern multi-factor authentication is superior to a book in a safe.
Book in a safe could perhaps be used for recovery seed/phrases for the password manager, it would need to be very secure though. Not shared, never removed.