This is not an emergency. I haven’t forgotten my master password nor locked out my account, I just want to explore password recovery and think about the implications in terms of security. Many services have provision for recovery, but the recovery means you have a gaping security hole. What would you do to recover?
For the master password, it appears that the only thing you can do is send a hint. If you have an open vault somewhere, I can export the vault, wipe out my account and reimport?
For 2FA, we can print out a recovery code. This is the only way? What happens if you don’t have a recovery cod and the 2FA devices gets destroyed? If I learn anything so far:
- Write down the Master Password and store it somewhere off-line.
- Backup the vault by exporting it. This will be use to recover if there is a
- Save the recovery code for 2FA.