Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You should never use only 2FA for something you don't want to be locked out of. You need a 3rd authentication method to replace the 2nd when you lose it, such as backup codes, that as well as a 4th one to recover a lost password.


> You should never use only 2FA for something you don't want to be locked out of.

Tell that to... everyone.

> You need a 3rd authentication method to replace the 2nd when you lose it, such as backup codes, that as well as a 4th one to recover a lost password.

That's on Cloudflare. If they don't offer backup codes, what can an end user do about that?


Manually record the seed key when you set up 2FA (usually this is contained in a QR code). Keep it somewhere safe and offline. It can be used to recreate your 2FA setup.


I've never looked into that possibility. Thanks.


Pretty sure backup codes are just a part of 2FA.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: