Currently I use Bitwarden for storing passwords and Aegis for 2fa. Is is okay to store recovery codes in my Bitwarden vault or I should store them in somewhere else like Tresorit, Dropbox with cryptomator.

  • Brickfrog
    link
    fedilink
    English
    11 year ago

    Store them offline. A simple USB stick with screenshots of your QR codes & backup codes would cover this.

    Some people also print them out to keep offline but you’d need a printer handy to do that.

    TBH I’ve never understood why someone would store backup/recovery codes in the same application they store their passwords in. If your password storage is compromised then you’d indeed be completely and utterly compromised when the attacker also has your backup/recovery codes.