I think the best solution is a physical 2fa key - its like a usb key that you plug into your computer when asked for your 2nd factor. 1password lets you have your 2fa app and a physical key set up on your account so both will work. You can then store the physical key with your emergency kit - i have this one here and I keep in a fireproof safe with my emergency kit
I got some of my users a U2F key from Ubikey. It just sits in one USB port on their computers and they just have to physically touch it when they sign in.
A handful of problems with it though:
one key per account, meaning you cannot leave one at work and also have one on the road with you
it doesnt seem to work across multiple devices - two of my users caught covid and were given a laptop to work from home for the week, the keys were delivered with the laptop but both had the error "must use the key registered to your account" when they tried to authenticate using the key
So if your users only access Salesforce on one machine, its a pretty good solution in terms of convenience.
The key itself i bought on Amazon: https://www.amazon.ca/dp/B07M8YBWQZ/ref=cm_sw_r_apan_glt_i_24S7BYA98FWF3EYKXVXT?_encoding=UTF8&psc=1
24 bucks US. Amazon. YubiKey NFC
Yubico FIDO Security Key NFC - Two Factor Authentication USB and NFC Security Key, Fits USB-A Ports and Works with Supported NFC Mobile Devices – FIDO U2F and FIDO2 Certified - More Than a Password https://www.amazon.com/dp/B07M8YBWQZ/ref=cm_sw_r_cp_api_glt_fabc_PBR4B8A919THJ7SZT2D5
Yubikeys. Now that mobile supports WebAuthn, you don’t even need one of the fancy expensive ones in most cases. You can just grab the $25 blue Yubikey Security Key as long as you have a phone that supports NFC.
Unfortunately, Yubikeys rarely go on sale, and usually its just 2-for-1 when they do. But the blue Security Keys recently went on sale for $12.50, which was a steal for a FIDO2 key with NFC IMHO.
I scan everything and put it in my Google Drive. In folders. Every time I receive a letter or something, I scan it and file it in the appropriate folder.
The files start with YYYY-MM-DD_
Example : 2021-04-15_Reddit_Document_Prep_Howto.pdf
The date is either the date written on the document if there is one, and if there is none, the date I received/scanned it.
Don't trust Google ? Put it in an encrypted ZIP file, or encrypted PDFs.
If you do this I very strongly recommend you enable 2-factor authentication on your Google account, with a security key if you are comfortable with that (and no other mean). Yes this is what I use and it's great but have two security keys and never loose them...
You do need to also regularly put it in a flash drive if for any reason you loose access to your Google drive. Make sure this flash backup is in an encrypted ZIP as it contains a LOT of data that can be used for ID theft.
Red Pocket wouldn't be a solution for you, since it does not offer international roaming (you wouldn't be able to use the number in Mexico).
The only solution would be to sign up with a mobile carrier that does offer international roaming. I don't want to list competitors here, but you should be able to easily find one that meets your needs, after some Googling.
If Bank of America is your only problematic business, you can authenticate with them using a hardware security key (FIDO U2F) instead of using SMS. Go to the security section on BofA's website to set it up.
You can buy a key on Amazon: https://smile.amazon.com/Yubico-Security-USB-Factor-Authentication/dp/B07M8YBWQZ
These keys are the gold standard in authentication.
And, before someone suggests it, NO, Google Voice won't work for this.
If you're using CEX, stick with the giants (Coinbase, Binance) AND use a strong 2FA like Yubikey. Never use SMS.
I use Bitwarden. It's on the list of privacytools.io, a mirror of The Hitchhiker’s Guide to Online Anonymity and maintained by a wide community of privacy and security specialists/hobbiests on the internet. Bitwarden has a free version that meets everyone's needs, but I subscribed for less than $1.00 a month personally because I support their mission and transparency as an open source password manager.
For a hardware authentication I have a YubiKey 5 NFC. They recently-ish released some biometric keys but the simple ones meets everyones needs. Their first ((or second?)) generation keys are still sold on Amazon for $25.00. My only grip with YubiKey is that there are not a lot of banks that support hardware tokens, but that's not their fault. Banks are not incentivized in anyway to be per-emptively updating their security.
YubiKey is the only thing that I feel will meet your needs or placate any worries. If you lose your mobile 2FA, you still have a hardware 2FA available that only you own and can still access things like Bitwarden, email, etc to reset their mobile 2FAs. The only caveat I recommend is two have two (2) YubiKeys incase you lose one. I haven't done this though and I really need to prioritize it lol
Another crucial note: if you wanted to use Yubikey with any password manager I think most require you to use their subscription services. Don't quote me on that - so if you want to use a password managing service be prepared to financially support one of them and be selective on which one you believe in and their mission
You can get two security keys such as these ones (you need two), then enable the Advanced Protection : https://landing.google.com/advancedprotection/
Careful : you MUST NOT lose these security keys or you WILL NOT be able to recover your account. Keep one in a very safe place at home, and maybe keep the other one with your house keys. If you lose one key IMMEDIATELY purchase another one, unenroll the lost one, and re-enroll the new one to ensure you have two working keys at any time. But this will prevent anyone else from signing into your Google account unless they have at least one of these physical keys in their possession.
From there you will also need to change the passwords to ALL of your accounts.
Also, you can use the security key to sign-in in many other websites that support USB security keys such as Facebook, and many others.
Whats the difference between this,
​
​
And this,
please?
Great post. Has it been moved somewhere else? If you don't need TOTP then you can get FIDO 2 U2F NFC key or $24.50
A basic Yubikey is about S$50, more if you want also NFC and/or USB-C.
Deal link: Amazon (additional 15% off coupon on app)
Category-wise subreddits for Amazon Deals:
Category | Subreddit |
---|---|
Electronics | /r/Deals_Electronics |
Computers and Accessories | /r/Deals_Computers |
Video Games | /r/Deals_VideoGames |
Home Improvement | /r/Deals_HomeImprovement |
Clothing and Accessories | /r/Deals_Apparel |
Grocery | /r/Deals_Grocery |
Discord Server: Instant deal notifications on our Discord Server!
Amazon Canada Deals: /r/OnlineDealsCanada
Disclaimer: The deal links are affiliated. We may earn a small share on qualifying purchases. It does not affect the deal price in any way.
Deal link: Amazon (additional 15% off coupon on app)
Category-wise subreddits for Amazon Deals:
Category | Subreddit |
---|---|
Electronics | /r/Deals_Electronics |
Computers and Accessories | /r/Deals_Computers |
Video Games | /r/Deals_VideoGames |
Home Improvement | /r/Deals_HomeImprovement |
Clothing and Accessories | /r/Deals_Apparel |
Grocery | /r/Deals_Grocery |
Discord Server: Instant deal notifications on our Discord Server!
Amazon Canada Deals: /r/OnlineDealsCanada
Disclaimer: The deal links are affiliated. We may earn a small share on qualifying purchases. It does not affect the deal price in any way.
will this device from Amazon, work? https://www.amazon.com/Yubico-Security-USB-Factor-Authentication/dp/B07M8YBWQZ/
The $24 Feitian model is equivalent in features to the $27 Yubico Security Key, not a YubiKey.
You can look up the difference between a Yubico Security Key and a YubiKey yourself.
I'd say that the Feitian Key is actually worse than a Yubico model for the same price (ignoring the lack of USB-C):
If you buy a Yubico key from Yubico directly, you are likely to get a recent firmware version that supports Credential Management and other recent FIDO2 features. For the Feitian key, they have next to no documentation on what FIDO2 features/specs are supported such as credential management (e.g., delete FIDO2 resident credential) and the max number of resident credentials allowed.
> I'm assuming the company is legit and meets a high bar.
Feitian is a legit Chinese company and their products are pretty top notch if you pay the same as the American counterpart (their new products are NOT cheap). They also sell very cheap crypto tokens that are used by millions (unfortunately, with a lot of fakes).
But you know, some people prefer products that originate exclusively in America/EU, especially Federal contractors and the likes. Yubico is far more accountable to these Western government entities (and citizens) than Feitian in China (NOT Taiwan). Especially when it comes to software/UX, firmware and recalls.
> Google's own Titan BT/USBA keys etc are made by Feitian so I'm assuming the company is legit and meets a high bar.
Yubico wrote a blog post about Google (Yubico's long time partner) deciding to go with Feitian:
https://www.yubico.com/blog/the-key-to-trust/
A year later, it was proven that Yubico was right to not release BLE keys:
I wouldn't say that Feitian cannot be trusted, since Yubico has replaced keys for worse. But I have far more trust in Yubico than Feitian. I don't think Feitian would have replaced those keys if they were not working with Google.
Buy a key with NFC, FIDO2 compatible.
FIDO2 keys are compatible with sites/apps that use FIDO-U2F systems.
this last one has Multi-protocol... but I think it will be a wasted because I will only use U2F/FIDO2
PS: NEVER NEVER NEVER buy just 1 key. Always keep a backup key (registered and stored in a safe)