Good hints about storing 2FA code. I might have to unenroll and reenroll so I can get the original QR code again.
On a related note, I kind hate that gmail doesn't let you enroll in 2FA (with google authenticator) unless you provide a phone number in the beginning. I mean, can you make it more obvious that you want my information more than you want to actually secure my account? I can't think of a reason why you have to be forced into giving phone number to enable it.
I essentially prefer Google authenticator over yubikey since it's harder to replace a lost yubikey. Google Authenticator can be "moved" to a different phone very easily as we talk above. This potentially makes it less secure, but I trust my password manager enough that it's a non issue.
|