So I’ll be traveling in such a way that I’ll be crossing the US border. I want to take a burner phone so I can wipe it, or have innocuous enough data. The problem: all my passwords are stored in a password manager that uses 2FA tied to my primary phone which will be sitting at home (along with other sites that use 2FA tied to authenticators on my phone).
So remembering passwords is out. And not having access to 2FA presents a catch-22. So what’s the best way to approach that?
This tells me that you’d be in a lot of trouble if you lost your phone or had to wipe it because someone got into it. It’s probably good then that you’re now thinking about this so you can prepare for a time when you won’t have your phone for other reasons.
All sites supporting 2FA usually allow you to use a second method. Email is usually an alternative. Assuming that your email is your universal second OTP method, you just need to make sure you will always have access to your email account and you’ll be fine. So just solve for the OTP problem for your email account.
Pre-buy your burner phone and make it a second OTP device for your email account. For more assurance, buy a couple of physical keys (like Yubikey) that can be used with your email account. These can also be set up for some of your other accounts that support it, which may be more convenient than email when accessing them.
I carry a yubi key to unlock my password manager. (Probably shouldn’t have said that) If you have a form of 2fa they wouldn’t know about, that might help you
Having a Yubikey isn’t supposed to be a secret. Security through obfuscation is poor security.
It wouldn’t be much of a secret anyway, since your device would say something like, “Please present your hardware key,” when logging in. If OP had a Yubikey with them, ICE could simply search them and use it themselves.
Yubikeys are excellent against digital attacks but not physical ones, since it’s akin to carrying a lock and key together.
Assuming your 2FA method is TOTP. Back up the 2FA keys to an encrypted file, with a long passphrase. Take it with you (or store it in the cloud, in this situation this is possibly safer). The when you need them just
- install a TOTP app
- import decrypted keys
- login to things. Then when you’re done logout of things and delete the TOTP app.
I like this. Australia has draconian phone search laws when entering, so I might adopt this in the future on principle.
What happens when you get in? You need to let them access everything ?
Everything, or indefinite detention without a lawyer.
Jesus Christ!
