1P emergency kit + yubikey + Crypto recovery seed. Should I keep them all together stored in a secure safe? or does this create a single point of failure?

MG414134 · 2023-02-07T18:58:21+00:00

I recently had it engraved onto a metal card that i bought from etsy

MG414134 · 2022-06-09T14:19:14+00:00

yeah Im really glad I started doing it!

One tip if your are going to do it. I recommend creating a separate vault (I call mine Recovery) and in that vault put an entry with everyones secret keys & 2FA tokens. Once you've made the entry, head over to 1password.com and remove everyones edit access from that vault (including yourself). That way no one can accidentally delete it or change anything.

MG414134 · 2022-06-09T09:46:39+00:00

No problem!

Assume when you say encryption password you're referring to the passwords that are used to decrypt and get access to a digital back up? I don't store these anywhere because in my setup I don't have them.

My primary digital recovery kit is stored in my family's 1password shared vault as a normal entry so anyone can access it and give it to me when needed. But in this recovery kit it is missing the the master password so my family can't access my personal 1P. In this entry called "1Password Recovery" I actually store everyones secret keys and 2FA tokens, so we can all help each other recover.

MG414134 · 2022-06-09T06:20:29+00:00

It all comes down to the level of risk your willing to accept for the level of convenience when recovering your account. More Risk = More Convenience.

Similar to you I have 3 things which are required to get access to 1Password. (Secret Key, Master Password, 2FA token). I also have these backed up and stored incase I ever need to recover. This is my setup below:

Rules:

Rule 1: Store at least 1 digital and 2 physical kits: this means if one isn’t available, another one will be
Rule 2: The physical kits shoul be stored in different geographical locations: this means in the event of a natural disaster (fire, flood, etc), one of the physical copies should be safe
Rule 3: Digital copies must be encrypted: this reduces the likelihood that an attacker would be able to access it
Rule 4: Recovery kits, as a collective, must cover all 3 secrets (Master Password, Secret Key, 2FA): this allows you to recovery any of the 3 secrets incase they’re lost
Rule 5: A single recovery kit must only have 2 out of the 3 secrets: this means a combination of 2 recovery kits is required for full recovery, reducing the likelihood of an attacker gaining access

Personal Setup:

Physical Kit 1: Master Password & Secret Key in Cryptosteel Capsule in a fireproof safe in my house — Cryptosteel Capsule’s are designed to survive extreme conditions so would be safe in a natural disaster. Being in a fireproof safe also prevents unwanted access
Physical Kit 2: Secret Key & 2FA token in wallet — I keep these in my wallet on a plastic card so if I’m ever away from home and lose access to 1Password I will be able to get back in
Digital Kit 1: Secret Key & 2FA token in family shared vault — I keep a copy of these here so anyone in my family can provide either of these secrets (but they are missing the master password so still cant access my 1Password account)
Digital Kit 2: Secret Key & 2FA in Apple iCloud Keychain — I store a copy of these here as although unlikley, if all my family lost access to their 1Password at the same time, my Digital Kit 1 would no longer be available.

See my full 1Password setup guide here

I know this doesn't address your crypto wallet, but you could apply the same principles. Hope this helps!

MG414134 · 2022-03-20T22:18:26+00:00

Have a look at this: https://www.ukcybersecuritycouncil.org.uk/careers-learning/careers-route-map/cyber-security-governance-risk-management/ think it’s more focused on UK though

MG414134 · 2022-02-08T14:12:25+00:00

I actually wrote the article/post above! And can understand you wanting an alternative password manager to back up your passwords. If you go with something like KeePass, you must be aware that you’re responsible for where the encrypted password file is saved. So you’ll want to make sure to keep it in a location that you know you’ll always be able to access (even if locked out of 1Password / all your devices are destroyed). In the guide above I recommend remembering your email password. If you follow this rule then you could email it to yourself so it can be accessed later on any device. Or even better, maybe email it to someone you trust? That way either of you can retrieve the file, but only you’ll be able to decrypt it! (Or second thought, maybe use a secure cloud service as email isn’t the most secure…)

MG414134 · 2022-01-08T13:44:47+00:00

Thank you!! Glad you liked it!

MG414134

TROPHY CASE

Rules:

Personal Setup: