The 2FA backup paradox
Password managers are great for frequently used credentials, but are not suitable for storing 2FA backup codes (example in the image below). After all, storing 2FA in the same place you keep your passwords completely defeats the purpose of having a second factor authenticator!
So where are you supposed to keep these codes? printing them out and keeping them in a drawer is a step away from having passwords written on post-it notes hanging off your monitor. Probably not the best idea.
Some 2FA authenticators automatically back-up your data to the cloud, which is neat! But since you keep the password to your authenticator app in your password manager, you have a circular dependency, and risk losing all your credentials if you lose your 2FA device and are logged out of your password manager.
This, is the 2FA backup paradox. There was just no good way to do it!
Vitalik Buterin (one of the Ethereum co founders) wrote about the need for wider adoption of social recovery for crypto wallets, but this model just happens to be the ideal model for storage and recovery of other critical data, such as 2FA backup codes.
Kosign (www.kosign.xyz) vaults are designed for social recovery, protecting the data with a quorum of key guardians. Vault keys are distributed between family/friends/colleagues, which need to have consensus to unlock the vault, with for example, 4-out-of-10 key guardians.
Kosign vaults can also be printed and backed-up on paper for cold storage and data succession — however — unlike printing backup codes, Kosign vaults remain encrypted on paper. This enables the vault to be recoverable with support of your quorum, even in your absence. This model is also ideal for succession of digital assets.
