I use 2FA whenever I can and sometimes fear I'm relying too much on it. For example, I don't really care too much about my password being found out since it's not going to get a person access without the secondary auth, so I use fairly easy passwords for the sites that have 2FA and stronger passwords for those without. But there is a way in with just the password: through the use of my own devices in some way, either through hacking in or through interception of an sms. Still, it would be tough to do, so I can't help myself to not worry about it.
What I worry most about is losing the device itself or losing the data on it that allows 2FA to work in the first place. My phone. I have 17 accounts in Google Authenticator so if I lost those I'd be so screwed. If I lost them, I wouldn't have access to any of the accounts anymore without the serious headache of trying to get access to them again. I never realized this until I decided to upgrade to Android L on my Nexus 5, my only phone.
I didn't realize how hard it was to backup the Authenticator codes until I tried to do it. There's no way to back them up after closing out the page with the secret Authenticator code and QR barcode. You have to write that code down or store it somewhere, or be rooted and extract the Authenticator database. By the way, those secret codes are stored in plaintext so if you're rooted and install a rogue program - good luck.
I came across a Straight Talk phone at Walmart called the Optimus Fuel for $29 with Android 4.4 and a dual-core processor. I thought, this would be perfect as an offline device for storing Authenticator codes, but also for taking pictures of other important information such as backup login codes and Bitcoin Armory paper backups. Obviously, airplane mode would be activated as soon as it's turned on for the first time, followed by encrypting the phone itself. So the idea is every time I added an account to Authenticator, I'd use the backup phone's camera to securely and easily backup the 2FA information.
After playing with the phone for several days, it's actually a really great phone for the price, so I decided to just use it as an audio streamer and portable speaker. Today I bought a second one, that I'll be keeping totally offline and do just as I described above to store sensitive information on.
So am I stupid for doing this or is it a good idea? How do you backup your 2FA codes? I haven't opened the second one yet.
