[matthewtse]

So cool to read an article discussing a problem I run into on a regular basis.

Whenever I'm creating a 2FA backup on a piece of paper, anxiety hits me every time I cross over certain characters, o/0, v/u, 5/S, etc. I've come to add some fanciness to how I write these characters for this exact reason.

On "Phonetic similarity", reminds me of how I chose my wifi password. I wanted a common word with multiple consonants that a 3rd grader could spell, so I could share the password with a single phrase and have it be unambiguous. Ended up choosing "vacation".

[TacticalCoder]

> Whenever I'm creating a 2FA backup on a piece of paper, anxiety hits me every time I cross over certain characters, o/0, v/u, 5/S, etc. I've come to add some fanciness to how I write these characters for this exact reason.

My convention is that I put a dot '.' below every digit (this solves the 5/S, 0O, 8/B etc. issues [the actually problematic ones shall depend on your handwriting]).

If I'm really unsure, I add the NATO/aviation alphabet [1]. There's a 'U', I'll write 'Uniform' (in diagonal, starting from the 'U').

It only requires some discipline. I've done that since more than ten years now, never lost a single 2FA code.

[1] nitpicking about the actual difference between the NATO and aviation codes can safely be send to /dev/null

[2024throwaway]

I can’t believe people out there write these things down by hand on paper.

It’s mind bottling.

[NetOpWibby]

Damn, being psychic must be cool. I think your mind may be boggled though.

[matthewtse]

I do that out of paranoia/mistrust for my wifi network, printer, printer software, etc.

It's probably fine to just print it out, but for more sensitive items I definitely write it down by hand.

[Piskvorrr]

It's not as if the printer keeps a hidden cache of printed pages. Except maybe it does...even if the feature was created for entirely benign reasons.

[ant6n]

It’s not as if photocopiers could randomly replace letters or numbers, right? …right?

Or perhaps they could: https://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres...

[Piskvorrr]

That's one of the instances of "built with good intentions" I had in mind.

[kibwen]

I can't tell if this is sarcasm. Handwriting is deprecated now?

[vundercind]

2fa backup codes? Yeah, I’d be surprised at people writing those out by hand. They’re long and gibberish, odds of an unnoticed error are high. I’d also be surprised at people typing them by hand (as a way to record them, not to input them) for similar reasons.

[TacticalCoder]

Well be surprised. I write them down, by hand.

> They’re long and gibberish, odds of an unnoticed error are high.

That's why you "whitelist" those you wrote down and re-used with success: a little checkbox, which when checked means "Successfully re-initialized an authenticator with this 2FA?", works wonder.

A "dot" underneath a character means it's a number (so I'm sure not to mistake '5' with 'S', for example).

My "paper 2FAs" then go to the bank, in a safe.

I've never ever lost a 2FA access code.

[matthewtse]

> That's why you "whitelist" those you wrote down and re-used with success: a little checkbox, which when checked means "Successfully re-initialized an authenticator with this 2FA?", works wonder.

I just bake the whitelisting into every 2FA code I handwrite. Instead of scanning the QR into the phone and then writing down the backup, I just start by writing down the backup, and then input it manually from the note into my phone. Once successfully used, I know the handwritten 2FA code is valid.

> A "dot" underneath a character means it's a number (so I'm sure not to mistake '5' with 'S', for example).

That one's good, I'll start doing that from now on! I also found writing letters partially in cursive to help too.

> My "paper 2FAs" then go to the bank, in a safe.

Yep same, I got a bank SD box back in 2017 during my first crypto wave. Have found the $100/yr to be incredibly useful. More recently I've created a sort of "defense in depth" for my passwords/codes. Least important things are available a button click away on Bitwarden Chrome extension, more important things are non-cloud-synced google-authenticator on my phone with 2FA backup in bank SD box. Most important things (i.e. crypto private keys) are sharded into pieces and distributed amongst multiple SD boxes.