[rubyalex]

how do you recover from it if your yubikey got lost or stolen?

[lparry]

I'm pretty certain you're completely screwed if that happens. I don't think it's worth that level of risk to not know the password for your 1Password vault

[JonnieCache]

If it were me I'd have the long yubikey password written out on paper in a safe in my house somewhere, or in a bank vault or something. If an adversary is motivated enough to gain access to that, your days are probably numbered anyway.

[MAGZine]

if your house burns down with the paper and the key in it?

[groby_b]

If you have any data actually worth preserving, it might probably be worth it to

a) Get a fire-resistant lockbox, and b) have a safe deposit box at a bank.

[VLM]

I'd keep a paper copy of the passwords stored in the 1password because it would be an interesting DOS vector to get him locked out of 1password, somehow. By gaining access and changing his 1password password, or deleting his 1password, or ... something. At least theoretically as long as the attacker didn't mess with the accounts stored in 1password he could still get into his bank or whatever account.

Hmm how is 1password synced... you could corrupt the file and trust it to be synced somehow?

[jrockway]

"Forgot password" at every website you care about. (Getting your email back is the critical one, and I work around that by remembering that password myself. But most providers offer SMS verification, and if you self-host you can always pull the drive and edit /etc/shadow.)