alt Hacker News>"just have more devices with passkeys"
Confirms that strategy then
For people who only use passwords having an extra device can help too. Google does not necessarily permit a login with a backup code, so to me it seems ideal to grab a spare phone, log into important accounts, and store it with a trusted party/friend.
It could be very difficult to login to an account like Gmail from overseas in the event of PC+phone[+hardware key] theft. Maybe no big deal if you can port your number to a new phone right away. Or maybe the trusted friend can help (unless Google still finds the login suspicious after all, no idea there)
>It could be very difficult to login to an account like Gmail from overseas in the event of PC+phone[+hardware key] theft
Literally happened to me in Poland, which is why I avoid passkeys like the plague.
(The thief got caught months later. That didn't help me.)
>Maybe no big deal if you can port your number to a new phone right away.
T-Mobile won't mail a SIM card overseas, and I doubt others will either. There is no "maybe", it's a certainty that you won't be able to.
>Or maybe the trusted friend can help
Yeah, my wife literally mailed me SIM card to Poland.
It took over week.
And a "trusted friend" would first have had to get it somehow.
>Or maybe the trusted friend can help (unless Google still finds the login suspicious after all, no idea there)
At least I logged into my accounts from that city before the laptop and phone were stolen, so my logins were not "suspicious".
That's with a password.
_____
PS: screw Citibank's mandatory phone -based "2FA".