The backup security codes useful, but awkward and I don't know how to handle them securely.
Keep in a text file? Malware might find that file apparently. Also it might get uploaded to backup etc..
Keep in a password manager? But my main password (nice and strong) is already there, so putting both in the same place would defeat the whole "2 factor" thing.
Take a picture with a phone? This may be uploaded to the cloud automatically, and thus become accessible to attacker. Also those recovery codes are only needed if main MFA (a phone) is dead.
So far I think the best way might be to print them out (being careful not to save file) and put in the wallet. Let's just hope the copies are not left in the spooler dir or in swapfile...
Another option is to maintain 2nd password manager just for the recovery codes, but in this case it won't be used often, so there is a good chance I might forget the passphrase...
Store them on a LUKS encrypted thumb drive what a crazy long pass phrase that you only ever mount on an airgapped computer running a live distirbution. Clone the drive and store it in a variety of geographical locations.
Keep in a text file? Malware might find that file apparently. Also it might get uploaded to backup etc..
Keep in a password manager? But my main password (nice and strong) is already there, so putting both in the same place would defeat the whole "2 factor" thing.
Take a picture with a phone? This may be uploaded to the cloud automatically, and thus become accessible to attacker. Also those recovery codes are only needed if main MFA (a phone) is dead.
So far I think the best way might be to print them out (being careful not to save file) and put in the wallet. Let's just hope the copies are not left in the spooler dir or in swapfile...
Another option is to maintain 2nd password manager just for the recovery codes, but in this case it won't be used often, so there is a good chance I might forget the passphrase...