this post was submitted on 08 Apr 2025

40 points (97.6% liked)

Privacy

36975 readers

389 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Traveling internationally (question) (lemm.ee)

submitted 1 week ago by ramble81@lemm.ee to c/privacy@lemmy.ml

31 comments fedilink hide all child comments

So I’ll be traveling in such a way that I’ll be crossing the US border. I want to take a burner phone so I can wipe it, or have innocuous enough data. The problem: all my passwords are stored in a password manager that uses 2FA tied to my primary phone which will be sitting at home (along with other sites that use 2FA tied to authenticators on my phone).

So remembering passwords is out. And not having access to 2FA presents a catch-22. So what’s the best way to approach that?

all 32 comments

sorted by: hot top controversial new old

[–] Jerry@feddit.online 29 points 1 week ago (1 children)

This tells me that you'd be in a lot of trouble if you lost your phone or had to wipe it because someone got into it. It's probably good then that you're now thinking about this so you can prepare for a time when you won't have your phone for other reasons.

All sites supporting 2FA usually allow you to use a second method. Email is usually an alternative. Assuming that your email is your universal second OTP method, you just need to make sure you will always have access to your email account and you'll be fine. So just solve for the OTP problem for your email account.

Pre-buy your burner phone and make it a second OTP device for your email account. For more assurance, buy a couple of physical keys (like Yubikey) that can be used with your email account. These can also be set up for some of your other accounts that support it, which may be more convenient than email when accessing them.

[–] galoisghost@aussie.zone 19 points 1 week ago (3 children)

Assuming your 2FA method is TOTP. Back up the 2FA keys to an encrypted file, with a long passphrase. Take it with you (or store it in the cloud, in this situation this is possibly safer). The when you need them just

install a TOTP app
import decrypted keys
login to things. Then when you’re done logout of things and delete the TOTP app.

[–] makingStuffForFun@lemmy.ml 15 points 1 week ago (2 children)

I like this. Australia has draconian phone search laws when entering, so I might adopt this in the future on principle.

[–] Loucypher@lemmy.ml 3 points 1 week ago* (last edited 1 week ago) (1 children)

What happens when you get in? You need to let them access everything ?

[–] makingStuffForFun@lemmy.ml 1 points 1 week ago (1 children)

Everything, or indefinite detention without a lawyer.

[–] Loucypher@lemmy.ml 1 points 4 days ago

Jesus Christ!

[–] HiroProtagonist@lemmy.ca 1 points 1 week ago (1 children)

Does everyone's phone get searched or is it still random or profiling?

[–] makingStuffForFun@lemmy.ml 2 points 1 week ago

Random. I haven't been hit yet, but, it's a matter of time

[–] marauding_gibberish142@lemmy.dbzer0.com 1 points 1 week ago

Saved.

[–] mac@lemm.ee 1 points 1 week ago

Can't access the cloud without my passwords!

Guess I'll be traveling with a handful of USBs with my encrypted totp keys.

Also, my phone has a duress password, anyone know if I could just get away with traveling with my phone as-is and just giving them my duress PW if need be?

Phone runs graphene os

[–] ramble81@lemm.ee 13 points 1 week ago* (last edited 1 week ago) (2 children)

Thanks for the suggestions. Here is what I’m probably gonna do:

Upgrade BitWarden to premium
move my TOTP codes into there
Get a Yubikey for 2FA for it
Keep a second 2FA TOTP option available in case I lose the key

Then all I’ll need to do is reinstall it, and log in with the master password and key and be good for any of my sites.

[–] irotsoma@lemmy.blahaj.zone 2 points 1 week ago

I do this as much as possible, though I have a self hosted VaultWarden instance. I really wish more stuff supported TOTP or Yubikey. There's still a ton that only support text or email which just puts a big old hole in the security, IMHO.

[–] samsapti@feddit.dk 2 points 1 week ago

Perhaps you could also print an encrypted version of your Bitwarden TOTP secret on a QR code and bring it with you in your luggage?

So, encrypt the secret with a passphrase you can remember, encode the entire thing in a QR code and print it on a piece of paper. Easy.

[–] wuphysics87@lemmy.ml 4 points 1 week ago (1 children)

I carry a yubi key to unlock my password manager. (Probably shouldn't have said that) If you have a form of 2fa they wouldn't know about, that might help you

[–] Telorand@reddthat.com 8 points 1 week ago (2 children)

Having a Yubikey isn't supposed to be a secret. Security through obfuscation is poor security.

It wouldn't be much of a secret anyway, since your device would say something like, "Please present your hardware key," when logging in. If OP had a Yubikey with them, ICE could simply search them and use it themselves.

Yubikeys are excellent against digital attacks but not physical ones, since it's akin to carrying a lock and key together.

[–] ramble81@lemm.ee 3 points 1 week ago (1 children)

Use it themselves

That’s why a Yubikey is a 2nd factor. You still also need a password which you are not legally bound to divulge (in the US). Additionally if you uninstall your pw manager in advance they may see you have a key but they don’t know what it belongs to.

[–] Telorand@reddthat.com 2 points 1 week ago* (last edited 1 week ago)

Yep, I was more thinking about the first step of unlocking a phone, which I believe you can set to just be a Yubikey, rather than having a password and key combination.

"Something you have plus something you know."

But I wouldn't rely upon a Yubikey, simply because I would be worried border agents would take it indefinitely.

[–] wuphysics87@lemmy.ml 1 points 1 week ago* (last edited 1 week ago)

Security is about making it harder for the bad guys to get to what you don't want them to get to. If they were sufficiently determined, sure they could get to it, but it is another layer. And one they may not expect, or if they were not sufficiently trained, what to do about.

[–] propter_hog@hexbear.net 4 points 1 week ago (1 children)

How many services do you need to log into during the trip? If it's a minimal set, you could temporarily change their passwords to something memorable, and then change it back using your password manager when you return.

[–] Jabril@hexbear.net 3 points 1 week ago (1 children)

Or get a second free password manager just for the stuff you need but aren't worried about and temp change them, put them on second one, take just that one and change back after returning

[–] propter_hog@hexbear.net 2 points 1 week ago (1 children)

Even better, because then the passwords would still be unique and difficult to crack

[–] mac@lemm.ee 3 points 1 week ago

Yeah travelling with a Keepass vault of necessary accounts is starting to sound like the move

[–] samsapti@feddit.dk 2 points 1 week ago

So your password manager uses your phone as 2FA, and the credentials inside your password manager also use your phone as 2FA? Hmmm...

So essentially, you can't bring your phone, that's the main issue. Does your authenticator on your phone support exporting a backup? Then store that in your password manager if that's possible and set up an alternative 2FA for your password manager (SMS on the burner phone number perhaps or a security key). Then when you arrive, reinstall the authenticator on your burner phone and import the backup.

[–] frightful_hobgoblin@lemmy.ml -1 points 1 week ago

Post the phone to yourself?

[–] Cattypat@lemmy.blahaj.zone -2 points 1 week ago (2 children)

could you store them through physical means? if so, consider what passwords you'll likely need (if you can't write all/most of them) and put them in a notebook? not qualified to speak on this at all btw just spitballing

[–] frightful_hobgoblin@lemmy.ml 3 points 1 week ago (1 children)

Bad idea (assuming you write them down in plaintext)

The notebook can be read

[–] Cattypat@lemmy.blahaj.zone 1 points 1 week ago (1 children)

tbf I'm not exactly sure what their threat model is, I dont know if theyre worried about having a notebook looked at vs online gov snooping etc

[–] frightful_hobgoblin@lemmy.ml 2 points 1 week ago (1 children)

I was thinking airport searches.

[–] ramble81@lemm.ee 3 points 1 week ago (1 children)

Correct, that’s why I mentioned “crossing borders”

[–] frightful_hobgoblin@lemmy.ml 3 points 1 week ago

Yeah and the guards will certainly search any papers you have on you. Worst place for your passwords.

[–] DieserTypMatthias@lemmy.ml 1 points 1 week ago

If you mean laptop by notebook, then OK. Otherwise no.