this post was submitted on 08 Apr 2025

40 points (97.6% liked)

Privacy

37147 readers

273 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Traveling internationally (question) (lemm.ee)

submitted 2 weeks ago by ramble81@lemm.ee to c/privacy@lemmy.ml

31 comments fedilink hide all child comments

So I’ll be traveling in such a way that I’ll be crossing the US border. I want to take a burner phone so I can wipe it, or have innocuous enough data. The problem: all my passwords are stored in a password manager that uses 2FA tied to my primary phone which will be sitting at home (along with other sites that use 2FA tied to authenticators on my phone).

So remembering passwords is out. And not having access to 2FA presents a catch-22. So what’s the best way to approach that?

all 32 comments

sorted by: hot top controversial new old

[–] Jerry@feddit.online 29 points 2 weeks ago (1 children)

This tells me that you'd be in a lot of trouble if you lost your phone or had to wipe it because someone got into it. It's probably good then that you're now thinking about this so you can prepare for a time when you won't have your phone for other reasons.

All sites supporting 2FA usually allow you to use a second method. Email is usually an alternative. Assuming that your email is your universal second OTP method, you just need to make sure you will always have access to your email account and you'll be fine. So just solve for the OTP problem for your email account.

Pre-buy your burner phone and make it a second OTP device for your email account. For more assurance, buy a couple of physical keys (like Yubikey) that can be used with your email account. These can also be set up for some of your other accounts that support it, which may be more convenient than email when accessing them.

[–] galoisghost@aussie.zone 19 points 2 weeks ago (3 children)

Assuming your 2FA method is TOTP. Back up the 2FA keys to an encrypted file, with a long passphrase. Take it with you (or store it in the cloud, in this situation this is possibly safer). The when you need them just

install a TOTP app
import decrypted keys
login to things. Then when you’re done logout of things and delete the TOTP app.

[–] makingStuffForFun@lemmy.ml 15 points 2 weeks ago (2 children)

I like this. Australia has draconian phone search laws when entering, so I might adopt this in the future on principle.

[–] Loucypher@lemmy.ml 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

What happens when you get in? You need to let them access everything ?

[–] makingStuffForFun@lemmy.ml 1 points 2 weeks ago (1 children)

Everything, or indefinite detention without a lawyer.

[–] Loucypher@lemmy.ml 1 points 1 week ago

Jesus Christ!

[–] HiroProtagonist@lemmy.ca 1 points 2 weeks ago (1 children)

Does everyone's phone get searched or is it still random or profiling?

[–] makingStuffForFun@lemmy.ml 2 points 2 weeks ago

Random. I haven't been hit yet, but, it's a matter of time

[–] marauding_gibberish142@lemmy.dbzer0.com 1 points 2 weeks ago

Saved.

[–] mac@lemm.ee 1 points 2 weeks ago

Can't access the cloud without my passwords!

Guess I'll be traveling with a handful of USBs with my encrypted totp keys.

Also, my phone has a duress password, anyone know if I could just get away with traveling with my phone as-is and just giving them my duress PW if need be?

Phone runs graphene os

[–] ramble81@lemm.ee 13 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Thanks for the suggestions. Here is what I’m probably gonna do:

Upgrade BitWarden to premium
move my TOTP codes into there
Get a Yubikey for 2FA for it
Keep a second 2FA TOTP option available in case I lose the key

Then all I’ll need to do is reinstall it, and log in with the master password and key and be good for any of my sites.

[–] irotsoma@lemmy.blahaj.zone 2 points 2 weeks ago

I do this as much as possible, though I have a self hosted VaultWarden instance. I really wish more stuff supported TOTP or Yubikey. There's still a ton that only support text or email which just puts a big old hole in the security, IMHO.

[–] samsapti@feddit.dk 2 points 2 weeks ago

Perhaps you could also print an encrypted version of your Bitwarden TOTP secret on a QR code and bring it with you in your luggage?

So, encrypt the secret with a passphrase you can remember, encode the entire thing in a QR code and print it on a piece of paper. Easy.

[–] propter_hog@hexbear.net 4 points 2 weeks ago (1 children)

How many services do you need to log into during the trip? If it's a minimal set, you could temporarily change their passwords to something memorable, and then change it back using your password manager when you return.

[–] Jabril@hexbear.net 3 points 2 weeks ago (1 children)

Or get a second free password manager just for the stuff you need but aren't worried about and temp change them, put them on second one, take just that one and change back after returning

[–] propter_hog@hexbear.net 2 points 2 weeks ago (1 children)

Even better, because then the passwords would still be unique and difficult to crack

[–] mac@lemm.ee 3 points 2 weeks ago

Yeah travelling with a Keepass vault of necessary accounts is starting to sound like the move

[–] wuphysics87@lemmy.ml 4 points 2 weeks ago (1 children)

I carry a yubi key to unlock my password manager. (Probably shouldn't have said that) If you have a form of 2fa they wouldn't know about, that might help you

[–] Telorand@reddthat.com 8 points 2 weeks ago (2 children)

Having a Yubikey isn't supposed to be a secret. Security through obfuscation is poor security.

It wouldn't be much of a secret anyway, since your device would say something like, "Please present your hardware key," when logging in. If OP had a Yubikey with them, ICE could simply search them and use it themselves.

Yubikeys are excellent against digital attacks but not physical ones, since it's akin to carrying a lock and key together.

[–] ramble81@lemm.ee 3 points 2 weeks ago (1 children)

Use it themselves

That’s why a Yubikey is a 2nd factor. You still also need a password which you are not legally bound to divulge (in the US). Additionally if you uninstall your pw manager in advance they may see you have a key but they don’t know what it belongs to.

[–] Telorand@reddthat.com 2 points 2 weeks ago* (last edited 2 weeks ago)

Yep, I was more thinking about the first step of unlocking a phone, which I believe you can set to just be a Yubikey, rather than having a password and key combination.

"Something you have plus something you know."

But I wouldn't rely upon a Yubikey, simply because I would be worried border agents would take it indefinitely.

[–] wuphysics87@lemmy.ml 1 points 2 weeks ago* (last edited 2 weeks ago)

Security is about making it harder for the bad guys to get to what you don't want them to get to. If they were sufficiently determined, sure they could get to it, but it is another layer. And one they may not expect, or if they were not sufficiently trained, what to do about.

[–] samsapti@feddit.dk 2 points 2 weeks ago

So your password manager uses your phone as 2FA, and the credentials inside your password manager also use your phone as 2FA? Hmmm...

So essentially, you can't bring your phone, that's the main issue. Does your authenticator on your phone support exporting a backup? Then store that in your password manager if that's possible and set up an alternative 2FA for your password manager (SMS on the burner phone number perhaps or a security key). Then when you arrive, reinstall the authenticator on your burner phone and import the backup.

[–] frightful_hobgoblin@lemmy.ml -1 points 2 weeks ago

Post the phone to yourself?

[–] Cattypat@lemmy.blahaj.zone -2 points 2 weeks ago (2 children)

could you store them through physical means? if so, consider what passwords you'll likely need (if you can't write all/most of them) and put them in a notebook? not qualified to speak on this at all btw just spitballing

[–] frightful_hobgoblin@lemmy.ml 3 points 2 weeks ago (1 children)

Bad idea (assuming you write them down in plaintext)

The notebook can be read

[–] Cattypat@lemmy.blahaj.zone 1 points 2 weeks ago (1 children)

tbf I'm not exactly sure what their threat model is, I dont know if theyre worried about having a notebook looked at vs online gov snooping etc

[–] frightful_hobgoblin@lemmy.ml 2 points 2 weeks ago (1 children)

I was thinking airport searches.

[–] ramble81@lemm.ee 3 points 2 weeks ago (1 children)

Correct, that’s why I mentioned “crossing borders”

[–] frightful_hobgoblin@lemmy.ml 3 points 2 weeks ago

Yeah and the guards will certainly search any papers you have on you. Worst place for your passwords.

[–] DieserTypMatthias@lemmy.ml 1 points 2 weeks ago

If you mean laptop by notebook, then OK. Otherwise no.