Convox Community

Is it possible to remove a security token from my account in an emergency?

I’ve set up a yubikey as a security token for the Convox console and CLI. However, I just realized that I would be in serious trouble if I ever lose my yubikey (e.g. stolen laptop.) For example, going for a trip overseas and losing my luggage, then my servers start crashing and I’m no longer able to fix anything or deploy updates.

I would just like to know if there’s a process where I can remove a security token from my account in an emergency?

Also, it might be good to add an alternative 2FA method, such as Google Authenticator? I think this would give me more peace of mind, since I am able to back up my 2FA secret keys. I have both set up with Okta, which has been useful whenever I forget to bring my yubikey somewhere. Thanks!

I’ve realized that I need to get a couple of spare Yubikeys: Spare YubiKeys - Yubico

Yubikeys can’t be backed up, but you can add multiple Yubikeys to your Convox account. So if you use a security token for authentication, then I think it would be wise to get at least 2, if not 3. One that you use regularly and keep plugged in, one backup that you keep at home, and a second backup that you keep at a different location (safety deposit box, parent’s house, etc.)

Spare security keys are a good idea. Just keep in mind that Convox limits you to 2 security keys per account (at least on the base plan, though my guess is that’s true for other plans too).

Google’s Advanced Protection Program also requires two security keys (though you can add more). They used to recommend a bundle with 2 physical keys (a primary and a backup) though now they let you use the built-in security key on newer phones. I’m not aware of any other services that can take advantage of the built-in phone security keys yet, though.

1 Like

Thanks @nickf! That’s a shame about the limit of 2 security keys, it would be nice if Convox could increase that to 3. I’d like to have one for daily use, one backup at home, and one off-site backup (in case I lose everything at home in a fire, for example.) But I’ll just have one at home and one off-site for now. Thanks!