A little prep makes all the difference.
It is an interesting challenge: you’re far away from home and your wallet, your mobile device, your laptop… everything… is all stolen or lost.
How do you reconnect to your life?
Become a Patron of Ask Leo! and go ad-free!
All need not be lost when all is lost
Lost everything digital while traveling? Don’t panic, but do prepare beforehand. Store encrypted bootstrap info with a memorable password, keep 2FA recovery codes, and have a trusted contact. A tiny microSD card hidden securely (with encrypted data) can be a digital lifeline.
Losing everything
I went through this thought exercise some years ago when my wife and I traveled overseas. My “worst case” scenario was some kind of incident that had us alive but with literally only the clothes on our backs. Without money, identification, or a phone, how would we start to cancel credit cards, get some cash, protect airline tickets, or any of the hundreds of other tasks suddenly facing us?
It’s a process of bootstrapping: you want to be able to regain access to one resource that in turn lets you access other resources.
But how do you get into that first account?
Bootstrapping
This kind of bootstrapping requires preparation. You need to answer the question, “What information do I need to keep, in what account, that would allow me to regain access to everything else?” This could be a cloud storage account like Dropbox, an email account, or a password vault.
For me, for example, that means in one of my cloud storage accounts, I keep an encrypted copy of my 1Password Emergency Kit. That kit allows me to access my 1Password vault, which contains all the information I need to get back into all my other accounts.
But there’s a catch. This “bootstrapping” cloud storage account has a strong password and uses two-factor authentication. Even if I remember the password (which in this case I wouldn’t, as it’s a 20-character random password), I still wouldn’t have my second factor (my phone).
So how to get started?
If you have only your memory
If everything really is gone, two approaches come to mind.
Phone a friend
As part of disaster planning, designate a trusted contact to access your information should anything happen on your trip. Well, something just happened. Call them. This requires that you have their phone number memorized, know enough information to find their number, or be able to contact them in some other way.
An email address might be enough, assuming you have their email address memorized and can find a public computer to use. However, since you don’t have access to your accounts, you’ll need to create a new one. Your contact, then, will get an email claiming to be from you but using an email address they’ve never heard of.
Now might be a great time to establish a code word to confirm your identity.
Have them give you the appropriate information — account ID, password, and possibly a two-factor code in real time — that allows you to access that primary account.
That primary account
I’m on the fence about this one, but if the above doesn’t work for any reason, and you need to be completely self-reliant, we need to do something else.
Have one account — ideally email, cloud storage, or an account including both — that:
- Is accessible wherever you travel.
- Requires only a strong yet memorable password to get in (no two-factor authorization for this one, alas).
- Holds an encrypted file containing the bootstrap information you need. Again, the password should be strong and memorable. I recommend you encrypt using a ubiquitous and easy-to-get tool, like Zip, or a tool you’re certain you can find when you need it.
This feels “icky” (technical term, that) because only a password protects the account. The good news, though, is that another password protects your critical information — that of the encrypted file.
You need to remember only those two passwords: that of the online account and that of the encrypted file.
With just a little digital information
Relying on only your memory or on a very trusted friend covers the absolute worst-case scenario. One tiny bit of preparation, though, can really ease things, particularly if you haven’t lost quite everything.
For example, you might place the encrypted file I talked about above onto a microSD card. You would then keep that in a secret but secure location — not your wallet (easily lost or stolen) or your other digital tools (ditto). I like the concept of belts that have secret pockets or some other way to make it part of your clothing. My goal would be to have it on my person at all times in such a way that it would not be a target for, say, muggers.
That way, as long as you have the clothes on your back, you have access to this important information. If it’s lost, the contents of the microSD card would be protected by at least one strong password.1
Related
I Lost My Two-Factor Authentication (2FA) Device. How Do I Sign In?
Fear of second-factor loss prevents some people from using two-factor authentication. There's no need to fear that scenario.What about two-factor authorization?
Nothing above replaces the two-factor device — typically your mobile phone — that you may have lost. That means you’ll be trying to get into accounts requiring your phone to prove you are who you say you are, but you don’t have that phone.
Not to worry.
When you set up two-factor authentication for your essential accounts (banking, email, and others), you were likely given the opportunity to save one or more recovery codes. Make sure that your bootstrapping information includes these codes. (If you don’t have these codes, take the time to generate them now. You don’t have to be traveling to lose your phone.) These recovery codes can typically be used exactly once in place of your second factor.
Alternately, some accounts have you set up alternate email addresses to be used to regain access without two-factor. In a sense, your ability to access this recovery account replaces the two-factor authentication. The only catch here is to make sure you’re not stuck in a loop where you need account A to authorize account B and also need account B to authorize account A.
Make certain you have recovery information, codes, or alternatives for two-factor authentication in place, and make sure that whatever information is required to activate them is stored in your bootstrapping information.
Once you regain access to the account, be sure to turn two-factor authentication off temporarily until you have a replacement two-factor device you can use.
Related
How Not to Get Locked Out of Your Microsoft Account While Traveling
I tried to get locked out of my Microsoft account while traveling. I couldn't. Why? I'd prepared. You can too.Problematic accounts
I’m not going to lie; all the preparation in the world may not get you back in to some accounts.
The example I’m thinking of is your Microsoft account. Because so many scams and account theft happen outside of your home country, Microsoft may impose additional security steps to sign in that you wouldn’t otherwise see. I’ve heard from people who could not sign in to their Microsoft account — meaning the couldn’t access their email — from a foreign country, even without losing anything. It wasn’t until they got back home that they could get back in.
While I kind of appreciate the extra security protecting my account, I’d prefer it not protect my account from me. But it’s important to realize that it can happen.
The solution? Make certain you have at least one other account that isn’t as paranoid about overseas sign-ins. Make sure they have good security, of course, but two-factor authentication, including the ability to use recovery codes, ought to be plenty.
And to be clear, while I use Microsoft as an example, other accounts may be affected as well. I don’t know of a clear way to tell other than checking support forums full of people complaining that it happened to them.
Travel documents
Even though it’s not technically about getting back into your online world, I do want to say a few words about your travel documents. If you lose everything, those will be among the missing as well.
Check with your local authorities on the legalities, but I have digital copies of all my important documents stored (securely) online. I add information about the trip I’m on, like itineraries, airline tickets, etc.
I wouldn’t expect a randomly created digital copy of a passport to be accepted as identification. However, it could speed up the process of obtaining a replacement. At a minimum, you’ll know your passport number.
Do this
In a word: prepare. Think through the scenarios, decide how concerned you need to be, and figure out what kind of information you might want to store where, just in case.
Hopefully, you’ll never need it, but if you do, you’ll be very glad you thought about it first.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
How ’bout you?
OK, travelers, how about you? Do you have any nifty approaches to solving this problem? Leave a comment below!
Podcast audio
Related Video
Footnotes & References
1: For extra security, you could place the encrypted file into an encrypted VeraCrypt volume, thus requiring two passwords. For even more security, you could place the encrypted file into a hidden volume created within a VeraCrypt volume.
My password vault requires 2 factor authentication to log in. That means if I lose my phone, I lose access to my passwords. I keep a .csv backup, Zip encrypted, in OneDrive. I would have to open the spreadsheet and copy and paste the password, but at least I have backup. It’s vital to back up your password vault.
OneDrive contains all of my personal files including scans of all my important documents.