Hi, Recently I was in a bit of a bad situation, I was in another city conducting interviews for some roles I was looking at pursing and went out for a few drinks afterwards and I must of got my drink spiked as the last thing I remember was getting bundled into a police car and being dropped back at my motel room with no wallet/keys/phone and barely any clothes.
After waking up in the morning I began the fun experience of trying to get everything back, as I was in another city I didn't have access to any of the normal stuff that I could use to prove who I am (Passport/Birth Certificate/Bills etc), so I went to the police station and got a police report and tried to go to Telstra to get any sort of phone so I could at least access Google Pay to get some money. The police report didn't help them and they were still unable to get me a new phone with the same number because I was unable to produce photo ID. In the end I had to get a family friend authorized onto the account and get him to come into the store and provide his ID so they could do a SIM swap/grab me a new phone. There were more issues with internal Telstra systems after this but it was a heap of fun!
After getting a phone I had to start an interesting battle with Google, Lastpass and Microsoft. As any tech savvy person should do, I used a Password Manager to look after all my passwords, Unfortunately for me I made this too secure and if I logged in on a new computer it would send an email to my Google account asking to verify the new computer (And then I had Duo MFA securing the login).
I then tried to recovery my Google account which then asked for either MFA codes, Old Passwords, or a recovery code sent to my personal O365 email. Out of all of these the only possible one I could get access to was Authy for my 2FA codes as it's tied to my phone number. BUT all the 2FA codes are encrypted so it was useless without a password (Which is stored in Lastpass). So a diagram of my problems is below
So how did I get back into my stuff? I cheated and called my roommate and gave him the password to my PC so I could Teamviewer in and grab passwords out of my Lastpass from there.
What can I do to regain access in the future?
It's tough, because I was taking the exact same steps an attacker would have to do to compromise my information and all of the services acted exactly as I would of hoped (Which kind of sucked in that situation) but there isn't really any way to do this easily and I am tossing up a few options
- Emergency Access with Lastpass - This is already configured but for 7 days. Considering lowering this to 3 days. Wouldn't of helped in this situation
- Export Lastpass monthly to a Keepass DB and sync with Dropbox or similar cloud storage and don't use MFA on that account with a different password to Lastpass (Currently the option I am considering)
- Carry a second phone around and use that purely as a backup (Leave it in a hotel safe etc)
My 2 cents
It was a pretty crappy situation to be in and there is no real right answer to this I believe. I think the Dropbox option is the best, but it does open up the option of someone getting into that and getting access to the Keepass DB but I think with the correct settings I should be right