On 19/08/2015 03:13, Nathaniel McCallum wrote:
On Tue, 2015-08-18 at 21:10 -0500, Jonathan Brown wrote:
> I use the IOS of FreeOTP and love the app but would it be possible to
> add a backup option in case the phone gets lost or stolen? That is
> the only thing missing with this great app.
The problem is that if the phone is lost or stolen you don't want to
have a backup. Rather, you want to disable the token altogether (since
it is now compromised) and create a new one.
Similarly, if you can backup the token, then someone can compromise the
backup. For instance, if you left your phone on a table someone could
quickly perform a backup and then return the phone to you. You would
have no idea the key was compromised.
In case you trust your computer 100%, you can always screenshot the QR
codes. But the compromise issue is always there.