You're right: In case of compromised tokens you of course have to replace them. However not all providers provide backup methods, so it's me confident to login to an account with the current token and create a new token. (Even that's often not possible...)

About not noticing when another backs your tokens up: Of course you have to lock your phone with a PIN or padlock. That's where we have no influence - the user of course has to secure the phone. Otherwise it's not better if the phone is stolen so the attacker can not read the tokens more but just use the phones App. So if the phone is not secured properly you should not recommend him to use FreeOTP at all.
Of course you could add another PIN to the app but I think that's not really necessary.

BTW I'm using they Android version - there is no backup method too.

And there is another (not such critical) scenario were backups would be useful: if you switch to another phone, reset your phone or flash a custom ROM or something like this. There no attacker has access, but you just want a backup for obvious reasons: to transfer your tokens. (or to make sure that they are not completely lost if something should fail)

> Subject: Re: FreeOTP Backup
> From:
> To:
> Date: Tue, 18 Aug 2015 22:13:51 -0400
> On Tue, 2015-08-18 at 21:10 -0500, Jonathan Brown wrote:
> > I use the IOS of FreeOTP and love the app but would it be possible to
> > add a backup option in case the phone gets lost or stolen? That is
> > the only thing missing with this great app.
> The problem is that if the phone is lost or stolen you don't want to
> have a backup. Rather, you want to disable the token altogether (since
> it is now compromised) and create a new one.
> Similarly, if you can backup the token, then someone can compromise the
> backup. For instance, if you left your phone on a table someone could
> quickly perform a backup and then return the phone to you. You would
> have no idea the key was compromised.
> Nathaniel
> _______________________________________________
> freeotp-devel mailing list