It is no more cumbersome than buying a replacement yubikey. The only difference is that phones get replaced more often. This is an inherent tension when using a mobile device for long-term security.

Adding your keys to FreeOTP on a replacement or additional device can be quite cumbersome. It would require contacting many of the services to set up new keys, which in turn would require verifying your identity for each of those services.

To guard against the keys being stolen, the backup could be encrypted with a key from AGP or OpenKeychain (Android). Thus, backup and restore would require the key - if possible, FreeOTP could be made to require that the chosen key have a passphrase.

freeotp-devel mailing list