0xbb
commented
8 years ago Hey @srguglielmo, I agree with you that one should have a backup of the secrets. I personally use the app for eight different services and all of them offer backup codes. I usually print out the codes and store them in a safe place, but one could also print out the QR code as a backup. Can I ask which website is not offering backup codes?
I actually thought about adding a text version of the secret key, but I never encountered any service which is not offering QR codes.
Do you plan to write down the secrets by hand? If one is printing the text version he/she could also easily print the QR codes instead.
srguglielmo
In the event that one's phone is stolen, lost, or damaged, it is important to have a backup of the secret keys as some websites/services do not provide backup codes. Since this app does not allow
adb backup, nor does it have an export/backup function, the secret keys must be backed up by the user upon generation. One could either take a screenshot of the QR code or save the text version of the secret key.Since taking a screenshot of every QR code is bothersome and painstaking, not to mention insecure (even if saved to an encrypted volume, the OS may inadvertently save to /tmp or elsewhere unencrypted), I'd like to request that a feature be added to this app which allows adding an account using the text version of the secret key.
I very much enjoy the simplicity of this app and was very happy to see an alternative to FreeOTP added to F-Droid. I applaud such simplicity and intuitiveness of the user interface, however I do feel like this is a necessary feature if the decision to disallow a backup/export function is upheld.
Thank you for your time!