FreeOTP working but backup/restore missing password

[mihaime]

I have FreeOTP running and all is good but if I try to do a backup and restore on another phone, I do not have the password. Is there any way to make this work out? I am having access to the app and QR codes are working. Or is this an unsupported scenario?

[Truyn]

Likewise, complete crap, I can’t transfer the backup, I don’t remember the password and I don’t even remember entering it. Why are there no other methods? Why this insanity, someone asked me if I needed an additional password

[mariush444]

the same to me. I make backup - the apk doesn't ask to enter a password but during restore there is a message to enter password. But which one ?

EDIT it seems (based on #4 #5) that it is impossible and maybe in a future .... Probably it works with google version only but who need google version? https://github.com/freeotp/freeotp-android/commit/5e9d85eb74a3ecc7f0604ad596cabbf3d1a15c88

probably time to change the app :(

[VincentSC]

Duplicate of #367 #321 #348 #344 #283 and probably several more.

The app's "solution" is just to blame the user for not remembering ever entering a password years ago.

Assume this will not be fixed any time soon, and better put the time into replacing every OTP-code you use...

[mariush444]

So remove export/import from menu because it is missleading and your explanation is "pure non-sens"

[mihaime]

I already implemented the final fix for this. Remove the app and replace it with something else :) One time recovering all accounts has been quite a life lesson. Never again.

[VincentSC]

Moved to Aegis. Took me on average 5 minutes per account to replace the 2FA. Most took 1-3 minutes, except three. Two microsoft-accounts were at WTF-level (same level of UX as FreeOTP), and had one webpage where I had to call for an account-reset. I left one microsoft-account to die, as it kept giving errors.

So who wants to move and has not managed to adb the "freeotp.ad" out, start with the accounts of old-fashioned corporates to see if it works. :)

For who wants to use the adb-method, a few remarks when your Android phone is encrypted:

• In the Android Development Environment, turn on Backup passwords.
• Decrypt the files using https://github.com/lclevy/ab_decrypt

You can recognize, when your backups are 500 to 600 bytes only, and it decrypts to an empty 1kb file.

After that it probably needs more steps, but I decided to just replace, as it was becoming a time-sink.

[mariush444]

I already implemented the final fix for this. Remove the app and replace it with something else :) One time recovering all accounts has been quite a life lesson. Never again.

Yes, it is very very good advice. It is not ironic, it is security reason. If developer can't understand if-then-else that means it is time to escape. Over

[Stan-Green-PM]

Yes, I did know my backup password and I was able to use it to restore to my new phone. So, the lesson learned is to know your passwords! Update: I take it back; everything seemed to import, but the codes do not work. So, something is still not right.

[VincentSC]

Maybe you can import the file into Aegis, to see if the export or the import has the bugs?

[Stan-Green-PM]

Aegis cannot import the vault from FreeOTP: com.beemdevelopment.aegis.importers.DatabaseImporterException: com.beemdevelopment.aegis.vault.VaultFileException: org.json.JSONException: Value ... (I cannot get a screenshot in Aegis)

[VincentSC]

Then export is broken

[Stan-Green-PM]

UPDATE: I found out that the one token that was not restored cannot be copied to a new device. (I don't know the tech details here.) I had to re-enroll the token. All the other tokens are working. So, I don't think any "bugs" exist in the backup/restore process.

[jessicachitas]

Has this issue been fixed? I got a new phone and it transferred all of my otps but they will not activate anymore. They will on my old phone still but not the new one.

[mihaime]

In my case it did as I changed the app to one that has better support and developers that maintain it and reply to issues. Having had to reset all my MFAs once has been the limit of what I could bear.

[mariush444]

confirm. I've choosen different app also. Someone here adviced Aegis app. It is good for me too.