freeotp / freeotp-ios

Apache License 2.0
680 stars 171 forks source link

I consider FreeOTP as harmful software #338

Open tobwen opened 10 months ago

tobwen commented 10 months ago

summary

I now consider this software to be harmful, as it could cause massive damage to the user's digital life.

reasons

  1. the software has no backup options and even after years there is no movement to upgrade this function.
  2. there are no official instructions on how to create backups of the iPhone so that problems do not occur during recovery.

consequences

Depending on the configuration of the web service (or VPN, whatever), the user may be locked out of it and it might be very hard to reset. There are some web services that want a scan of an ID card or send a security to another e-mail address that you no longer have access to or you have to give answers to questions that you have forgotten about for years.

adivce

Before changing the device or software, find out how to reset 2FA and back up the QR code or text secret in a secure offline location. Then you don't have to pray or beg that some busy developer will add a necessary function at some future point in a possible timeline.

OWMC commented 9 months ago

@tobwen yup. The user should always be able to access the seeds.

72Zn commented 8 months ago

same as #334

72Zn commented 8 months ago
1. the software has no backup options and even after years there is no movement to upgrade this function.

there are, see here:

https://github.com/freeotp/freeotp-ios/issues/328#issuecomment-1789451835

FreeOTP follows the iOS security model and you need to be prepared for that.

send a security to another e-mail address that you no longer have access to or you have to give answers to questions that you have forgotten about for years.

both of these issues are your responsibility and hardly FreeOTPs fault. If you don't keep control of your e-mail, or your security questions, that's on you.

@tobwen yup. The user should always be able to access the seeds.

No, they shouldn't. You completely miss the point and purpose of two-factor authentication with security tokens. The point is to tie security to access to a physical device, such that an attacker needs to physically gain possession of the device in order to compromise security. If you allow display of, access to or easy unencrypted transfer of the seed, you undermine security and defeat the whole purposes of these tokens. At that point you can just give the user a second password that is as useless as the first one.

This (non) issue should be closed.

travisghansen commented 8 months ago

There are clearly different points of view on this but to boil it down to simplistic assumptions is probably not productive. Many respectable 2fa apps allow export, others don’t.

Searching the issue tracker seems to indicate there is an appetite for such a feature in this project. I would like to see this as well particularly since the project has had very little maintenance/innovation and generally seems stale. I personally have wanted to move to alternatives years ago but alas am still stuck because of this missing feature.

Can we register a pin or facial recognition and require that for each individual export or similar?