Password protect Google Authenticator App

[ThomasHabets]

Original issue 237 created by warpspear on 2012-12-30T14:18:40.000Z:

I really miss the option to password protect the Google Authenticator App, so not just anybody can get the secret numbers shown.

In general software otp app's (RSA, Entrust and so on) are protected to keep the tokencodes hidden for unauthorized users.

This will raise the security on the app significantly.

/Thomas

[ThomasHabets]

Comment #1 originally posted by kexianbin@diyism.com on 2013-04-23T09:14:49.000Z:

Password protecting Google Authenticator App is especially important for android 2.2 which without disk encrytion.

[ThomasHabets]

Comment #2 originally posted by kexianbin@diyism.com on 2013-04-23T09:15:34.000Z:

Password protecting Google Authenticator App itself is especially important for android 2.2 which without disk encryption.

[ThomasHabets]

Comment #3 originally posted by kexianbin@diyism.com on 2013-04-23T09:21:01.000Z:

In fact, you should password protect the key in /data/data/com.google.comandroid.apps.authenticator2/databases/databases

https://code.google.com/p/google-authenticator/issues/detail?id=5

[ThomasHabets]

Comment #4 originally posted by hploeb2020 on 2013-07-23T11:40:01.000Z:

Fully agree. App needs password protect.

[born2net]

we really need pin protection for authenticator... come on guys... basic stuff

[ThomasHabets]

Your pull request appears to have been lost in the mail.

[ThomasHabets]

FYI: This project is about the open source version of non-Android app. If this is about android then re-file in google/google-authenticator-android

[jrencz]

It'd be great to see this kind of protection in iOS version as well

[Sharkesm]

Definitely, we need a pin to keep out unauthorised user's from viewing those generated key tokens on iOS version.

[nitrocode]

+1 This is a necessity. LastPass also doesn't have this. Only Authy seems to have this.

[nicomollet]

Really important feature, I need this too

[mvfbbk]

+1 I would like to request that this feature be given high priority for all platforms

[TheRealDannyyy]

@ThomasHabets Any update on this? This seems to be a major security concern, that can currently only be solved by using 3rd party apps.

There are several apps that already support this feature (mostly banking related). One more useful thing that those apps sometimes do is automatically "pin/password lock" the app, if it's opened but not in active use for a certain amount of time.

[ThomasHabets]

No updates. It's say it's a valid feature request, but I wouldn't phrase it as "major security concern". If someone has access to my unlocked phone, then this is very low on my concern. The people with feasible physical access to my phone (let alone my unlocked phone) are pretty much a completely disjoint set from the people who would be able to access my password.

Well, not 100%, but very close.

Adding standard appstore/opensource disclaimer below.

--

FYI: The version in Google Play Store / Apple App store is not the same as this opensource version. They've diverged. This opensource version is also unlikely to end up in the app stores. This open source version doesn't get much love, but I'll accept well-written pull requests. But don't expect this feature to be implemented by Google.

[TheRealDannyyy]

FYI: The version in Google Play Store / Apple App store is not the same as this opensource version. They've diverged. This opensource version is also unlikely to end up in the app stores. This open source version doesn't get much love, but I'll accept well-written pull requests. But don't expect this feature to be implemented by Google.

Thanks for the info! Missed out on that one.