Passcode/Touch ID to the app?

[ghost]

When will you add Passcode/Touch ID when opening the app to the Tofu Authenticator app?

[calleluks]

Hi @briannyeko! I currently have no plans on adding this feature.

I'd love to know more about what kind of situations you think it would be valuable in, though!

[ghost]

Hi Calle! I view 2FA authentication apps(Could be used to access information(emails,financial or technological information) that could be valuable to individuals) similar to a bank vault(you have multiple locks and passwords in order to access the money/gold) 😁 .

So I thought it would be a good idea to suggest to you when you would add a passcode/touch ID function to your app(in case you lose your phone or if someone steals the phone from you, if would be hard to access the verification code if touch ID/Passcode is a feature of the Tofu Authenticator app.

[calleluks]

Thanks Brian, I appreciate the suggestion!

in case you lose your phone or if someone steals the phone from you

Aren't these cases already covered by the passcode lock on the phone?

[downandout]

A passcode/TouchID prompt before you can access Tofu would improve security. Let's say someone has gotten access to your phone and your password for one of your accounts. They could then simply open Tofu and use the 2FA code to get into your account. Maybe not very likely but still possible and not very good for you.

Authy has this feature — please see https://support.authy.com/hc/en-us/articles/115001950787-Backups-password-Master-password-and-PIN-protection-with-Authy#h_441a3a95-522d-43b0-a029-e8b8399287ca.

[calleluks]

@downandout, doesn’t the iPhone passcode lock already provide protection in this scenario?

[downandout]

No, it doesn't. You mean the passcode (TouchID, FaceID) that you have to enter to get into your iPhone? In the scenario I proposed, an attacker (robber, border control agent etc.) would have already gotten into your phone, for example, by forcing you to unlock it. Then there's nothing to stop them from getting into Tofu, correct?

[calleluks]

Yes, that's the lock I mean.

If I'm forced to unlock the phone's passcode lock, I'm not sure how another passcode/Touch ID lock would prevent access to Tofu? Wouldn't I be forced to unlock that one too?

I'm not trying to be difficult or negative here. I just want to be sure this feature would add value before someone spends time implementing it and before I commit to supporting it going forward.

[downandout]

Okay, you're right, maybe my example was flawed. :P How about this though: If a user for some reason does not use a code, TouchID or FaceID on their iPhone, then a 3rd party could easily get into the phone and then into Tofu. A code or TouchID for Tofu would then be a good defense.

[grzegor]

Ok, so the point of 2FA is to have 2 things to authenticate (thing you know and thing you have for example), but now most of us use some sort of password manager (hopefully) and usually this manager and 2FA token generator are on the same device. If somehow somebody acquires your device in unlocked state and you recently used your PM so the lock timeout hasn't yet triggered they will have both the password and token. It's not that unlikely scenario, you may want to hand your device to someone to show them some photos and go to the toilet. Usually this will be trusted person, but if not, then saying "give my my phone back, I will show you the rest of the photos when I'm back" is just something socially awkward to say because it may look like you're obsessively paranoid.

When you think of security layers that you can add you think of the balance between ease of use and security it actually provides. When poor security upgrade makes something annoying to use it may actually lower the security. Windows UAC prompts in Vista was a good example as it taught its users like Pavlovian dogs to click just any prompt in order to use the computer. But in the age of easy system level biometric bypass to PIN codes, using this in Tofu would be actually free as it would be almost invisible in terms of typical use cases. Yet it will give you a peace of mind in various situations like the one above so you won't have to stress about them too much.

Please consider adding this mechanism as an option. It's just a good security practice, adds another layer for the attacker, would not annoy normal users and should be easy enough to add and maintain in code.

Fun fact - similar attack vector (access to unlocked device with unsecured 2FA generator) was exploited in second season of Mr. Robot.

[DagAgren]

It seems that a second TouchID/FaceID prompt in the app would protect you against one case: When your phone is snatched from you while unlocked, and kept unlocked until it can be used for 2FA. This seems like a very unlikely threat scenario, though, and if someone is that determined to get access to your services, you probably have larger problems that are not easily solved by this app.

Having a separate passcode in the app would protect you against the additional case where someone gets your locked phone, and has some method of getting around the the phone lock. As far as I know this would be tricky but possible for TouchID, and I do not know of any successful attacks against FaceID.

Both seem a bit like security theatre, but the passcode is the more effective of the two.

[calleluks]

Thanks for the arguments! I'm convinced this feature could provide value and since it is mostly orthogonal to existing features I hope it won't prevent us from adding other features down the line.

If someone would like to work on this, I'd be happy to review a PR. If not, I'll get to it when I have time.

[xijio]

I'll add another example. I frequently unlock my phone and hand it to someone so they can navigate while I drive or some other common scenario. They're using my phone with my permission without direct monitored access. This feature would prevent someone from sneakily gaining access to my TFA pins while they have access to my device. Sounds like you already accepted this as valid, but wanted to add a little fuel to the fire :)

[NC740]

Any news on when this feature will be implemented? Just downloaded and app and loving it, although I feel this is the only feature that is missing.

[calleluks]

@NC740, I'm glad you like the app. I have no timeline for when this feature will be ready. I don't have much time to work on the app at the moment. If you want help, please consider supporting my work: https://github.com/sponsors/calleerlandsson

[sallyFoster]

Are you planning on adding it?

[cesarferradas]

Some good news.

In iOS 18 you can now "require Face ID" for almost any app (see "Lock an app" section here).

Just verified this works for the Tofu app:

This means we can close this issue, or is there a reason to still build this natively?