Support for CloudKit sync

[jeroenleenarts]

Hi, I know and understand your reasoning behind NOT sharing credentials outside of the app sandbox.

But I would consider it a very beneficial feature if cloud something like CloudKit syncing would be supported. Especially when done with a proper pass phrase used as a basis for a symmetric encryption key.

How fundamental is your stance on NOT allowing any syncing? I would welcome it very much IF executed correctly. (And I could try and have a stab at it.)

[jeroenleenarts]

To make this work in the current codebase I think the settings should be stored with https://developer.apple.com/documentation/foundation/nsubiquitouskeyvaluestore

I would store the secrets through that mechanism as well. But to keep your ownership requirement you could encrypt the settings with a passphrase that is stored this device only. Users can then choose to transfer all tokens by entering their pass phrase on another device. I would suggest requiring a pretty long phrase, maybe even generate a random one.

[antedebaas]

please do not implement syncing. It invalidates the 'something you have' validation. it would make eliminate the 2nd factor in a 2factor authentication. Its one of the reasons i avoid Authy

[jeroenleenarts]

Making it an opt-in feature could be a good idea.