Add option to allow iCloud passwords synchronisation

[kikeenrique]

Hi, I would like to be able to toggle a button that would allow 2nd factor codes to be synchronise across iCloud. That would allow to have two kind of saved codes:

• Current. A local and not synchronised. That is preserved with encrypted and iCloud backups.
• New codes. Setting a flag that would synchronise across iCloud. Allowing to have any device (iPhone, iPad or Mac) using codes.

Would it be feasible?

[AlexCaswen]

Hello kikeenrique,

Hello,

The philosophy behind the current app is explained by the backup screen in the app:

Syncing your secret tokens to other devices would invalidate the posession factor, introducing the possibility of an attacker stealing your secret tokens without having physical access to your phone. The same holds true for cloud-based backups. To maintain the security of keeping the tokens limited to a physical device, the tokens follow the same backup rules as other passwords saved in the iOS keychain – they are only included in a backup if that backup is encrypted.

This philosophy made sense when 2FA was used with a physical keychain token such as RSA SecuID's, that was it's one job, and you could have the same one for as long as it's battery lasted, which could be up to 5 years. Most people change or upgrade their phones every 2 years, with some people getting a new one every year. Not only that, but less and less people use, let alone have, a Desktop MacOS computer. So the technology environment context assumed by the philosophy has changed.

If someone doesn't have a Desktop computer, what are they supposed to do?

Maybe you can setup iCloud Keychain?

The problem here is that you need to use Apple 2FA in order to use iCloud Keychain. Apple requires Apple 2FA to be enabled on your AppleID in order to have encrypted iCloud content. Apple 2FA requires either a 'trusted device' or a 'trusted number' to work. If someone has any other additional Apple product such as an Apple Watch or iPad, this would work.

If they only have one device and switch to a new one, during the transfer process the new device becomes a 'trusted device' and assuming that they previously turned on iCloud Keychain, the secrets could be transferred. The problem is this would allow multiple physical devices to have legitimate 2FA codes being generated which is not good for security.

But if the person has setup a 'trusted number' for their AppleID now they are vulnerable to a Sim swap attack.

Ultimately I see the tension as this: The Authenticator App in it's current form was intended for professional users with a high expectation of both familiarity and access to technology. There are many issues on this GitHub from consumer level users of the app who probably don't have the same risk profile of professional users and yet have suffered because they chose to use this app instead of google Authenticator, Authy, or any of the other non-open source options that are more geared to consumers.

I don't want this app to just become another consumer 2FA app, but there should be warnings or something to make it more user friendly for people less familiar with technology.