nilsbehlen
commented
2 weeks ago Hi, the problem is that allowing backup is equal to uncontrolled duplication. that is why we are currently so restrictive on that topic. however, we know that this is a issue with endusers, so we are always looking for ways to improve (see tokencontainers). Loosing a token does not have to be a problem if proper processes are in place to get a new one. it is just easier to put the responsibility on the end user.
PrivacyIDEA is listen on my device (usind SeedVault) under "Apps that do not allow data backup". I also confirmed that in the metadata of the app.
Loosing 2FA tokens is a serious problem. Therefore I think disallowing users to back up their tokens is not a good idea.