search

twofas / 2fas-ios

Source code for 2FAS iOS app
GNU General Public License v3.0
479 stars 35 forks source link

Are Secret keys saved and synced in iCloud encrypted? #78

Closed toyo2333 closed 5 months ago

toyo2333 commented 5 months ago

i know that the export feature support set a password。but i want to know :Are Secret keys saved and synced in iCloud encrypted?

tavern2782 commented 5 months ago

The community 100% absolutely needs an answer on this.

@2fas-com @adocyn

toyo2333 commented 5 months ago

i know that the export feature support set a password。but i want to know :Are Secret keys saved and synced in iCloud encrypted?

I am using Enpass to sync my password. The vault synced by the Onedrive or Goolge Drive is encrypted by Enpass. This is the right way.

tavern2782 commented 5 months ago

I am using Enpass to sync my password. The vault synced by the Onedrive or Goolge Drive is encrypted by Enpass. This is the right way.

....no, that is NOT the right way. This functionality should be contained within 2FAS. You can't honestly expect any user to follow such a complicated procedure and risk doing something wrong when Apple provides an API that supports this exact functionality. Please, stop commenting if you're going to suggest such nonsense.

toyo2333 commented 5 months ago

I am using Enpass to sync my password. The vault synced by the Onedrive or Goolge Drive is encrypted by Enpass. This is the right way.

....no, that is NOT the right way. This functionality should be contained within 2FAS. You can't honestly expect any user to follow such a complicated procedure and risk doing something wrong when Apple provides an API that supports this exact functionality. Please, stop commenting if you're going to suggest such nonsense.

If iCloud synchronization is enough to ensure the privacy of data, then there is no problem with not performing additional encryption. If one day 2FAS supports Onedrive backup, then the unencrypted key can be directly viewed in the cloud drive. I am not a developer, I am just judging this issue based on my daily experience. Whether it is adopted or not is the developer's own consideration. If Onedrive does not provide private application data isolation space, there is no need to make changes to support it.

Calling open and constructive discussions in open source projects "nonsense" is enough to demonstrate your quality.

KobeW50 commented 5 months ago

Refer to https://github.com/twofas/2fas-ios/issues/43#issuecomment-1738605656