Isn’t the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don’t many two factor auth apps seem to support syncing? If it’s fine to do so, are there any open source cross platform apps that sync keys?

  • Monkey With A Shell
    link
    fedilink
    English
    26 months ago

    The hard part is securing the exported tokens in a way that you could quickly replace them in the event a device was lost/compromised. A good practice would be something like with Aegis you can have it save an encrypted export whenever you make a change and then sync that to an external location where you can re-import it from. Wiping them from the original lost device is another challenge in itself, but as I recall both Android and Apple have mechanisms where you can send a signal to remotely wipe the system.