Comment #1 originally posted by fatboybb on 2012-08-14T08:51:49.000Z:

i have been discussing this with my buddies: if iCloud indeed is cloud-backup and allows to restore to unknown devices from any computer in the world (i am an Android user) then hackers from the world's-end with access to my icloud-account could restore my 2nd-factor-authentication secrets to their device and thus make 2fa irrelevant for all attached services.

not a good outcome.

Comment #2 originally posted by ParkerKuivila on 2012-08-14T09:20:45.000Z:

You can't access the iCloud backup unless you do a system restore. It's not accessible even by the user unless they transfer phone or wipe it first.

Comment #3 originally posted by ParkerKuivila on 2012-08-14T09:21:21.000Z:

And you can choose whether or not certain apps backup. I for one, am willing to risk it for myself

Comment #4 originally posted by adam@sherman.ca on 2012-12-11T16:18:57.000Z:

But isn't the point supposed to be that it is a second factor? e.g. if a black hat manages to restore your token(s), they shouldn't also have your password(s)? Losing my tokens was a major PITA for me, some services are very difficult to access without them.

Comment #5 originally posted by peter.urda on 2013-06-04T01:23:45.000Z:

Allowing the application to be backed up to iCloud is a clear security risk. This should not even be an option left open for a user to enable. What if a user's password is compromised, and they happened to (foolishly) use the same iCloud password as their Google password?

Well a restore can be triggered on a new iDevice, and then they have access to your codes (which are supposed to be SECRET to you only).

These codes are much like a PGP key, and should be safe guarded and only kept within immediate control of the end user. Uploading them as an iCloud backup breaks this safety design, as they can be re-downloaded later.

Users need to take PRECAUTIONS such as providing a mobile number, securing backup codes, or emergency keys to gain access to systems that are using two factor authentication.

This should not even be considered an issue.

Comment #6 originally posted by bankowski on 2013-06-04T07:10:16.000Z:

@peter.u...@gmail.com "These codes are much like a PGP key, and should be safe guarded" - Agreed, so there should be a way to export those codes and than import them back after the restore.

Right now the codes are embedded in the device but once they are stored the user effectively loses control over them so your statement "kept within immediate control of the end user." is clearly not fulfilled.

Right now the backup/restore scenario for Google Authenticator is broken.
Kindly please, give the user an option to manage those codes.

Comment #7 originally posted by mccabe@orchardbrands.com on 2013-06-28T13:47:32.000Z:

I would like to see this ability as well. Totally disagree with Peter. It doesn't matter what your second factor is in any two-factor scenario.

There is a chance you could lose a key fob as well, which in and of itself isn't a major security issue. That's why we have two-factor to begin with- just in case one half gets compromised, all is not lost. the Google Authenticator factor is not "A secret to you"- it is "Something you have", and that's all. Your username and password are "Something you know". If an attacker gets one of your factors, you're still okay.

At least with an iCloud backup, we would be empowered to restore or own keys. If necessary, we could then access our accounts to change the second factor without having to call all of our providers to get us access again.

Comment #8 originally posted by arthur@getninjas.com.br on 2013-07-16T22:47:56.000Z:

What if my iPhone is stolen? I can easily remotely wipe it, but I can't have access to those tokens anymore.

That's not a clear problem with Google accounts since you can use https://accounts.google.com/SmsAuthConfig to move your token to another device using one of your backup codes. But it's a problem with other accounts. I have exactly this problem right now.

I had a token for an Amazon AWS account (which don't provide backup codes) and my phone was stolen. I restored my backup to another phone, but the Google Authenticator tokens weren't there. Now I can't access my Amazon account at all. I got access to other accounts (Google, Dropbox, etc) since they had backup codes. But not with Amazon.

Is this a desired effect of using 2-factor auth? Should those tokens never be backed-up? If yes, for me that's a serious problem. And I'm not willing to use 2-factor auth again. At least with those services that don't provide backup codes.

That's why I think iCloud backup is absolutely needed.

Comment #9 originally posted by rootstyle on 2013-09-09T14:00:50.000Z:

I vote that it should never be backed up, it opens quite a large security hole. Personally I just picked up a used iPod touch, added all of my tokens to it, and left it fully charged and off in a safe. $50 contingency plan against a lost/stolen/wiped iPhone.

Comment #10 originally posted by bankowski on 2013-09-09T15:40:22.000Z:

There should be and import/export feature. Does not have to be to iCloud. Make it a simple file/email interface and that will do it.

Comment #11 originally posted by roman.rev on 2014-01-16T04:21:07.000Z:

While this presumingly simple feature request has been drugged over the years, there's already a better product on the market: Authy that allows one not only to backup and restore all Google-Auth-like accounts (OTP tokens), but also to reset a device once it's lost or transfer all accounts to another device as well as using multiple devices at once.
I am now starting to observe this behaviour over and over with a lot of Google products: once innovative and awesome, a product does not get updated and goes stale while other would pick up the trend and do something better.

Comment #12 originally posted by chris@levelview.com on 2014-02-02T01:34:25.000Z:

We trust the iPhone to store credit card numbers and passwords in its keychain. If the codes are stored in the keychain, as they should be to prevent a physical attack of a locked device, then there is no danger backing them up to iCloud since the entire keychain is encrypted with the secure store keys burned into the CPU SOC. They will only ever restore to the same device. This is why passwords from iCloud backups and unencrypted iTunes backups do not restore to other devices. If they did, that would mean compromise of the 1st factor!

Comment #13 originally posted by rwebb626 on 2014-06-27T01:11:42.000Z:

Regardless of what you think is best practice or the safest thing to do is.

The end user has no freaking control of backing up these at all!

The end user should be given the option of how, and if they want to back it up period.

Comment #14 originally posted by roman.rev on 2014-06-27T01:20:38.000Z:

As per my previous comment, just use Authy instead and forget about G. Authenticator. This app is dead.

this app is dead!!!!!

Great contribution to the thread there, buddy.

Here's a relevant related bug.

This feature is life saver. I understand this feature would reduce the security but remember that some of us are not "President or VVIP". Our enemy is just random hacker or someone who have bad faith. Please add this feature for the sake of completeness. Thanks a lot.

First of all I'll insert the standard canned response:

--
FYI: The version in Google Play Store / Apple App store is not the same as this opensource version. They've diverged. This opensource version is also unlikely to end up in the app stores. This open source version doesn't get much love, but I'll accept well-written pull requests. But don't expect this feature to be implemented by Google.

--

Second: I'm unlikely to design and add a feature I'm sceptical about. If someone else does and sends a pull request they it may be merged, subject to discussion on the other bug.

This should be high priority since the crypto currencies became popular and most of the wallets etc may require Google Authenticator.

Personal opinion and (as always) not representing my employer:

--

I'll pretend you didn't say that, since I consider crypto currencies to be perhaps the most evil thing that's come out of the Internet, and I that dealing with bitcoin to be a moral failing.

The honest and good use cases are quite sufficient, thank you.

@ThomasHabets Did the Apple App store version really implemented iCloud backups? Just restored a from a backup and all the accounts are there. Isn't this a huge security problem? Couldn't find anything official from Google on the topic. You know more?

@csshsh I have no insight on that.

@csshsh Whwn you restore from a iCloud backup it restores to a point tha still has your app data and keys. If you do a clean wipe of phone and reinstall some app data can be restored from iCloud.