Skip to content

Implement backup and device migration #5

Description

@Luc1412

The Problem

Currently there a 2 scenarios which cause trouble to the user:

  1. User looses access to their device (stolen, broken, lost etc.): If a 2nd factor is set up, a user need to manually login in their institution MFA settings and rollout a token on the new device. Otherwise the institution support needs to be contacted to reset the account.
  2. User migrates to a new device: The user needs to login in the institution MFA settings with the old device or a 2nd factor (if applicable) and needs to rollout a new token on the new device

Implementation Challenges

Besides how it will be implemented, any implementation either sacrifices on security or usability.
Cloud backup is convenient, but less secure. We can leverage it with encryption, but this makes it less convenient, since the user need to store another secret. (e.g. password)

Another challenge is device migration itself. Do we offer support for multiple devices? If so, it would bring further challenges including what happens to the 2nd device if another one already accepted a challenge.

Possible Implementation

We could offer something similar to 2FAS. As a basis we offer file based backup. This allows exporting and importing backups. Additionally we may offer opt-in cloud-based backup with native providers including iCloud and Google Drive. Another opt-in could be a password that encrypts the data. This passes the responsibility on how much security and ease of use the user wants.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions