The Problem
Currently there a 2 scenarios which cause trouble to the user:
- User looses access to their device (stolen, broken, lost etc.): If a 2nd factor is set up, a user need to manually login in their institution MFA settings and rollout a token on the new device. Otherwise the institution support needs to be contacted to reset the account.
- User migrates to a new device: The user needs to login in the institution MFA settings with the old device or a 2nd factor (if applicable) and needs to rollout a new token on the new device
Implementation Challenges
Besides how it will be implemented, any implementation either sacrifices on security or usability.
Cloud backup is convenient, but less secure. We can leverage it with encryption, but this makes it less convenient, since the user need to store another secret. (e.g. password)
Another challenge is device migration itself. Do we offer support for multiple devices? If so, it would bring further challenges including what happens to the 2nd device if another one already accepted a challenge.
Possible Implementation
We could offer something similar to 2FAS. As a basis we offer file based backup. This allows exporting and importing backups. Additionally we may offer opt-in cloud-based backup with native providers including iCloud and Google Drive. Another opt-in could be a password that encrypts the data. This passes the responsibility on how much security and ease of use the user wants.
The Problem
Currently there a 2 scenarios which cause trouble to the user:
Implementation Challenges
Besides how it will be implemented, any implementation either sacrifices on security or usability.
Cloud backup is convenient, but less secure. We can leverage it with encryption, but this makes it less convenient, since the user need to store another secret. (e.g. password)
Another challenge is device migration itself. Do we offer support for multiple devices? If so, it would bring further challenges including what happens to the 2nd device if another one already accepted a challenge.
Possible Implementation
We could offer something similar to 2FAS. As a basis we offer file based backup. This allows exporting and importing backups. Additionally we may offer opt-in cloud-based backup with native providers including iCloud and Google Drive. Another opt-in could be a password that encrypts the data. This passes the responsibility on how much security and ease of use the user wants.