Export token possible ?

[martux69]

Hi,
I have to switch from one mobile phone to another. Is it possible to transfer the tokens from the old one to new one (eg. export function or file copy, similar to freeOTP or freeotp+) ?
Kind regards
Martin

[cornelinux]

No, this is not possible. And we do not plan to support this. While this might seem nice for the educated end user, this has huge security implications for enterprise use, where the grand father will give his old smartphone to the grand children without deleting anything. This way the company can not control, if there are duplicates of comprised 2nd factors.

We could add a paramter during enrollment like not_exportable. I think we once thought about this. But this far from being anywhere on the roadmap.

[linuxchips]

Hi,
I do not think adding not_exportable to the uri is feasible. unless this affects the otp codes in someway.
one can scan the uri with any scanner, remove the not_exportable and generate a new qr to scan in the app.
and you will not be able to control any thing no more.

[plettich]

one can scan the uri with any scanner, remove the not_exportable and generate a new qr to scan in the app.
and you will not be able to control any thing no more.

But again that would require an "educated user".