Aegis icon indicating copy to clipboard operation
Aegis copied to clipboard
verified publisher icon beemdevelopment

Warning banner for individual 2FA entry exports

Open jonod8698 opened this issue 3 years ago • 2 comments

When the "Transfer Entries" feature is used, it would be useful it a persistent warning banner shows for a few days, similar to #132 which triggers on full exports in plaintext.

It's unavoidable to sometimes provide access to your phone (customs, police etc). In those cases you'd want to know if individual 2FA codes were exported.

I realise the Aegis app requires authentication to access it and locks with the phone. This feature would account for scenarios where users might not opt into encrypting the vault.

jonod8698 avatar Dec 24 '22 06:12 jonod8698

Thanks for the suggestion. Google Authenticator has something similar. It's an interesting idea, but perhaps we can think of something a bit broader to cover all bases, not just the usage of "Transfer entries".

For example: We could also keep an audit log of every time the app was opened/unlocked. The reason being: If you give your unlocked phone to a someone else, then get it back and see a new entry in the audit log, you'll probably want to go ahead and reset all of your 2FA anyway, regardless of whether any entries were exported.

alexbakker avatar Dec 24 '22 13:12 alexbakker

I agree, an audit log could cover more scenarios:

  • transfer entries
  • reveal individual 2FA code (too verbose?)
  • export vault (encrypted/plaintext)
  • app open, success/failed authentication

A warning banner for "Transfer entries" is useful to warn users who aren't checking their audit log regularly.

jonod8698 avatar Dec 27 '22 02:12 jonod8698