I like the design, the website, the phone app, etc.
However, the desktop app does not feel right. Maybe I am missing something.
- Are the HMAC keys stored or synced to the desktop?
- Is there a password protection similar to the keychain to access these passwords?
If my desktop is hacked into and a key logger has my password as they usually do, it will now also be able to copy these one time passwords at will and use it frequently to log into my account.
I would prefer to use my laptop and a separate phone for my OTPs. I like the Google Authenticator app as it does nothing more than generate OTPs, no sync to server, etc..
"- Are the HMAC keys stored or synced to the desktop?
No, nothing is stored in the desktop. Everything remains on your phone."
"- Is there a password protection similar to the keychain to access these passwords?
We store the pair phone details on the keychain. But this is only the phone bluetooth id etc."
"If my desktop is hacked into and a key logger has my password as they usually do, it will now also be able to copy these one time passwords at will and use it frequently to log into my account."
However, the desktop app does not feel right. Maybe I am missing something.
- Are the HMAC keys stored or synced to the desktop?
- Is there a password protection similar to the keychain to access these passwords?
If my desktop is hacked into and a key logger has my password as they usually do, it will now also be able to copy these one time passwords at will and use it frequently to log into my account.
I would prefer to use my laptop and a separate phone for my OTPs. I like the Google Authenticator app as it does nothing more than generate OTPs, no sync to server, etc..