Factor2 is an
aggressively simple,
standards-based
authenticator
for iOS.

Factor2 is an aggressivly simple,
standards-based authenticator for iOS.

How does Factor2 handle backing up?

Multi-factor authentication keys are hard to replace. Backing them up is important.

iOS devices already have two robust backup solutions: iCloud and iTunes backups. Factor2 can be backed up using either of these methods.

The problem

The iOS keychain is a place on the system, provided to apps, to store sensitive or secure data. During day to day use, Factor2 stores all of your multi-factor authentication keys in the keychain.

When you run an iCloud or iTunes backup, the iOS keychain is backed up, but the backup is cryptographically tied to the device that created it.

This means that if you backup your iPhone, and restore your backup to the same phone, you’re good to go. Your keychain is restored, and all your passwords and sensitive data, including Factor2’s keys will be right back where you left them.

But, if you break or lose your current phone, and restore your backup to a different phone, you’re out of luck. Your keychain and the data it contained are gone forever.

(Apple has a great, geeky white paper on iPhone security, including backup security.)

The solution

Factor2 works within this limitation by creating an encrypted copy of all of its sensitive data in a place that will be backed up and restored by iCloud & iTunes.

This file is encrypted using a special recovery password that you create the first time you add a key to Factor2.

It’s important to note, the recovery password is not used to access a web service or store your Factor2 data online. The recovery password is only used to create an encryption key that encrypts the Factor2 backup that lives on your phone. (And, by extension, also lives in your iCloud/iTunes backups.)

When Factor2 finds that its keychain is missing—for example, the first time you run Factor2 after you restore a brand new phone from iCloud—it asks for the recovery password, decrypts the backup file, and restores all your keys back into the keychain.

This solution gives you the best of both worlds: you can backup Factor2 using the familiar iCloud or iTunes backup system you’re already using, but because the backup is encrypted and you set the key, you’re still in complete control.