Sunday, September 27, 2020

iCloud backup and my lost authenticator codes

When my local Apple store tech was unable to remove the battery from my iPhone 8 they gave me a new device -- which was SIM locked to AT&T.

Well, everyone has to start somewhere, including Apple techs. Hope they improve soon.

Anyway, between the initial restore and the factory reset to clear the SIM lock I've been through two iCloud restores in the past week.

iCloud restores kind of suck now. I think they worked better a few years ago. The good news is that my photos were restored (I don't use Apple Photos/iCloud so I needed that backup). The bad news is that so many apps needed credentials reentered or new certificates generated -- especially when doing a restore after a hardware change.

The worst news is that Google Authenticator lost my authenticator codes. As near as I can tell they are restored from iCloud if the hardware is unchanged, but not if the hardware changes. Or maybe it's a bug. Whatever the reason, I lost 'em. 

It was suspiciously easy to regenerate Authenticator codes for my Microsoft account. Not too hard for Google either, because  they've moved to preferring an Apple-like proprietary two factor authentication mechanism. It is a bummer for Dreamhost though -- so now I'm going through support to try to recover access to my domains and web content.

It's hard to reconcile security and backup/restore. For example, Google Wallet and your biometrics (finger/face) aren't backed up either. On the other hand your Keychain credentials are in iCloud, and anyone who can get into your iPhone can read all of your passwords (try: "Hey Siri, Show me my passwords" or see Apple's hidden password manager). So your 4 digit Apple device passcode is not a great idea.

PS. I'm storing Authenticator codes in 1Password now. Which, like most small company software, has its own security concerns, not least that it would be relatively easy for China, say, to acquire the company or insert a backdoor into the source code.

No comments: