yubioath-android
yubioath-android copied to clipboard
Yubico
All authentication codes disappeared
While I was using the authenticator all of my codes disappeared. The entire library simply vanished. My phone had previously been hacked and I suspect it was hacked again and the hacker did something to cause the library to go away. Is there a way to backup the library of codes? Do you have an online option that does an automatic sync (that would be ideal)? I don't think you do, so please tell me how to perform a backup. Having a backup allowing me to store codes outside my phone is also critical if I need to reset my phone.
Thanks
By design the secrets, once stored on the YubiKey, cannot be extracted (and thus no backup can be made). One common method of backing up credentials is to keep a copy of the QR code (or the base32 encoded secret) which is visible at time of adding the credential, in a safe place.
That said, I'd recommend downloading Yubico Authenticator for desktop to see if the codes show up there, it might be an issue with the mobile app.
I have discovered why my codes disappeared. I have multiple yubikeys. I had inadvertently used a different yubikey and since no codes were stored on it all of the credentials on the screen disappeared. When I used the correct yubikey all the credentials reappeared.
However, thank you for your thoughtful and detailed response. I was not aware that the credentials were being stored on the yubikey. I had thought the credentials were being stored in the authenticator data and that the yubikey simply authorized the credentials and codes to be shown. This means no backup of the application and its data are required. I just need to make sure I never loose my yibikey hahaha. On that note, is there anywayto duplicate the codes stored in one yubikey to another yubikey? That would allow me to use the extra yubikeys as backup incase something happened to the original. Thank you.
It's possible to add the same credential to more than one YubiKey, but only at the time of setup (while you have access to the QR code). If you have both YubiKeys available, you can add it first to one YubiKey, then add it again to the second YubiKey, before completing the setup by providing an OTP to the website. Alternatively you can save the QR code itself (or just the base32 encoded secret value for manual entry) to later add it to a second YubiKey, but you then have to take care to keep that QR code safe.
I head a similar problem.
I somehow ended up with the Yubikey flooding the android search field with random letters and then all authentication codes disappeared and didn't want to reappear even when un- and re-connecting the Yubikey (USB-C). But then disconnecting it and giving the app a moment (potentially closed in background?) fixed that.
Anyway while this was a bit confusing it's seems to not be a problem. I wonder if there is some UI/UX way to reduce confusing for less technical users :thinking: .
Just an random idea:
Maybe put a blue underlined Help! below the gray Tap or insert your YubiKey which does open a modal screen with simple question & answer trouble shooting guid like:
- I'm not seeing any key entries!
- Do you have an USB key?
- Did you connect id.
- Try disconnecting waiting a moment and reconnect it.
- Try disconnecting closing the app and the reconnection.
- Do you have an NFC key?
- ...NFC specific trouble shooting guide
- Do you have an USB key?
This could be on a website with Help! linking to it (opening it in the default browser).
Sorry for the late response. The development of the app moved to https://github.com/Yubico/yubioath-flutter and we have released a new version of the app (6.0.0) that might solve this issue - try it out. Please report any new issues in the new repository.
