I'm working on an open source iOS-native (both UX- and implementation-wise) 2FA app. Two of primary goals for the project are ensuring security and simple backups. Addressing these two areas is the last blocker before the release.
I'd like to ask you for your opinion and advice regarding the scheme I devised for the app. I'm not a cryptographer, and the amount of key wrapping in the scheme makes me feel I'm overcomplicating it.
My assumptions are:
- Assuming password manager use, with strong and unique passwords for each service.
- If service A gets compromised then, due to password uniqueness, other services aren't at risk.
- If my computer or my password manager gets compromised then the attacker would still need my phone, so the accounts protected with app-based 2FA would be safe.
- If my phone has access to the password manager then its compromise may put all services at risk, as the attecker would have access to both passwords and 2FA secrets.
- Making 2FA secrets synchronizable via iCloud would make them appear on my Mac, compromising security in case of the scenario from point 3.
I'm considering the following scheme:
- On first launch, the app generates a master key and stores it as a non-synchronizable Keychain item.
- 2FA secrets are encrypted with the master key and stored as synchronizable Keychain items. It won't harm they're accessible on my Mac, as the master key is stored on my phone. iCloud is part of the backup mechanism.
- The only remaining piece that needs to be backed up is the master key. The app could show the key, so that the user can write it down. That master key copy is the other part of the backup mechanism.
- When transferring to a new phone, 2FA secrets would be synced via iCloud, and the user would need to type in the master key (or scan it from a QR code shown by the app on the old device).
Alternatively, Secure Enclave and biometric authentication could be involved in step 1 turning the authentication scheme from "something you have" to "something you are": I'd need to create an extra key (bio key) in step 0 and use it to encrypt the master key. If the bio key could be used instead of the master key it would force reencryption of all 2FA secrets when transferring devices (Secure Enclave keys cannot be transferred). It seems this would reduce the risk of attacks on the phone itself.
Questions:
- The bio key encrypts the master key; the master key encrypts the data; the encrypted data is further encrypted by Keychain. Is there a simpler implementation that is equally secure, easy to back up and transfer between devices?
- Is bio+master more secure than master-only, especially in case of attacks on the phone itself?
- What are iOS-specific implementation details to keep in mind?
Thank you!