Yesterday, I accidentally removed an authenticator app from my phone. Fortunately, I have another copy of the app on a different device. It made me realize how easy it is to lock myself out of my accounts. Do you think it’s a good idea to create a Windows VM with an Android emulator on it and install copies of all my authenticator apps, this will not cause any security issues?
Sane MFA apps explicitly disallow their data from being backed up. That would be a massive attack vector if it was possible.
Which is exceedingly dumb IMHO. Sure it would be a vector, but it’s a vector to something that should be an additional step to username and password. Idk, I use vaultwarden and find myself worrying less about “what if?”. I’m also enabling TOTP far more often now that I can easily add it to my phone and have it sync to other systems.