Advanced Authentication (AAf): Don't include Smartphone enrollments as part of backed up app data for NetIQ Advanced Authentication mobile apps

This behavior was observed when a user migrated from an older iPhone to a new iPhone but may also apply to Android devices.

Current situation: The Smartphone enrollments are included as part of the backup of app data when an iCloud backup is performed. When this backup is restored on a new device, the same enrollments from a previous device are still functional. An attacker that has access to a backup could 'clone' a Smartphone enrollment.

Desired situation: Smartphone enrollments are not included as part of the app's backed up data. This would require a user to have to re-enroll all Smartphone authenticators after restoring the backup on the same or a new device.

by: Tim S. | over a year ago | Configuration

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

4

Don't include Smartphone enrollments as part of backed up app data for NetIQ Advanced Authentication mobile apps

Comments