Encrypted database for authenticator? RRS feed

  • Question

  • Hello,

    I've searched in the web and in this forum to find some information about the encryption of the MS Authentificators database. Especially the Apps of Android and iOS.

    I assume, there is no encryption to protect the secret keys, isn't it?

    Is someone here who has more information?


    Friday, March 9, 2018 2:21 PM

All replies

  • Hi Lutz99, 

    On iOS, we encrypt the data and store in the iOS secure enclave. On Android, we do a best effort to encrypt, but because we are backwards compatible all the way back to flavors Android OS & hardware, we do not enforce yet. (Meaning, if a user tries to adds an account on an Android phone without hardware or software encryption, we do not prevent them.) 

    Hope this answers your question, 


    Wednesday, April 4, 2018 7:49 PM
  • Hi Libby,

    thanks for your answer. I'm not sure, if I understand everything. 

    The data of the authenticator app is encrypted,  when the storage of the device is encrypted. But the app doesn't has an encrypted database for the secret keys. Is that right?


    Wednesday, April 4, 2018 9:09 PM
  • hi @Libby Brown,

    sorry to insist but I don't think it's enough. Your information are stored in icloud. There should be an additionnal password to encrypt the backup even if you store it originally in the secure enclave. When exported to icloud, those sensitive information should be reencrypted with a password associated to enough entropy to be sure to be secure.

    Friday, February 15, 2019 9:04 AM