Don't include Smartphone enrollments as part of backed up app data for NetIQ Advanced Authentication mobile apps

Idea ID 2786091

Don't include Smartphone enrollments as part of backed up app data for NetIQ Advanced Authentication mobile apps

This behavior was observed when a user migrated from an older iPhone to a new iPhone but may also apply to Android devices.

Current situation: The Smartphone enrollments are included as part of the backup of app data when an iCloud backup is performed. When this backup is restored on a new device, the same enrollments from a previous device are still functional. An attacker that has access to a backup could 'clone' a Smartphone enrollment.

Desired situation: Smartphone enrollments are not included as part of the app's backed up data. This would require a user to have to re-enroll all Smartphone authenticators after restoring the backup on the same or a new device.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.