Comment #5 on issue 247 by g1adrift: How to transfer data/backup when
switching handsets?
http://code.google.com/p/google-authenticator/issues/detail?id=247
Would it be at all possible to use Google as an intermediary for
transferring all TOTP secret keys stored in g-a to a new device? The app
does have Internet permissions, so it wouldn't need to add a new permission.
I envision it would work exactly like the phone transfer mechanism works
(which I haven not yet tried), but also acquires an encrypted copy of the
secret keys from the mobile app over the Internet. The encryption key could
be exchanged by the two devices visually, via QR code. Google would provide
the transfer authorization (by authenticating the user through the web).
The only attack vector (aside from physically having the devices in hand) I
can see here is a MITM attack where someone fakes the Google server. In
this case, the attacker would still not be able to extract the TOTP keys as
the encryption key protecting the data transfer is exchanged offline.
I suppose you do add a possibility of someone having access to both your
device and Google account (say, by a unlocked laptop), cloning your secret
keys without your knowledge. To mitigate that, you could add a
self-destruct mechanism to it in order to ensure that there are only one
copy of the secret keys.
As a user of the authenticator for 7 different services (one is Google), I
do find it frustrating that I need to go through a lot of effort to migrate
to a new phone.