> You're ignoring that the main TOTP app for most people, Google Authenticator, doesn't allow the keys to be exported. The current solution if you buy a new phone is to manually remove and re-add 2FA on every site you use it with.
I'm not ignoring that at all. Google Authenticator is the only one I use, even with the described workflow.
I back the key up immediately, when they're asking you to save the TOTP. They usually (not always!) give you multiple methods to input the TOTP, such as scanning an image or typing in a string. That string can be backed up, and is what I usually use.
I never renew my TOTP, and all I use is Google Authenticator. Anytime I get a new phone (nearly every year, heh), I just add my TOTPs back.
This of course doesn't work for non-tech people, it's a bit too manual. I acknowledged that in my first post, though.
I'm not ignoring that at all. Google Authenticator is the only one I use, even with the described workflow.
I back the key up immediately, when they're asking you to save the TOTP. They usually (not always!) give you multiple methods to input the TOTP, such as scanning an image or typing in a string. That string can be backed up, and is what I usually use.
I never renew my TOTP, and all I use is Google Authenticator. Anytime I get a new phone (nearly every year, heh), I just add my TOTPs back.
This of course doesn't work for non-tech people, it's a bit too manual. I acknowledged that in my first post, though.