My laptop, which contains all this secret information, is way, way more secure than my phone. There's the boot decrypt password, login password, then gpg password. My phone has ... A pin.
And besides, this is fine as an archived backup in case someone loses their phone. It just so happens it's faster for me to xsel the output of oathtool than it is to unlock my phone, open app, select account, and remember code, esp because I live in the terminal anyway.
Android phones are encrypted by default, but for encryption, they use the same PIN as your lock screen. There's some command you could run to replace it with a strong password while keeping screen lock PIN simple, but it didn't work for me last time I tried.
> Surely the data is encrypted using a 128 bit key or better
I think so, yeah.
> and the key is stored on some secure enclave which rate limits PIN entries, is it not?
That – I'm not so sure about. I didn't really think about it too much before you pointed it out, but it would make sense for the Android floks to have implemented it. I'll look into it a bit later!
And besides, this is fine as an archived backup in case someone loses their phone. It just so happens it's faster for me to xsel the output of oathtool than it is to unlock my phone, open app, select account, and remember code, esp because I live in the terminal anyway.