[RFE] Have a setting to show all token codes right away without an extra tap

[npmccallum]

Reported by dpal on 21 May 2014 18:40 UTC
Comes from FreeOTP feedback.

[npmccallum]

Comment by npmccallum on 28 Jul 2014 18:05 UTC
This is a very bad idea from both the security perspective and from the battery drain perspective. I don't think the benefit is worth the added complexity.

[npmccallum]

Comment by vinaur on 28 Aug 2014 00:11 UTC
I just want to understand the security considerations here for not providing this option. The concern is that someone who already knows my password for some service is going to look over my shoulder, see a TOTP code for the service that I'm not currently interested in (since the one I'm interested in I will reveal anyway), and will be able to authenticate within 1 minute (typical 30 second timestep, plus an additional timestep typically allowed by the authentication server)? I can conceive a scenario where this could be a concern, but I can also confidently say that this would not be a concern for me (and I'm sure that's the case for a lot of other users).

I also don't understand the battery drain concern, since the TOTP generation should only happen while the app is active.

[npmccallum]

Modified by vinaur on 28 Aug 2014 00:17 UTC