One time password Authenticator - Mobile App?

[RolandDebreton]

The phone that is able to download an app is by definition online and therefore can be hacked/compromised/etc. Your keychain can't.

Never underestimate the security of an air gap.

This guy - the point of the keyfob things is that they are not part of the grid.

[Delsus]

This guy - the point of the keyfob things is that they are not part of the grid.

We have been through this and concluded that the security risk is minimal because of security software, apps needing permissions to interact with eachother, remote lock and wipe etc etc etc.

The reason we have keyfobs is not because they have no internet access but they are not connected to your PC so malware cannot access the OTP and FFXIV client at the same time, I don't know about iPhone, Windows phone, blackberry OS and Symbian but Android has security inplace, the FFXIV app will not need network access so it will not use it, if it doesn't have the network access permission it is impossible for it to access the internet, this is deep inside the android framework and system files need to be replaced (another permission needed) to overcome it.

I believe apps need permissions to interact so a hacker could not use another app to influance or spy on an authenticator app, and it would flag up on decent security apps, the risk is minimal if existant at all.